As a professional software dev, I worked with pretty much every OS daily. My personal computer was a Windows, my work laptop was a Mac, and I ran my code on Linux so I was familiar with the things I liked and disliked about each. I also ran my own set of server with my websites, mail servers, and various research projects to learn and grow.

Then I decided it was time to order a new laptop and I didn’t want to go to Windows 11 because I felt Microsoft was going too much into features I didn’t want like Ads, more tracking, pushing AI. Don’t get me wrong, I like AI, but it was too much about forcing me to use it to justify their stock valuations.

I also was working on reducing my usage of big tech, setting up self hosted services like pi-hole, Home Assistant, starting to work my own Mint alternative. It just felt natural to get a Framework laptop and try running Linux on it.

I still have a Windows desktop for games and other things, I still use Mac at work. I still like the Mac for it’s power efficiency and it doesn’t get as hot. Linux has some annoyances here and there, like dbus locking up, or weird GNOME issues, or for a while my screen would artifact until set some kernel params, or the fact that my wifi card would crash and I had to replace it with an Intel card, but I’ll stick with it.

I actually have a double sided male A cable. I was shocked when I got it but I have this laptop cooler that has two A ports on it, presumably to allow a pass through but I’m always nervous that I’ll plug it in and fry something.

You can sign into multiple accounts into the same website in different tabs. I use this to be able to sign into many different AWS accounts for work where AWS doesn’t natively support this.

Do the services themselves have any logs? Do you have a reverse proxy? Does it provide any logs? 503 means something received the request and tried to pass it on so something should have logs.

I think this a problem with applications with a privacy focused user basis. It becomes very black and white where any type of information being sent somewhere is bad. I respect that some people have that opinion and more power to them, but being pragmatic about this is important. I personally disabled this flag, and I recognize how this is edging into a risky area, but I also recognize that the Mozilla CTO is somewhat correct and if we have the option between a browser that blocks everything and one that is privacy-preserving (where users can still opt for the former), businesses are more likely to adopt the privacy-preserving standards and that benefits the vast majority of users.

Privacy is a scale. I’m all onboard with Firefox, I block tons of trackers and ads, I’m even somebody who uses NoScript and suffers the ramifications to due to ideology reasons, but I also enable telemetry in Firefox because I trust that usage metrics will benefit the product.

Why is telemetry useful or why is it needed to use pi-hole to block telemetry?

Telemetry is useful to know what features your customers use. While it’s great in theory to have product managers who dogfood and can act on everyone’s behalf, the reality is telemetry ensures your favorite feature keeps being maintained. It helps ensure the bugs you see get triaged and root caused.

Unfortunately telemetry has grown to mean too many things for different people. Telemetry can refer to feature usage, bug tracking, advertising, behavior tracking.

Is there evidence that even when you disable telemetry in Firefox it still reports telemetry? That seems like a strong claim for Firefox.

Things that can be composted are usually food waste or food spoiled papers not treated with chemicals. Paper is hard to recycle because it can only recycled into lower quality paper, frequently gets contaminated, and it’s hard to seperate out from everything else.

Thus if something is compostable I believe it’s better to compost than to recycle that same material.

Interesting. I just learned about Rye today. Has anybody tried it? Does it live up to the promise?

Totally. I used to contribute to Google maps quite a bit and got higher up in the Local Guides levels, but now I find myself contributing a lot to OSM. I feel a lot better about contributing to an open platform vs letting a company close up my changes.

I just haven’t made the switch to use it as a mobile client yet

NoScript enables you to enable or disable WebGL per site. If you don’t want to deal with the hassle of websites being broken, you can set the default to enable JS but disable WebGL then set applications to be trusted with WebGL.

Also, the law requires that publicly traded companies be greedy

The law doesn’t actually state you need screw over your customers and maximize profit. It says that executives have a fiduciary duty, which means they must act in the best interest of the shareholder, not themselves.

That does not mean they have to suck out every single dollar of profit. Executives have some leeway in this and can very easily explain that napkins lead to happier customers and longer term retention which means long term profits.

It’s purely a short-term, wall street driven, behavior also driven by executive pay being also based in stock so they’re incentivized to drive up the price over the next quarter so they can cash out.

Amazon corporate employees get RSUs which are stocks, not options. After the new hire RSUs go away, you end up with two vest dates a year and new comp offerings start the following year (so in 2024 you’ll see new money in 2025 plus a small base salary bump that goes in effect that month).

Tech salaries are frequently stock based, but Amazon’s is unusual in that it’s only twice a year, and bumps start the following year, and they recently made the change to do 2 year offers instead of 3 years.

Will I still need to consider multicast DNS if my DNS server is on-prem (Pi-Hole + Unbound)

Multicast DNS is separate from DNS, so even if you have Pi-Hole, you’d still have devices using mDNS. It’s possible to route mDNS across separate IP networks seeing as how there’s mDNS relays across VLANs which would suggest Wireguard could support Multicast. Other things use Broadcast (e.g. WoL) which is a bit more challenging to forward across IP networks.

I’m not familiar with GRE so I couldn’t comment on whether it’s possible or not. I guess it all depends on how confident you are with your networking skills. If you get it working, you should definitely document it and share with others.

I didn’t quite do what you did, but I ran HA in a Kubernetes cluster which was logically a separate IP network. I had to setup the container with multiple network interfaces and specially craft the route table to forward broadcasts + multicast traffic to the correct network.

This week I received a few capacitive soil sensors. I plan to hook up this and other sensors to a few ESP32s with WiFi and see if I can make a simple site with temperature and soil humidity charts for some of my plants.

I did this for awhile and it would work for a few weeks to a few months then the PCB substrate eventually corroded from to the soil. Putting nail polish all over the sensor helped for awhile but then it just didn’t work.

The comments here gave me a lot of ideas: https://hackaday.com/2021/05/17/soil-moisture-sensors-how-do-they-work/

Tailnet appears to be Tailscale which is Wireguard underneath. This means it operates at layer 3 (IP). However a bunch of smart home stuff (mDNS, WoL, etc) all depend on layer 2 connectivity (same subnet).

That means some stuff won’t work correctly.

Attestation depends on a few things:

1. The website has to choose to trust a given attestation provider. If Open Source Browser Attestation Provider X is known for freely handing out attestations then websites will just ignore them
2. The browser’s self-attestation. This is tricky part to implement. I haven’t looked at the WEI spec to see how this works, but ultimately it depends on code running on your machine identifying when it’s been modified. In theory, you can modify the browser however you want, but it’s likely that this code will be thoroughly obfuscated and regularly changing to make it hard to reverse engineer. In addition, there are CPU level systems like Intel SGX that provide secure enclaves to run code and a remote entity can verify that the code that ran in SGX was the same code that the remote entity intended to run.

If you’re on iOS or Android, there’s already strong OS level protections that a browser attestation can plugin to (like SafetyNet.)

What is your threat model or goal? It could hide the device you use to connect to the instance, however a lot of actions you do on Lemmy, including all upvotes, are public to other instances.

It’s not generally a hardware problem. It’s a resourcing problem. Companies like GitHub will have complex software and architecture. IPv6 requires them to get a pool of IP addresses, come up with an IP address management strategy, make sure all hosts have IPv6 addresses meaning that now provisioning systems and tooling to management DNS has to plumb IPv6 addresses through too.

Then the software stack has to support it. Maybe their fraud detection or auditing systems have to now support IPv6 which means changes to API schemas.

None of this is a good reason why they shouldn’t do it, but I’ve had to make similar decisions at my job as a software engineer on what looks to be simple but actually requires changes across systems.

Keepass2Android. I store everything in a KeePass database synced with OneDrive. I like KeePass because it serves as the storage for all my passwords, OTP, and even SSH keys because it can act as an SSH KeyAgent.

If I create a secondary config as you are suggesting, wouldn’t it create a conflict with the server blocks of default.conf

No, you can have multiple server blocks with the same listen directive. They just need to differ by their server_name and only one server block can contain default_server; Reference

NGINX will use the server_name directives to differentiate the different backend services. This is a class virtual host configuration model.