Former Reddfugee, found a new home on feddit.de. Server errors made me switch to discuss.tchncs.de. Now finally @ home on feddit.org.
Likes music, tech, programming, board games and video games. Oh… and coffee, lots of coffee!
I � Unicode!
I’m currently experimenting if I can convert my stack to rootless podman.
I found in my notes, that
A user-mode networking tool for unprivileged network namespaces must be installed on the machine in order for Podman to run in a rootless environment.
Podman supports two rootless networking tools: pasta (provided by passt) and slirp4netns.
Could this be your problem?
Taken from https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
If done correctly, those may only be open from the internet, but not from the local network. While SSH may only be available from your local network - or maybe only by the fixed IP of your PC. Other services may only be reachable, when coming from the correct VLAN (assuming you did segment your home network). Maybe your server can only access the internet, but not to the home network, so that an attacker has a harder time spreading into your home network (note: that’s only really meaningful, if it’s not a software firewall on that same server…)
Instead of thinking with layers, you should use think of Swiss cheese. Each slice of cheese has some holes - think of weaknesses in the defense (or intentional holes as you need a way to connect to the target legitimately). Putting several slices back to back (in random order and orientation) means that the way to penetrate all layers is not a simple straight way, but that you need to work around each layer.
…But will it run DOOM?
Phones, etc? Just sync to the mentioned Nextcloud, PC downloads from there and everything gets then into the aforementioned backups.
Homeserver? See “PC” above. With the caveat that some VMs/containers are not in the backup cycle, as they do not store any valuable data besides temp files, etc. For these, only things like docker compose files, custom config, ansible playbooks,… are in my backup.
If it’s loud, moving, can chase you and honks at you, then it’s an obnoxious goose a car
I connected it once, then set it in the router as „enable child protection -> disable internet access“, gave it a static IP address and also blacklisted that address on my pi hole so that DNS won’t work for it. Then I immediately disconnected it. The router recognizes the TV with its MAC address when it gets reconnected and immediately bans internet access when it gets reconnected.
They have no free time in the calendar that fits for all people. We should schedule a few meetings with several sub-groups of those people to commit to a time slot that fits all their calendars or to negotiate with them that they should clear their calendars for us!
Yeah, I’m also using a local resolver. But since I had some problems using another DHCP server (which was probably a problem on my end), so I’m current setting some devices in my FRITZ!box to a fixed IP and then enter that in my DNS server. If I could just skip the second part and tell the FRITZ!Box to just resolve printserver.example.com instead of printserver.fritz.box - that’d be nice. Maybe I should do another try with a DHCP server soon.
I really like them but they do have two downsides for “more advanced” users (or at least for me) - it is a home device as after all.
If you’re an advanced user, there’s plenty of ways around that, though. I just wished that these two thing were to exist in the firmware to have less work with my home infrastructure.
Same, I needed to expand my Wi-Fi and was to lazy to run an Ethernet and a power cable across the attic. I settled for two TP-Link EAP and a TP-Link managed switch that also provides PoE. You can run all three devices stand alone, but Omada is also quite nice - you can run it without using their cloud on your home server and even connect their app to your local controller.
Haven’t you noticed? Windows 11 24H2 got ported to an electron app
And that’s why it’s called “production environment” I guess
I don’t know the Immich API, but I’ve seen several REST APIs that used the usual pattern of
GET /api/v1/user/<id> - read user
POST /api/v1/user/ - create user
...
but also allowed
GET /api/v1/user/<id> - read user
GET /api/v1/user/?action=create - create user
...
I swear, I just need 4-5 more graphics cards to solve this!
Have you tried adding a few more kilobytes of regex?
Yes, it’s just Oracle - Temurin, Coretto,… are all safe.
Oracle offers (paid) support for its Java distribution, which might be why it’s still used by companies…
Worse yet. They switched licensing and costs several times and companies should prepare to get hit with new licensing fees:
When they introduced Java 17 (a LTS version), they published it under the NTFC license. This means, this version is usable for free, but only until the next LTS version has been out for a year.
On Sep 19th 2023, Java 21 was released another LTS version. That means, that Java 17 just switched from the NTFC license to the OTNLA license a few days ago - which means, Java 17 is supported until 2029 but you now need a paid license to use it.
Hope everyone upgraded to Java 21 or newer in time.
Unless you were the one writing the program and its error messages - then check, that you didn’t mess up there…
Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
Security technicians: takes a deep swig of whiskey I wish I had been born in the neolithic.