Indeed, and good points. How many users do you have? I assume this isn’t just for you, and setting up multiple nfs shares with tailscale access policies isn’t feasible. SMB might be the best play. I’ll have to refresh my memory on file sharing protocols
NFS for storage, tailscale / wireguard for access control?
Your current setting is the “loopback” address. You’re listening for traffic to this address, and the only thing that can send to the loopback is yourself. This is a safe default, it means only the computer running the software can talk to it. Generally 0.0.0.0 listens on all available addresses. If that doesn’t work, use your local / internal ip.
This ui smells like it’s trying to hide the implementation details, but that makes things extremely difficult when troubleshooting
I recommend 3.5s - they’ll be a little cheaper and a little more readily available. It’s also worth noting that sata drives can plug into your SAS controller, so you can use any and all 3.5” drives that you can find :)
You’ll want to learn the difference between SAS and SATA connectors. You can very probably use either. 3.5 inch is the “standard” size, while 2.5 inch was more popular for laptops. However, in the interest of density, servers started accepting 2.5 inch drives to fit more drives per rack.
You can get great deals on used sas drives on ebay, but if you don’t know how to monitor s.m.a.r.t. data / rebuild a zfs array, that can be very very risky. You need to be able to survive concurrent disk failures.
Honestly your best bet is brand new western digital or seagate drives. Buy them on amazon, but double check that the seller is legit. That’s it.
Networking is super simple - or at least it started out like that. Then we ran out of numbers, and had to invent nat. Then we invented ipv6, which has lots of numbers, but is unfathomably complicated.
I recommend learning about NAT / network address translation. NAT is not a stateful firewall, but acts kinda like one.
You can understand a stateful firewall by understanding the tcp handshake. TCP is hugely important. Don’t worry about fin_wait_2 and that nonsense, just get syn/synack/ack down.
People will brush off udp because it’s easier, but it’s also important.
Once you get NAT/stateful firewalls, I would look into wireguard. That’s the protocol underneath tailscale. Know that it wraps your tcp packets in an encrypted udp datagram. Then find out how tailscale sets up your wireguard connections without port forwarding - or don’t, as webrtc-style signaling is famously impossibly complicated.
Here’s what you should do - spin up all the services you want, but put them behind an nginx reverse proxy. Then put that behind a WAF. Getting those layers aligned will teach you a huge amount of useful stuff.
In general, don’t worry about hackers unless exposing a port to the internet. Then worry. Your router’s stateful firewall will do a good job until you poke holes in it.
If you want a cool side project, listen on port 20 and dump the characters that the web scanners send to you. If they don’t send anything, send a username prompt after the tcp handshake - the robots will give you the login creds that they try against weak boxes :)
Extremely. It’s just slow, but once you get used to that, it’s solid.
This is exceptionally well stated. I saw my parents, myself, and every reddit/lemmy/twitter thread I’ve ever read, in your description.
So much online conversation isn’t conversation at all; it’s posturing; saying something completely irrelevant that attempts to paint the “opponent” into an indefensible corner. The best response, then, also doesn’t respond, and does the same - end result being two people just saying stuff at each other.
I must disagree.
We need not wait for marginalized groups to be impacted to decry T1 ISP censorship. Ban whatever speech you want; the method of enforcement should be to arrest the perpetrators - not stop the sale of paper, the delivery of mail, or blocklist class A ip ranges.
On a more philosophical level, this is the question of “kindergarten policy” - do we punish those who crayon on the walls, or do we take away everybody’s crayons. To punish the ability to do wrong, or the act of doing wrong. Like most philosophical questions, there’s no good answer to this.
I can’t speak to current state; but with any luck we are approaching / entering the post-tracker era. DHT handles the actual “tracking”, and other components are (very slowly) coming out to handle search and reputation.
Who wants to announce a partnership with me to promote irresponsible AI?
The supreme court was non partisan. Do you expect the truth arbitration department to go any better?
The 50% of people who believe false things are going to vote for truth arbiters that we don’t like. Surely it will be amazing when the correct party is in control, but inevitably the wrong party will be in control sometimes too.
The issue is that bad truth arbitration is “sticky”. Once a bad actor is in control, they have the power to silence their own opposition.
In order for this to work, we must either make sure a bad actor never ends up at the wheel - which will eventually fail, or neuter the truth arbitration process to the point of inefficacy.
The risks here are probable and tangible. We may have the techniques to do it eventually, but I don’t think we have them right now.
This is an excellent way of looking at it, that is very different from my initial understanding.
This changes the concern profile entirely, from “who decides what is false” (big concern) to “how do we define advocating, how do we define violence, etc” - which are valid concerns, but apply to just about every law.
Off topic, the cyber security world has been wrestling with “unauthorized access” - is there implicit authorization when a device is attached to the internet? Nobody authorized me to use google - are web requests access? Is bypassing authentication access? It’s a mess.
So… what? Are you arguing for an expansion of “punitive models”?
Iraq has exceptional consistency in thought leadership. There are no drug addicts in Singapore.
Moxie marlinspike has an excellent blog post on “perfect enforcement” - if the law were applied perfectly, we would not have the lgbtq marriage rights we have today. If America had perfect consistency of thought, we would all be protestant catholic.
Consistency is not a world I strive for, and therefore, to return to the start of this thread, I do not believe the us gov should apply censorship to our communications, and I do believe that doing so would be a slippery slope, precisely and purely because censorship may prevent its own regulation.
No single body can wield this power, and therefore multiple should.
/pol/ self-censors through slides and sages, and even maintains at least some level of toxicity just to dissuade outsiders from browsing or posting - you could call it preventative censorship.
Fortunately, we don’t have to go there. We have the choice to coexist on Beehaw instead.
Even on reddit, different subs could have different moderation policies, and so if you didn’t like ex. Cyberpunk, you could go to lowsodium_cyberpunk.
Freedom to choose communities allows multiple diverse communities to form, and I think that’s the key - that there are many communities.
When the scope of truth arbitration moves from lemmy instances to the us gov, the only alternative choice for any who disagree would be to go to another country.
The beauty of the internet is that there are no countries. Any website could be anywhere - there are hundreds of thousands of choices, from twitter hashtags to irc rooms.
I do not want one hegemony of information. I do not want 5, or one for each nato member. I want as many as possible, so I may find one (or more!) that I like.
Who is the arbiter of truth? What prevents the power to censor from being abused?
The power to censor inherently includes the ability to silence its own opposition. Centralizing this power is therefore dangerous, as it is neigh impossible to regulate.
Currently, we can choose our forums - beehaw does a good job, /pol/ silences all but one worldview, and therefore I am here and not there. What happens when that choice is taken away, and one “truth” is applied universally, with no course for opposition?
Perhaps you believe you hold the correct opinions, and will not be affected. Only those who disagree with you will be silenced. Or perhaps you change your opinions to whatever you are told is correct, and therefore you do hold the correct opinions, though only by definition.
Consider that 50% of the country disagrees with you politically. If you follow a third party, it’s 98%. A forced shared truth is only “good” if it goes your way - but the odds of that are so incredibly small, and it gets much smaller when you consider infighting within the parties.
Go a level deeper, beyond this news about news, and read the moat memo.
The third faction is the open source community.
The memo has an entire timeline section, dedicated to showing the speed at which the open source community absorbed and iterated on the leaked facebook model, LaMMa.
The memo puts a lot of emphasis on how google and co are building new models from scratch, over months, with millions of dollars - and yet open source is building patches, in days, with only a few hundred dollars - and the patches stack, and are easily shareable.
The open source models, through these patches, are getting better faster than google can re-architect and re-train new models from scratch.
The main point of the memo is that google needs to change their strategy, if they want to stay “ahead” (some would argue they’re already behind) of the competition.
Wireguard creates a new network interface that accepts, encrypts, wraps, and ships packets out your typical network interface.
If you were to create a kernel network namespace and move the wireguard interface into that new namespace, the connection to your existing nic is not broken.
You can then use some custom systemd units to start your *rr software of choice in said namespace, rendering you immune to dns leaks, and any other such vpn failures.
If you throw bridge interfaces into the mix, you can create gateways to tor / i2p / ipfs / Yggdrasil / etc as desired. You’ll need a bridge anyway to get your requester software interface exposed to your reverse proxy.
Wireguard also allows multiple peers, so you could multi-nic a portable personal device, and access all your admin interfaces while traveling, with the same vpn-failure-free peace of mind.
Let’s go academic with it, and skip straight past “impossible to answer” directly to heuristic / attribute analysis.
What are the attributes / behaviors / tells of a fake account?
I recently picked up a pipe. It has all the rituals and escapism of a cigar, without the hour-long commitment.
That being said, sometimes being”occupied” for an hour is part of the appeal. Each has their place ime.