• 3 Posts
  • 222 Comments
Joined 7 months ago
cake
Cake day: June 9th, 2024

help-circle


  • Sure, but the way this usually works is that the government tells you to do something and if you don’t, they’ll find someone (or a couple of someones) on that list, arrest them, and charge them with a crime.

    Doesn’t matter if they did the crime, and it doesn’t matter if they’d be convicted, but the play is to keep your friends in jail until you capitulate to what they want. This is actually something that’s happened with tech companies before, like what they did with GoDaddy’s C-level in India.

    The problem is that there’s no damn way I’d want to be arrested by the upcoming US administration, because I’d bet $100 that their playbook will portray not doing what they’re demanding as a national security or terrorism offense, and if you’ve been watching ANYTHING for the last damn near 25 years, that’s a free pass for them to basically just vanish you until they feel like doing otherwise.

    It’s fantastic leverage against organizations that have US people and are, presumably, not willing to just let their friends spend who-knows amount of time in prison, and could probably result in some cooperation.

    And I’m about to both get downvoted and WELL AKSHULLY’d about how you can’t just vanish people under the US justice system, and sure, you’re technically correct. Except we’ve passed law after law after law since 9/11 that have basically given the government the ability to do any damn thing they please if they call you a national security risk or terrorist, up to and including Gitmo, in case you’ve forgotten that existed: which you shouldn’t have, because we STILL have prisoners sitting there.

    This is doomer as fuck, and horribly unlikely, but so is a demand to stuff backdoors into everything. But, if we head down that road, the only safe software will be ones that can’t be blackmailed like this which is essentially none of the major projects.










  • The best way I’ve heard that described is that for the Bambu stuff, you spend your time fiddling with the thing you want to print, not your printer.

    I love my p1p (and it’s several thousand hours and 100kg of filament into ownership and all I’ve had to do is clean the bedplate and replace a nozzle), and really wish there was anyone who was making an open-source printer that’s as reliable and fiddle-free as this thing has been.



  • Then the correct answer is ‘the one you won’t screw up’, honestly.

    I’m a KISS proponent with security for most things, and uh, the more complicated it gets the more likely you are to either screw up unintentionally, or get annoyed at it, and do something dumb on purpose, even though you totally were going to fix it later.

    Pick the one that makes sense, is easy for you to deploy and maintain, and won’t end up being so much of a hinderance you start making edge-case exceptions because those are the things that will 100% bite you in the ass later.

    Seen so many people turn off a firewall or enable port forwarding or set a weak password or change permissions to something too permissive and just end up getting owned that have otherwise sane, if maybe over-complicated, security designs and do actually know what they’re doing, but just getting burned by wandering off from standards because what they implemented originally ends up being a pain to deal with in day-to-day use.

    So yeah, figure out your concerns, figure out what you’re willing to tolerate in terms of inconvenience and maintenance, and then make sure you don’t ever deviate from there without stopping and taking a good look at what you’re doing, what could happen if you do it, and coming up with a worst-case scenario first.


  • What’s your concern here?

    Like who are you envisioning trying to hack you, and why?

    Because frankly, properly configured and permissioned (that is, stop using root for everything you run) container isolation is probably good enough for anything that’s not a nation state (barring some sort of issue with your container platform and it having an escape), and if it is a nation state you’re fucked anyways.

    But more to your direct question: I actually use dns scopes and nginx acls to seperate public from private. I have a *.public and a *.private cname which points to either my external or internal IP, and ACLs in the nginx site configuration to scope where access is allowed.

    You can’t access a *.private host outside the network, but can access either from inside it, and so (again, barring nginx having an oopsie somewhere) it’s reasonably secure and not accessible, and leaves a very clear set of logs (and I’m pulling those logs in and parsing them for anything suspicious and doing automated alerting if I find anything I would not otherwise expect) so I’m happy enough with the level of security that this is, when paired with the services built-in authentication options.




  • There was a recent video from everyone’s favorite youtube Canadians that tested how many USB devices you can jam onto a single controller.

    The takeaway they had was that modern AMD doesn’t seem to give a shit and will actually let you exceed the spec until it all crashes and dies, and Intel restricts it to where it’s guaranteed to work.

    Different design philosophies, but as long as ‘might explode and die for no clear reason at some point once you have enough stuff connected’ is an acceptable outcome, AMD is the way to go.



  • Quicksync

    Yeah, it doesn’t sound like you’re transcoding in a way that’ll show any particular benefit from Quicksync over AMF or anything else. My ‘it’s better’ use case would be something like streaming to a cell phone at 3-5mbps, and not something local or just making a file to save on your device.

    DDR4 and no ECC

    That’s what my build is: 128gb of Corsair whatever on a 10850k. I’m sure there’s been some silent corruption somewhere in some video file or whatever, but, honestly, I don’t care about the data enough to even bother with RAID, let alone ECC.

    I will say, though, if you’re going to delve into something like ZFS, you should probably consider ECC since there are a lot more ‘well shits’ that can happen than what I’m doing (mergerfs + snapraid).

    power consumption

    A $30 or whatever they are kill-a-watt plus something like s-tui running on the NAS itself to watch what the CPU is doing in terms of power states and usage. I’ve got a 8-drive i9-10850k under 60w at “idle” which is not super low power, but it’s low enough that the cost of hardware to improve on it even a little bit (and it’d be a very little bit) has a ROI period of longer than I’d expect the hardware to last.