• 0 Posts
  • 110 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle

  • Melmi@lemmy.blahaj.zonetoSelfhosted@lemmy.worldZeroTrust Your Home
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    3 months ago

    When done correctly, the banner is actually a consent banner. It’s a legal thing, not necessarily trying to discourage criminals. It’s informing users that all use will be monitored and it implies their consent to the technology policies of the organization. It’s more for regular users than criminals.

    When it’s just “unauthorized access is prohibited”, though, especially on a single-user server? Not really any point. But since this article was based on compliance guidelines that aren’t all relevant to the homelab, I can see how it got warped into the empty “you no hack” banner.


  • That 10Gb link is almost certainly oversubscribed, though. You don’t actually have 10 Gb of dedicated constant bandwidth, you just have access to 10Gb of potential bandwidth. You’re unlikely to saturate that link very often, so you won’t notice, but it’s shared with other people.

    It’s different from Google or any other company paying for bandwidth that’s being actually used, not just a pre-allocated link like your home internet.


  • But how will you get a “universal” view of the fediverse? No single authoritative view exists.

    You yourself acknowledge that this is complicated, but I honestly don’t understand what appeal a hacked together fake centralized system would have for people if they don’t care about decentralization in the first place. Any such solution is almost inevitably gonna end up being janky and hacked together just to present a façade of worse Reddit.

    Lemmy’s strength is its decentralization and federation. It’s not a problem to be solved, it’s a feature that’s attractive in its own right. It doesn’t need mass appeal, it’s a niche project and probably always will be. I don’t think papering over the fundamental design of the software will make it meaningfully more attractive to the non-technically minded.



  • Yes, but only if your firewall is set to reject instead of drop. The documentation you linked mentions this; that’s why open ports are listed as open|filtered because any port that’s “open” might actually be being filtered (dropped).

    On a modern firewall, an nmap scan will show every port as open|filtered, regardless of whether it’s open or not.

    Edit: Here’s the relevant bit from the documentation:

    The most curious element of this table may be the open|filtered state. It is a symptom of the biggest challenges with UDP scanning: open ports rarely respond to empty probes. Those ports for which Nmap has a protocol-specific payload are more likely to get a response and be marked open, but for the rest, the target TCP/IP stack simply passes the empty packet up to a listening application, which usually discards it immediately as invalid. If ports in all other states would respond, then open ports could all be deduced by elimination. Unfortunately, firewalls and filtering devices are also known to drop packets without responding. So when Nmap receives no response after several attempts, it cannot determine whether the port is open or filtered. When Nmap was released, filtering devices were rare enough that Nmap could (and did) simply assume that the port was open. The Internet is better guarded now, so Nmap changed in 2004 (version 3.70) to report non-responsive UDP ports as open|filtered instead.



  • The “make a fork” thing is part of the issue, I think. In general there’s this culture in the open source community that if you want a feature, you should implement it yourself and not expect the maintainers to implement it for you. And that’s good advice to some extent, it’s great to encourage more people to volunteer and it’s great to discourage entitlement.

    But on the other hand, this is toxic because not everyone can contribute. Telling non-technical users to “make it yourself” is essentially telling them to fuck off. To use the house metaphor, people don’t usually need to design and renovate their houses on their own, because that’s not their skillset, and it’s unreasonable to expect that anyone who wants a house should become an architect.

    Even among technical users, there are reasons they can’t contribute. Not everyone has time to contribute to FOSS, and that’s especially notable for non-programmers who would have to get comfortable with writing code and contributing in the first place.


  • Google destroys their own search engine by encouraging terrible SEO nonsense and then offers the solution in the form of these AI overviews, cutting results out of the picture entirely.

    You search something on the Web nowadays half the results are written by AI anyway.

    I don’t really care about the “human element” or whatever, but AI is such a hype train right now. It’s still early days for the tech, it still hallucinates a lot, and I fundamentally can’t trust it—even if I trusted the people making it, which I don’t.



  • Melmi@lemmy.blahaj.zonetoSelfhosted@lemmy.worldReverse proxy
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    It definitely encrypts the traffic, the problem is that it encrypts the traffic in a recognizable way that DPI can recognize. It’s easy for someone snooping on your traffic to tell that you’re using Wireguard, but because it’s encrypted they can’t tell the content of the message.








  • Most things should be behind Authelia. It’s hard to know how to help without knowing what exactly you’re doing with it but generally speaking Authelia means you can have SSO+2FA for every app, even apps that don’t provide it by default.

    It also means that if you have users, you don’t need them to store a bunch of passwords.

    One big thing to keep in mind is that anything with its own login system may be more involved to get working behind Authelia, like Nextcloud.


  • Melmi@lemmy.blahaj.zonetoLinux@lemmy.mlHow do you say SUSE?
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Except GNU is a great example of an acronym that is pronounceable. It’s even in the dictionary. The GNU mascot is a gnu, in fact.

    LGBTQIA+ is essentially unpronounceable, thus we treat it as an initialism. Not that that’s a requirement, there are examples like VIP where even though we could pronounce it we pronounce each letter individually.


  • That’s I guess why CSEM is used, because if the images are being shared around exploitation has clearly occurred. I can see where you’re coming from though.

    What I will say is that there are some weird laws around it, and there have even been cases where kids have been convicted of producing child pornography… of themselves. It’s a bizarre situation. If anything, seems like abuse of the court system at that point.

    Luckily a lot of places have been patching the holes in their laws.