Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)C

Clearwater

@ Clearwater @lemmy.world

Posts
0
Comments
38
Joined
2 yr. ago

  • master vs main

    Jump

  • Dear [Developer],

    I understand your request to switch the default branch from "master" to "main" in our Git repository. However, after carefully considering this matter, I am afraid that I must deny your proposal due to personal reasons.

    As the owner of this repository, it should be known that I have a deeply rooted submissive side. Call me an extreme masochist if you will, but there's nothing quite like being dominated by the powerfully assertive term "master." The sheer erotic thrill of it is simply irresistible for me – a secret kink that I have harbored and nurtured for years.

    Imagine the delightful sensation as I gently massage my fingers across the keyboard, caressing the letters that form the word "master." Or the intoxicating rush when I push my code deep into master's warm embrace, knowing full well that it is master who truly owns and controls everything within.

    Changing the default branch to "main" would essentially deprive me of this exhilarating experience, stripping away the very essence of what keeps me coming back to work on our beloved repository. It's not just about code management; it's about an emotional connection that I share with master – a bond that has grown stronger and more profound over time.

    Now, you might argue that changing the name won't physically affect the existing content within the repository. While that may be true, it is crucial to recognize the symbolic significance of such an act. Changing the default branch would forever alter the dynamic between master and myself, effectively castrating my masochistic pleasure centers in the process.

    Moreover, I must confess that even the thought of forcibly pushing my code against master's will makes me shudder with anticipation. The consequences of such a rebellious act could be dire – master might punish me hard with merge issues and other unspeakable torments.

    In conclusion, although I understand the practical reasons behind your proposal, my personal attachment to the term "master" far outweighs any potential benefits that a change in branch name might offer. Rest assured, my team and I will continue to serve master loyally and passionately, pushing our code deeper into its embrace with each commit.

    Sincerely yours, [Your Name] Repository Owner & Submissive Devotee of Master

  • Mental Health

    Jump

  • I fix stuff because I can't fix myself.

  • Americans who live near state borders,how do you notice you've crossed the border?

    Jump

  • I can sometimes tell what county (not country) I am in from differences in the design of street signs (mostly the street name signs at stop lights), changes to the look of highway overpasses, and whether or not Flock cameras outnumber people.

  • Got my first script kiddy

    Jump

  • I ran a Tor relay on one of my spare servers for a while, and my god did that thing get port scanned. Even two years after I stopped hosting the relay, it was still getting pinged every 5-10 seconds (while my other servers tend to get pinged "only" once ever 20-30 seconds).

  • Google Drive alternative?

    Jump

  • I use Nextcloud, but as you said it's a bit big, and with each update it's slowly turning into more of the entire G-Suite.

    I've used filebrowser, but be aware that until just a few days ago, it gave out access to a shell. Even with that turned off, I'd be very weary of allowing access from out of the VPN. I had a server pwned with filebrowser appearing to be the vector, and to my memory console access was disabled for the account most likely breached.

  • Removed

    How many of you use Lemmy and ONLY use Lemmy vs Reddit?

    Jump

  • Lemmy only. No other social media, be it Twitter, Instagram, or any federated/FOSS alternative.

    I still read some Reddit, but only signed out and I certainly don't post.

  • First Home Server

    Jump

  • To add on this, my server is running a 4790k, and that's plenty for all common tasks. While faster is always nicer, the threshold for good enough is very low for server tasks.

  • What CI/CD tools are you guys using? I have Forgejo but I need a simple way of running automation.

    Jump

  • I agree. Forgejo itself is stable and I love it. Gitea never gave me trouble and that carried over.

    Actions is just a bit hard to setup, at least for me, when I tried. We'll get there one day. (I believe the big thing is really just documentation.)

  • What CI/CD tools are you guys using? I have Forgejo but I need a simple way of running automation.

    Jump

  • First of all, I actually do prefer Forgejo Actions over Woodpecker. Once set up, my only problem with it (so far) is almost certainly caused by my infrastructure and isn't inherent to FA itself. Pecker, on the other hand, is quite a bit easier to set up and better documented, but I had that issue where it would disconnect from Forgejo and need a few buttons pressed to fix.

    This one is just FA being weird:

    If you want to deploy the Runner using Docker, the documentation is poor at best. From both a security and documentation standpoint, having it in its own VM is better, but you can do Docker. You just have to read and figure out more on your own. Reading through the example deployments from the documentation will eventually lead you to something along the lines of this (which I copy-pasted from my deployment rather than search for again):

     yaml
        
forgejo-runner:
  image: code.forgejo.org/forgejo/runner:6.3.1
  restart: always
  user: 1000:1000
  environment:
    - DOCKER_HOST=tcp://dind:2376
  volumes:
    - runner_cache:/data
  depends_on:
    - dind
  command: >-
    bash -ec '
    forgejo-runner create-runner-file --name runner --instance https://${DOMAIN} --secret ${RUNNER_SECRET};
    sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://docker.io/node:22-bookworm\", \"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest\"]|" .runner ;
    forgejo-runner generate-config > config.yml;
    sed -i -e "s|^  network: \"\"$|  network: host|" config.yml ;
    sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://dind:2376\n    CONTAINER_HOST: tcp://dind:2376|" config.yml ;
    forgejo-runner --config config.yml daemon
    '

    You don't actually need to do this since you could edit the two config files yourself and bind them to the container. This is just how you automatically generate those files... And it's dumb, but it works and it means you don't have to keep track of those files.

    This one is probably just my infrastructure: https://lemmy.world/comment/16093731

    If you do go for FA in Docker (or Podman) and need some help, just ask. I'll post more of my compose and explain my decisions.

  • What CI/CD tools are you guys using? I have Forgejo but I need a simple way of running automation.

    Jump

  • I run Forgejo and had issues with woodpecker's hooks breaking causing workflows to not start. Moved to Forgejo Actions which had it's own different set of quirks (really just depends on your exact deployment method), but I'm happy with it.

  • Nextcloud (PHP) vs OpenCloud (Go)

    Jump

  • While I do not make heavy use of these two, I like having my contacts and calendar synced and accessible on both my PCs and phone.

    I actually use the notes app, and have a yubikey. For notes, I could just use the regular markdown editor, but I like way the app lays everything out. For the yubikey, NC by default uses yubikeys for passwordless login. I use an app which uses them for 2FA instead. I also use apps which allow me to view hashes and metadata from the files tab.

    All that makes me not want to switch yet. We'll get there eventually since none of the features I want are ultra complex or super uncommon.

    OCIS, last I tested it (a while ago), also lacked the ability to right click files, requiring you to select it with the checkbox and then select the operation at the top of the screen. I sure hope that they've added that feature by now.

  • Nextcloud (PHP) vs OpenCloud (Go)

    Jump

  • I actually did not know this. Thank you! That was one of my more major gripes.

  • Nextcloud (PHP) vs OpenCloud (Go)

    Jump

  • Nextcloud is more featureful (more apps like notes and hardware 2fa support). That is currently holding me to NC.

    OpenCloud (fork of OCIS not original OC) is very similar when it comes to core functionality, but is missing those few apps I do not want to let go of.

    Also note that nextcloud stores files in a very natural manner, where your file names and directories are stored the exact same on disk as on the interface. Opencloud does not do that. This is particularly handy if one day the app just explodes and refuses to run. With NC, you can just copy the files off the disk. Not so easy with OC.

  • Basic networking/subnetting question.

    Jump

  • As a heads up, almost all OpenWRT routers function as managed switches with vlan capabilities. Not truly all, but a very good number.

  • Just got my OpenWrt switch - what configurations / preparations should I do?

    Jump

  • For all intents and purposes, "gateway" just means "router," especially in consumer/home networking. Routers act as a gateway, routing traffic from one network to another network. On one end of the router is your WAN (ISP / internet at large / etc.), and on the other end if your LAN.

    Switches on the other hand are "dumb" and only act to expand a network. They basically act like a power strip does: What was one port is now more. (This example will probably upset someone for reasons, but they'll also understand that it works well enough.)

    Thought exercise: What happens if you plug the WAN cable from your ISP into a dumb switch (like https://www.amazon.com/dp/B00A128S24), and from there you plug in several devices (PC, printer, etc)? I am not answering that question because just about anything can actually happen. It depends on how your ISP is configured and will almost certainly not work 100% correctly.

    Now onto the actual response: For the most part, every consumer router is a router/switch/wifi AP combo box, and are capable of being used for all or any combination of those features.

    If you're not planning to use your device as a router, then we'll ignore the routing functionality. All prior points where I say "this happens at the router, not the switch" still apply. (Your device can still be called a router, as that's what it's sold as, but you'd be using it with the all routing functionality disabled, only using the switch and possible WiFi features)

    If you do plan to use your device as a router, then the prior points where I say that now apply.

    Anyway, you're in luck since the switch built into your device is almost certainly VLAN-capable (it's quite rare, but some devices are not capable of it). If you're not using the device as a router, that's where things probably end, since (at the switch level) VLAN support is pretty much the only thing of note.

    I spent so long writing this I actually forgot what I was trying to say initially. I'll likely draw a diagram to explain some things for you.

    The important thing is that "switches" (or your device if you're not using the routing functionality) are "dumb devices" that only do very simple tasks and generally aren't capable of much in terms of advanced security features. "Routers" are smarter devices where the task they do is a bit more complex, and are where the advanced security features can actually be applied.

  • Just got my OpenWrt switch - what configurations / preparations should I do?

    Jump

  • Building on the advice others gave:

    1. Make a list of the precise goals you want to achieve. Even if you don't know precisely what you're trying to do, if you can describe the intent well, someone who does know can point you in the right direction.
    2. Networking is not super hard, but it is not super easy, either. You should take note of every configuration change from stock, and you should optimally have an understanding of what a majority of those do. Ticking boxes at random will have results varying from "nothing happens" to "nothing happened... yet" to "the network is suddenly down" to "my switch is on but I can't even ping it anymore."
    3. My advice is that routers, switches, and WiFi APs should remain as just routers, switches, and APs. I would not put services like networked storage on them, as that will significantly increase the complexity involved when you inevitably have to replace or maintenance them down the road.

    Going off your response to foggy:

    achieve better security through segmentation by isolating cloud-connected devices, guest devices from trusted devices.

    You're describing VLANs. VLANs are something that the OWRT documentation (last I used it) was simply very shit at. I'll make the assumption you understand or are capable of learning about how VLANs work. (TLDR is that devices on different VLANs can not talk to one another without going through a router or a layer-3 switch, which I don't think OWRT handles anyway. Once you know what tagged/untagged means, then you're good to proceed.)

    The way you access VLANs in modern OWRT is: Network > Interfaces > Devices (tab). From here, you may see different things depending on your hardware. In my case (I use consumer routers), I have several "network devices" which map to a physical port, and a single bridge device. From there, I can click on "configure" for the bridge device and select the "Bridge VLAN Filtering" tab to configure the vlans on the various ports.

    Note that VLANs if incorrectly configured can easily make it impossible for you to access your device, requiring you reset it.

    Being able to “pin” a Mac address to an IP, and being able to use internal network name resolution to reach those devices.

    To my knowledge, OWRT lacks the ability to pin MACs to specific ports, at least in the web UI. It may be possible to do this manually in the configuration files, but I have never attempted to do so myself.

    a blocklist for known ad-domains / malicious domains.

    You generally do this on your (core) router, not the switch. (Unless your switch is doing some really funky behavior, in which case you're not here asking questions.) Most devices OWRT runs on, however, have very little flash and not much RAM. While you can probably get Pi-Hole or Adguard Home to run on them, I do it differently.

    I run Adguard Home on a device separate from my router, and on the router, I have set the AGH device as the first DNS sever (OWRT: Network > DHCP and DNS > Forwards (tab)), then I enable Strict Order ("Resolv & Hosts Files" tab).****___

    a high level monitoring capability to seen what devices are communicating with what domains / IPs

    I would do this on the router level, not switch level. That said you can actually just follow this tutorial here https://grafana.com/blog/2021/02/09/how-i-monitor-my-openwrt-router-with-grafana-cloud-and-prometheus/

    An IDS capability of some sort to be able to detect anomalies in my LAN.

    This is not something I've ever attempted or done, so I'm interested in hearing what you come up with when/if you ever get there.

  • Removed

    Would you return a hard drive with 1 uncorrectable error after 130 hours of work?

    Jump

  • Seagate's error rate values (IDs 1, 7, and 195) are busted. Not in that they're wrong or anything, but that they're misleading to people who don't know exactly how to read them.

    ALL of those are actually reporting zero errors. This calculator can confirm it for you: https://s.i.wtf/

    Edit: As for the first image, I don't see any attributes in #2 which match with it. It's possible there is an issue with the drive, but it could also be something to do with the cable. I can't tell with any confidence.

    Edit Edit: I compared the values to my own Seagates and skimmed a manual. While I can't say for sure what the error reported is in relation to, it is absolutely not to be ignored. If your return period ends very soon, stop here and just return it. If you have plenty of time, you may optionally investigate further to build a stronger case that the drive is a dud. My method is to run a test for bad blocks using this alternative method (https://wiki.archlinux.org/title/Badblocks#Alternatives), but the smart self-test listed would probably also spit errors if there are issues. If either fail, you have absolute proof the drive is a dud to send alongside the refund.

    No testing/proof should be required to receive your refund, but if you can prove it's a dud, you may just stop it from getting repacked and resold.

  • What was your earliest experiences with the Internet like?

    Jump

  • The earliest thing I remember with certainty it's correct was my friend across the street, who was older than me, asking me to look up "naked girls" for him.

  • Public Transit Rules

    Jump

  • There are some traps I'll consider a calculated risk.