[-] qjkxbmwvz@lemmy.sdf.org 32 points 9 months ago

Thanks butNext time please use the spoiler tag, sheesh 🙄

[-] qjkxbmwvz@lemmy.sdf.org 30 points 10 months ago

I think I saw this earlier on Lemmy, but without the red text spelling it out. I think I prefer that ever-so-slightly more subtle version.

[-] qjkxbmwvz@lemmy.sdf.org 24 points 10 months ago

After setting up my own network, and trying to (kinda sorta) do it the right way (multiple SSIDs, vlan segregation, restrictive firewalls for iot, VPN to a VPS, etc.)


I have so much respect for network engineers. First month with my new router, felt like I "broke the Internet" every other day.

28

Looking for advice for self hosted networking.

Question first, details below:

Everything works fine now, but feels...hacky. My question is, what's the best way of dealing with allowing only certain services to be accessible to the world while blocking other services to everything except local (+vpn) clients? Currently, because of my vps port forwarding, all external traffic appears to come from that machine. So, what I have now in my nginx config is to allow traffic from the local & wireguard subnets, except for traffic from the vps itself.

So: looking for advice on how to better manage access, but of course, if anyone has other improvements/suggestions, I'm all ears.

My current setup is:

Machines:

  • VPS (vps) with public IP.
  • Home router (router) with no public IP or open ports.
  • Home server (srv-home).
  • Remote server (srv-remote), located with family.

Network structure, ignoring vlans and whatnot, is:

  • vps <--wireguard--> router
  • vps <--wireguard--> srv-remote
  • router <--ethernet--> srv-home

srv-remote and srv-home can communicate through vps+router.

Services & structure, broadly speaking:

vps port forwards http/s to router, which port forwards to srv-home (can optionally have it port forward directly to srv-home, doesn't really matter to me).

srv-home handles SSL, both for services on srv-home and srv-remote. This allows me to a) manage certificates locally in one place (not on vps), and b) use local DNS on my router to bypass vps for locally hosted services. Works great.

srv-home and srv-remote both host some services which I would like to be publically accessible and some that I would like to remain private.

vps also acts as my roadwarrior vpn, on the same wireguard interface that's used for the vps<-->router link. One solution would be to just have separate wireguard interfaces (or maybe just separate address spaces?) for the vps<-->router and vps<-->[roadwarrior] links? Another would be to get the vps portforwarding set up in a way that doesn't lose originating IP address, but so far I have been unsuccessful there.

Thanks in advance for any insight!

[-] qjkxbmwvz@lemmy.sdf.org 37 points 11 months ago

I don't get all the Apple hate from the Linux community. Out of the box you have a fully usable *NIX machine


they even switched the default shell to zsh! No advertising in the Start menu, and ssh (client and server) included by default. Install homebrew and boom


tmux, htop, nload, lolcats.....most of your favorite tools can be installed easy as on any linux distro.

I use Debian for personal use, and I much prefer it...but basically only because I prefer i3 to the Mac GUI.

[-] qjkxbmwvz@lemmy.sdf.org 118 points 1 year ago

I'm not going to worry about voting on election night. Because I will have voted days/weeks earlier through my state's effective vote by mail system.

[-] qjkxbmwvz@lemmy.sdf.org 116 points 1 year ago

I get that it's a meme, but what's the problem? I'm vegetarian/flirt with veganism; it's purely for moral/ethical/environmental reasons.

Indian food is delicious. An Impossible burger on a pretzel bun dripping with grilled onions, avocado, vegan aioli and mustard with a side of steak fries? That's also delicious, in my opinion.

Meat is delicious, and that's not at all incompatible with my reasoning for being vegetarian.

[-] qjkxbmwvz@lemmy.sdf.org 40 points 1 year ago

sedan

I think it should be station wagon (or "estate" in Tolkien's English perhaps).

[-] qjkxbmwvz@lemmy.sdf.org 41 points 1 year ago

Remember: elections have consequences.

Also remember that


as much as disaffected and/or malicious actors (or Simpsons and South Park, for that matter) will claim otherwise


the two major political parties in the US are not the same.

[-] qjkxbmwvz@lemmy.sdf.org 27 points 1 year ago

Credit scores are often required for things that don't necessarily incur debit


it can be a requirement for renting, and for credit cards (which, if paid off monthly, don't accumulate debt).

The credit system is far from perfect, but this is a step in the right direction it seems; I view it as a statement on "healthcare as a right," rather than as "good credit scores as a right."

[-] qjkxbmwvz@lemmy.sdf.org 35 points 1 year ago

Lot of comments about RTGs, but I don't think that's what OP is asking. RTGs convert heat to electricity, same as a conventional power plants


they just do it in a solid state way instead of steam. In RTGs it doesn't matter where the heat comes from; they are not really analogous to solar cells, as the title asks.

In fact, there are consumer products that use the same technology


you can buy a little electric fan that sits on top of a wood stove and, once up to temp, will start spinning. The electricity is generated by the thermal gradient using heat from the stove, essentially the same as an RTG.

[-] qjkxbmwvz@lemmy.sdf.org 22 points 1 year ago* (last edited 1 year ago)

As others have mentioned, a few possibilities (I'm in the US, not sure how specific this is):

  • Payment isn't always monthly, it is often every two weeks. So sometimes you get two paychecks in a month, sometimes you get three.
  • Compensation isn't just salary, even if you're salaried. Bonuses, stock grants, etc. might be done yearly/every 6 mo./every quarter.
  • Expenses aren't always monthly. If you own a place, you probably pay property tax which isn't due every month AFAIK. If you budget for vacations, holiday travel, etc., these are costs that vary wildly month to month, but have some stability on a yearly basis.
  • ETA: taxes are based on annual income, too.
14
submitted 1 year ago* (last edited 1 year ago) by qjkxbmwvz@lemmy.sdf.org to c/selfhosted@lemmy.world

SOLVED: delete using web client, and mobile will re-upload.

I haven't been able to find the proper way to force a re-upload of an image from mobile


any suggestions?

The images in question are from an iOS device. They show up correctly on the iOS device (both native Photos app and Immich), and claim to be uploaded (cloud w/check mark icon). On Android and web, they do not show up. If I try to download the image on web, it fails, with an immich_server log message of

ERROR [ExceptionsHandler] ENOENT: no such file or directory, stat 'upload/library/admin/path/to/file.jpg'

I've read it's possible to fix these issues with some Postgres magic, but I've also read that that is Strongly Discouraged.

I believe the original issue of why the files got borked was I didn't have a sufficient client_max_body_size set (I'm using a reverse proxy, nginx). This is just a hunch though...

Thanks in advance


will just ask the immich.app crowd if that's a more appropriate place.

[-] qjkxbmwvz@lemmy.sdf.org 61 points 1 year ago

I know it's just a meme, but an OBDII dongle


even a cheap $10 Bluetooth one


is super useful. You can read and reset the codes, and watch stats in real-time if so inclined.

3
submitted 1 year ago by qjkxbmwvz@lemmy.sdf.org to c/til@lemmy.ca

Wikipedia: https://en.wikipedia.org/wiki/DSV_Alvin

Sounds like it was (shocker) really well designed. It even sank once when a cable snapped on support boat


crew escaped, and it was recovered and retrofit. And if things go sideways, the cabin/titanium sphere could detach, floating freely up to the surface.

After hearing about OceanGate, deep sea subs sounded terrifying


but reading about this is somehow very comforting.

0
submitted 1 year ago by qjkxbmwvz@lemmy.sdf.org to c/memes@lemmy.ml

view more: next ›

qjkxbmwvz

joined 1 year ago