BonkTheAnnoyed

joined 3 months ago
sorted by: new top controversial old
Microsoft AI CEO pushes back against critics after recent Windows AI backlash — "the fact that people are unimpressed ... is mindblowing to me" in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 10 hours ago

Maybe? If they're suffering from brain injury, developmental disability, age related dementia, or similar.

Microsoft AI CEO pushes back against critics after recent Windows AI backlash — "the fact that people are unimpressed ... is mindblowing to me" in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 0 points 14 hours ago* (last edited 14 hours ago) (2 children)

The sad thing is, if it weren't for the privacy horrors of today's world, a voice activated agentic OS could be a fantastic accessibility aid for visually and cognitively impaired people, for example

public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 15 hours ago

The real answer is, ngnx is a great fit. I already know most quirks of Apache, though, and I don't necessarily want to pull in another manual to my brain.

I might switch in the future, though. It'd be handy to have that in my pocket.

I'm not using containers, per se, at least not in the docker sense, virtualization is done with is KVM

public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 1 day ago

That's a really good strategy , thanks!

public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 1 day ago (4 children)

thanks! It's hard not to feel out of my depth, it's been so long. And, it being my own info, not a corp's protected by insurance, indemnity, mandatory arbitration, and (as a last resort) backups, the stakes feel a little higher.

4
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/34623175

How realistic is this architecture? It's been a while since I've set something like this up for work.

The thought behind this layout is that having only one machine hanging out there with just Apache and ssh (from lan only, non-standard port), and forwarding via Mod_Proxy any services I might want to share with non-LAN friends/family (photos, docs), is a smaller exposure than hosting all my VMs in a DMZ and hoping that the one server doesn't get nuked.

Something like: DNS -> public-zone{ www-serv } <-> firewall-1 <-> lan{ vm-host <-> firewall-2 <-> (printers, laptops, etc) }

firewall-1 is actually a router running Tomato, with custom iptables rules. That way if www-serv is compromised the attacker can't just drop some rules.

firewall-2 is just iptables rules on vm-host

all LAN computers' iptables are a little more permissive, with holes for SAMBA, CUPS, and ssh on non-standard port.

What do you think? Is this sufficient? What would you do differently?

12
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN (lemmy.blahaj.zone)
 

How realistic is this architecture? It's been a while since I've set something like this up for work.

The thought behind this layout is that having only one machine hanging out there with just Apache and ssh (from lan only, non-standard port), and forwarding via Mod_Proxy any services I might want to share with non-LAN friends/family (photos, docs), is a smaller exposure than hosting all my VMs in a DMZ and hoping that the one server doesn't get nuked.

Something like: DNS -> public-zone{ www-serv } <-> firewall-1 <-> lan{ vm-host <-> firewall-2 <-> (printers, laptops, etc) }

firewall-1 is actually a router running Tomato, with custom iptables rules. That way if www-serv is compromised the attacker can't just drop some rules.

firewall-2 is just iptables rules on vm-host

all LAN computers' iptables are a little more permissive, with holes for SAMBA, CUPS, and ssh on non-standard port.

What do you think? Is this sufficient? What would you do differently?

‘Humbly, I’m sorry’: Marjorie Taylor Greene says she’s turning a new leaf after years of divisive comments in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 37 points 4 days ago

She's positioning herself for running as Vance's VP in 2028. That's it.

She hasn't had a change of heart, she doesn't warrant us "giving her a chance," she's not "okay for a republican."

NOTHING has changed.

She's an unapologetic white supremacists who is happily employed by the billionaire class.

US may owe $1 trillion in refunds if SCOTUS cancels Trump tariffs in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 5 days ago (1 children)

I happen to know of a newly minted trillionaire whom in a just world would reasonable be asked to foot the bill

Jack Dorsey Releases Vine Reboot Where AI Content Is Banned in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 20 points 6 days ago

Jack Dorsey once again singing "but baby I've changed!"

hard pass from me.

Senate Republicans reject Democrat deal to reopen government in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 8 points 1 week ago* (last edited 1 week ago)

Good. Because without even reading it I'll bet they tried to throw trans people under the bus again

Nancy Pelosi announces she will not seek reelection to Congress after nearly 40 years in Washington in c/politics@lemmy.world
Google pulls the plug on first and second gen Nest Thermostats in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 2 weeks ago (1 children)

Are API calls to the device signed or whatever? At a minimum one could snoop traffic to rev-eng the API, then recreate it on a lan-only segment

42
~~transpeople~~ is dehumanizing rule (lemmy.blahaj.zone)
submitted 3 weeks ago* (last edited 3 weeks ago) by BonkTheAnnoyed@lemmy.blahaj.zone to c/196@lemmy.blahaj.zone
21 comments fedilink
 

~~transpeople~~ (and ~~transman~~ and ~~tramswoman~~) is dehumanizing.

“Trans people” and “cis people.” Otherwise it reads like, “blarglepeople” and “actual people.”

The mashing together of the words was the language of the early anti-trans propaganda. It was successful enough that even allies continue to use it, unfortunately. Mostly because they’ve come up with new and worse ways to deny our existence while specifically addressing us.

I would say that it feels like blowing into the wind, but I know things like this can change, especially if 'teh youth" get it.

2
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33020379

cross-posted from: https://lemmy.blahaj.zone/post/33020376

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

14
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33020376

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

120
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

4
will grapheneOS restrict side loading? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33012882

Planning on switching to GrapheneOS soon. Anyone know if they're planning on implementing the side-loading restrictions?

14
will grapheneOS restrict side loading? (lemmy.blahaj.zone)
 

Planning on switching to GrapheneOS soon. Anyone know if they're planning on implementing the side-loading restrictions?

36
I think the reason we evolved 5 fingers is so we can carry hot serving dishes farther by alternating which one is in contact with the hot thing. (lemmy.blahaj.zone)
2
I think the reason we evolved 5 fingers is so we can carry hot serving dishes farther by alternating which one is in contact with the hot thing. (lemmy.blahaj.zone)
1
What use a smart card reader? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/31922513

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

4
What use a smart card reader? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

view more: next ›