Skip Navigation

Synestine

@ synestine @sh.itjust.works

Posts

4
Comments

72
Joined

3 yr. ago

Just a regular everyday normal muthafucka.

1w ago

What reasons do people have for disliking SELinux?
Jump
Synestine @sh.itjust.works 1w ago
My dude, check this out (or don't, whatever), but the NSA has a Blue Team (defense) as well as a Red Team (the one you're irrationally angry at). The NSA Blue team is responsible for securing US computer systems. Look that up on DDG.
SELinix is a MAC layer built to supplement the DAC later (traditional UNIX permissions) intended to secure things the DAC doesn't.
With it, Apache can't read /etc/password or random locations like /opt/something/somewhere. Without it, we get the Equifax data breach of 2017.
Everyone saying "I can't stand up a simple web server with SELinux running" glosses over (or ignores) the fact that if they just put their files in the default location, which has the default contexts, it works. They just get pissed that they can't serve up /some/random/location/ without fixing the context so Apache is allowed to read the files.

2mo ago

#signal #privacy #expiration

Jump

Synestine @sh.itjust.works 2mo ago

Yes it is, though I wish it could be changed per-chat.

4mo ago

Nextcloud/OneDrive Files-only Replacement

Jump

Synestine @sh.itjust.works 4mo ago

I think you're remembering Owncloud, not Nextcloud. Owncloud was all about file sync and would often break/remove other modules on upgrade. Nextcloud forked off and included calendar/contacts/etc. by default.

5mo ago

LVM question

Jump

Synestine @sh.itjust.works 5mo ago

Correct, however basically no one uses that. The MD (RAID) devices are much more common for that, including under boot drives.

See comparison on ServerFault.

5mo ago

LVM question

Jump

Synestine @sh.itjust.works 5mo ago

LVM itself does not provide redundancy, that's RAID. LVM is often used on top of a RAID device. If your boot drive fails, LVM itself won't save you, RAID (software RAID 1 is really common for a boot drive) can.

LVM can be used to seamlessly move data between physical volumes. You can add a new PV to the VG and move extents between LVs. I've used it to love-migrate to a larger drive that way. Once the physical extents have been moved to the new PV, you can reduce the old PV and then remove the old disk.

5mo ago

Jellyfin and Mounted Drive Permissions issue

Jump

Synestine @sh.itjust.works 5mo ago

Yes, it can see them because their parent directories are readable, but it can't see anything inside /media/velummortis because the Other permissions are empty. If you run chmod 755 /media/velummortis then Jellyfin should be able to see those files

5mo ago

Jellyfin and Mounted Drive Permissions issue

Jump

Synestine @sh.itjust.works 5mo ago

What are the permissions on the directory itself, not the files? Is the directory owned by group 'video'?

7mo ago

opencloud - I migrated from nextcloud. Screenshots and docker-compose-compose.yml included

Jump

Synestine @sh.itjust.works 7mo ago

I'm not aware of an SFTP client that works like the cloud drive connectors. Do you know of one that monitors local files/dirs for changes and automatically sends them? Or polls the server for changes and downloads then (if they're on the allow list)? Keeps versions?

If literally all you're doing is occasional file transfers, sure, SFTP is easy. That's not how most people use cloud drive clients.

For me and my group, Nextcloud works fine and fast. We do more than file sync and share.

8mo ago

What are you all using for a 2FA token manager?

Jump

Synestine @sh.itjust.works 8mo ago

Same here. If it's TOTP based 2fa, you can keep them in entries and use them from there.

10mo ago

Lowering power consumption on Opteron

Jump

Synestine @sh.itjust.works 10mo ago

If you've optimized your BIOS settings (balanced mode or power saving wherever possible), the only other option is removing extraneous hardware. All hardware power use (disks, HBAs, other adapters and controllers) adds up. I managed to get idle power consumption of an HP DL-380 G9 down to about 60w (started at 210w) by removing the disks, RAID controller and battery, fiber channel adapters, and extra Ethernet adapter. Each SAS disk I removed saved me 10w. I used one M.2 drive in a PCI adapter instead.

Like you mentioned, these aren't designed to save power. That Opteron (and the chip set) hales from a time before "performance per watt" was a thing.

10mo ago

Ubuntu Pro for Personal/Home Use

Jump

Synestine @sh.itjust.works 10mo ago

No. I upgrade my Ubuntus before they go EOL so I don't need ESM.

Most places that want ESM do so because they can't get away from EOL versions. I refuse to get stuck in that swamp myself, so I run LTS and migrate/rebuild them when necessary.

10mo ago

Collections Empty on 10.10.7

Jump

Synestine @sh.itjust.works 10mo ago

That's so strange, one of the first things my searches turned up is "Disable the TMDb Box Sets plugin because it causes problems"...

Jellyfin: The Free Software Media System @lemmy.ml

Synestine @sh.itjust.works

10mo ago

Collections Empty on 10.10.7

11mo ago

Permanently Deleted

Jump

Synestine @sh.itjust.works 11mo ago

Is the one listed on Flathub not official?

https://flathub.org/apps/org.signal.Signal

1y ago

Sharing Jellyfin

Jump

Synestine @sh.itjust.works 1y ago

Ah, so you're the kind who loves bitching about things online, but won't lift a finger to defend themself, gotcha.

What I mentioned prior doesn't change anything about library management in the slightest, you just wanted an excuse.

1y ago

Sharing Jellyfin

Jump

Synestine @sh.itjust.works 1y ago

The reverse proxy is the part that's exposed. CrowdSec watches the logs for intrusion attempts like fail2ban would.

1y ago

Sharing Jellyfin

Jump

Synestine @sh.itjust.works 1y ago

If you're worried about it, make sure to not use a default path. Then legit clients are fine but these theoretical attackers get stymied.

1y ago

Is it normal to not have any malicious login attempts?

Jump

Synestine @sh.itjust.works 1y ago

Yes it is completely normal. The Internet is almost but not quite as bad as security wonks claim. Especially since you're not on the default port, most scanners don't have the programming to attempt on Home assistant. Most of them are built for more common exploits.

If you look at your proxy logs, you'll see attempts at various random paths, but those should all be 404 or 403s.

1y ago

You just gotta think different

Jump

Synestine @sh.itjust.works 1y ago

SSHFS uses SFTP which is built into SSH, so no server to install. Its not as fast as NFS, but requires no setup. For something small like a home lab, that is a big advantage.