Kalcifer

Kalcifer OP , 12 days ago

Thank you!

Kalcifer , 19 days ago

Thinkpad T460.

Kalcifer OP , 1 month ago (edited 1 month ago)

Neat project. The choice to use a web UI is... interesting. Unfortunate that it doesn't support Wayland for tracking open windows yet. Also, the stopwatch feature is experimental and isn't fully implemented.

Update (2024-03-27T07:41Z): After doing some more research, it appears to be standard design for this sort of software to use a client-server structure. I'm not sure if this exactly fits my usecase. I suppose, ideally, it would be great if I could be able to interract with the activity tracker on all my devices. Unfortunately, however, the ActivityWatch docs state that, currently, it only supports listening on localhost [source].

Kalcifer OP , 1 month ago

This is a very nice looking app. Unfortunately, it functions as a timer with editable preset tasks. I want to log how much time I spent working on a task, not work on a task for a specific amount of time.

Kalcifer OP , 1 month ago

I've been using this for the past day, and it is a great app! It seems to cover exactly what I'm looking for, and it's a pretty well designed app. Thank you for the recommendation!

Kalcifer OP , 1 month ago (edited 1 month ago)

No it's not — all it needs is an email. Just grab a temporary email, and you should be able to read it for free.

---

• EDIT (2024-03-25T05:39Z): These downvotes are interesting. I never said that there wasn't an obstacle in the way of reading the article — there is (you have to provide an email) — but it is factually incorrect to say that the obstacle is a "paywall". Perhaps my comment is being interpereted to say that the issue inconsequential (such a belief would most likely be viewed with contempt here); however, this wasn't my intent. The solution is relatively straightforward, but I certainly will not deny that it is inconvenient and poor UX.

Kalcifer , 1 month ago

doas, afaik, was originally made for FreeBSD, so some of its features aren't compatible with/haven't been implemented for Linux. That may or may not be an important issue for you to consider.

Kalcifer , 1 month ago

Podman is [...] “better” because it doesn’t run as root, but other than that I don’t know of any advantages to it that are not a derivation of “it runs as a regular user”.

Podman can run in rootless mode (with some caveats), but it is still able to run as root — it doesn't only have the capability to run as a "regular user".

Kalcifer , 1 month ago

so might run into more roadblocks with its use.

This has been my experience with Podman. That's not to say that these roablocks aren't without reason, nor merit, but there is always a trade off of convenience when optimizing for security.

Kalcifer OP , 2 months ago

Given the extremely limited resources: why bother with containers?

While, from what I can see, containers virtually don't add any resource overhead, it's honestly moreso that I favor consistency. Containerization is well documented, it is well supported, and its behaviour (if one is familiar with the platform) tends to be more predictable than running a service natively.

Kalcifer OP , 2 months ago

It’s a raspberry pi 1. Those things have 256mb of RAM

The exact model that I am using, which I referenced in my post, actually has 512MB of RAM.

Kalcifer OP , 2 months ago

Now that it is up and running, do you think it’s is a good service?

That's a good question. The service itself is well made — it functions as advertised, it has satisfactorily intuitive UX, a sizeable community, and a good amount of documentation. I'm not sure, yet, if it's a service that I personally need — I set it up mostly for the benefit of others.

While you may not like the setup

The main pain points were the sparse, vague, and misleading documentation that I encountered — I understand that documentation is difficult, but for a company like Raspberry Pi, my standards, and expecations are quite a bit higher. I probably won't use Podman anymore, as I don't find its setup overly user friendly, currently, as compared to something like docker. I had never used Podman before, and I was considering switching my existing services over to it, so this was sort of meant to be a trial run on something with little impact. I will keep an eye on Podman, but I will stick with Docker for the time being.

do you enjoy the results?

I personally don't notice its effects as much, but I do like what I'm seeing for others. It has also made me aware of some other issues that I'll have to look into, so that is good.

Kalcifer OP , 2 months ago

I am curious what kind of performance you’re seeing for DNS requests considering how old and anemic the first gen Pi is

I haven't done any rigorous tests to gather empirical data for an accurate comparison, but, annectdotally, it, at least, doesn't feel any slower than when I had my router (Linksys E8450) resolving to Cloudflare.

Kalcifer OP , 2 months ago

I'm currently running it in privileged mode (as sudo) so it has access to all the ports.

Kalcifer OP , 2 months ago

Yeah, I have already tried rebooting the device. To no avail, unfortunately.

Kalcifer OP , 2 months ago

systemd-resolved is not running ­— it isn't even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.

Kalcifer OP , 2 months ago

systemd-resolved is not running ­— it isn't even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.

Kalcifer OP , 2 months ago (edited 2 months ago)

This is the correct solution.

No it isn't. systemd-resolved is not running ­— it isn't even installed on the device. I also already mentioned that I have looked into this fact within the body of the post.

Kalcifer OP , 2 months ago

I am running the container in priveleged mode, so it has access to those ports. That being said, I already tried in unpriveleged mode by giving access to ports above 53 in /etc/sysctl.conf and applying it with sysctl -p. All to no avail, of course.

Kalcifer OP , 2 months ago

That is not the solution. As I have already mentioned a number of times, I am running the container in priveleged mode — I am running the container as root. It has access to all ports.

Kalcifer OP , 2 months ago

If you read the post, I already did that. It shows no device using port 53.

Kalcifer OP , 2 months ago

I appreciate the suggestion, but I have already tried essentially all alternative network commands to see if one might yield a different result. They, of course, all show the same things — nothing is listening on 53. That command specifically only shows that sshd is listening on 22, which is expected.

Kalcifer OP , 2 months ago

You still running into trouble?

Yes.

Are you able to run ss -alnp as root?

I have already tried checking if something is listening on 53 in about 10 different ways. That command yields the same outcome as before — nothing appears to be listening on 53.

Kalcifer OP , 2 months ago

Yup. I ran # nc -u -l 0.0.0.0 53 to listen on port 53. Then I ran # drill @127.0.0.1 53 archlinux.org in another shell. I saw the request in the listening shell.

Kalcifer OP , 2 months ago

You can always do what I do, and just blow up the install and start fresh.

This may be what I'll have to do. I just don't understand what's going wrong here. It's so strange.

Kalcifer OP , 2 months ago

See the solution in the post.

Kalcifer OP , 2 months ago

See the solution in the post.

Kalcifer OP , 2 months ago

See the solution in the post.

Kalcifer OP , 2 months ago

If you are interested, a solution was found. See the post for the update.

Kalcifer OP , 2 months ago

See the post for the solution.

Kalcifer OP , 2 months ago

How come I don't see my previous rules when I dump the ruleset, then? I have my rules written in /etc/nftables.conf, and they were previously applied by running # nft -f /etc/nftables.conf. Now, when I dump the current ruleset with # nft list ruleset, those previous rules aren't there — all I see are Docker's rules.

Kalcifer OP , 2 months ago

But it doesnt really ‘nuke’ existing ones.

How come I don't see my previous rules when I dump the ruleset, then? I have my rules written in /etc/nftables.conf, and they were previously applied by running # nft -f /etc/nftables.conf. Now, when I dump the current ruleset with # nft list ruleset, those previous rules aren't there — all I see are Docker's rules.

Kalcifer OP , 2 months ago

IIRC, doesn’t modify actual incoming rules (at least it doesn’t for me)

How come I don't see my previous rules when I dump the ruleset, then? I have my rules written in /etc/nftables.conf, and they were previously applied by running # nft -f /etc/nftables.conf. Now, when I dump the current ruleset with # nft list ruleset, those previous rules aren't there — all I see are Docker's rules.

Kalcifer , 2 months ago

For annotating PDFs:

• Xournal++
• Rnote

For arranging PDFs:

• PDF Arranger

Kalcifer OP , 2 months ago

I tried setting that too, but it didn't fix it.

Kalcifer OP , 2 months ago

Yeah, I'm also pretty sure that this is a Flatpak issue — an update for one of the affected Flatpaks came out, and it's issue with the cursor is now fixed. I suspect that when an update for the other applications rolls out, then they will also be fixed. I'm not entirely sure what went wrong in the Flatpaks with Plasma 6, though — it's rather interesting. Maybe something got changed in one of the desktop portals?

Kalcifer OP , 2 months ago

I am using a default Breeze cursor theme. Specifically, I am using Breeze Light.

Kalcifer OP , 2 months ago

This isn't a solution. I am using the Breeze cursors. Specifically, I am using Breeze Light.

Kalcifer OP , 2 months ago

Out of curiosity, is kitty installed as a Flatpak?

Kalcifer OP , 2 months ago

It's all about reducing the surface area for an attack — if you do become compromised, it's one less thing to have to worry aobut. It would be preferable to not have to worry about your data and someone bribing you with some video footage.

Kalcifer OP , 2 months ago

That's a rather self-centered statement, imo. Just because you may not be bothered by the idea, does not mean that it does not have merit for others. That line of thinking is in a similar vein to saying "We don't need freedom of speech because I have nothing to say.".