RegalPotoo

RegalPotoo , 1 day ago

git-annex maybe?

RegalPotoo , 5 days ago

Debugging spells is just as much a dark art as spell crafting itself. When I was a young apprentice we didn't have as sophisticated tools as you do now; you had to make sure you noted down your intermediate runes correctly and use those symbols to divine some meaning from the ashes of your failed spell. One time I mixed up my notes with the symbols of a different spell and when I sprinkled the ashes on the stack I was stuck speaking in tounges for a week.

These days of course you can summon a lesser demon to freeze your spell and ask it about the state, but the demons can be tricky and it's easy for novices to make a mistake and allow the demon to run amok - makes a real mess of the lab.

RegalPotoo , 4 days ago

There is one standard way to cast fireball - it works, it's cheap, it very rarely backfires, it's in all the textbooks, everyone knows how it behaves - but sometimes you sit down in a tavern next to another wizard and you just know before they even open their mouth that they are going to spend the next twenty five minutes telling you about how they learnt this alternative way to cast it and it's taken a bit of practice but they can just about cast it as fast as they could before and how it's so much more ergonomic or whatever

RegalPotoo , 7 days ago

Yeah, they are mostly designed for classification and inference tasks; given a piece of input data, decide which of these categories it belongs to - the sort of things you are going to want to do in near real time, where it isn't really practical to ship off to a data centre somewhere for processing.

RegalPotoo , 7 days ago

https://blog.neon.kde.org/2024/05/09/kde-neon-rebasing-on-ubuntu-noble/

It's coming. It takes a bit of work to make it happen

RegalPotoo , 7 days ago

That's not how Neon works. Your install will upgrade itself once the team have finished rebuilding everything on top of 24.04 - it's happening, but it takes a bit of time

RegalPotoo , 9 days ago

Because accountants mostly.

For large businesses, you essentially have two ways to spend money:

• OPEX: "operational expenditure" - this is money that you send on an ongoing basis, things like rent, wages, the 3rd party cleaning company, cloud services etc. The expectation is that when you use OPEX, the money disappears off the books and you don't get a tangible thing back in return. Most departments will have an OPEX budget to spend for the year.
• CAPEX: "capital expenditure" - buying physical stuff, things like buildings, stock, machinery and servers. When you buy a physical thing, it gets listed as an asset on the company accounts, usually being "worth" whatever you paid for it. The problem is that things tend to lose value over time (with the exception of property), so when you buy a thing the accountants will want to know a depreciation rate - how much value it will lose per year. For computer equipment, this is typically ~20%, being "worthless" in 5 years. Departments typically don't have a big CAPEX budget, and big purchases typically need to be approved by the company board.

This leaves companies in a slightly odd spot where from an accounting standpoint, it might look better on the books to spend $3 million/year on cloud stuff than $10 million every 5 years on servers

RegalPotoo , 10 days ago

I'm in New Zealand and it prompted me to set up my Sony WH-1000XM5s with Find My Device on my Pixel 7a last week, but kept erroring out when I tried to do it

RegalPotoo , 10 days ago

Seems pretty reasonable. At the end of the day people have to eat, so projects like this either trundle on as hobby-and-spare-time projects for a few years until people get bored and burnt out, or you find a way to make working on the project a paid gig for the core people

RegalPotoo , 17 days ago

Yeah, traffic coming from an ASN that isn't assigned to a residential ISP would be a pretty good sign of shenanigans

RegalPotoo , 22 days ago

You've missed a key detail in how asymmetric encryption works:

• For asymmetric encryption algorithms, you essentially have two keys - a "private" key, and a "public" key
• If you know the private key it is trivial to calculate the public key, but the reverse isn't true - just given the public key, it is essentially impossible to calculate the private key in a reasonable amount of time
• If you encrypt something with the public key you must use the private key to decrypt it, and if you encrypt with the private key you can only use the public key for decryption
• This means that my server can advertise a public key, and you can use that to encrypt the traffic so that only the server that knows the private key can decrypt it

RegalPotoo , 22 days ago

A big "It Depends" on that - plenty of applications of asymmetric crypto where you just hard-code the servers public key into the client and call it a day, and GPG has its own PKI scheme that is just kinda weird.

You also don't have to use Diffie-Hellman - early versions of SSL just sent the ephemeral key (the symmetric key used for the actual AES session) directly. This works, but using DH also gives you "forward secrecy" - even if a malicious third party has captured the entire encrypted session, then later steals (or factors) your private key they still won't be able to read the encrypted traffic because they can't recover the ephemeral key because it wasn't sent over the wire in the first place

RegalPotoo , 21 days ago

In RSA, the private key is a pair of big semi-primes, and the public key is derived from those numbers. I think you are confusing DHKE and RSA with your other points, the private key is never transmitted over the network. For TLS you typically use an asymmetric crypto system to validate identities and encrypt the key exchange to prevent person-in-the-middle, but the key that is agreed using that process is a symmetric key for AES or similar, but that is specific to TLS.

Also, there are other asymmetric systems that don't use primes at all - eliptic curve crypto is based on completely different math

RegalPotoo , 21 days ago

Ok, semantics - for RSA you generate a private key, then derive the public key from that private key, and you could publicly post your private key if you wanted to. "Public" and "private" are just names.

RegalPotoo , 21 days ago

The actual math is way beyond me, but the algorithm is "one way" - it exploits the fact that given two prime numbers (ie, the private key) it is trivial to multiply them together, but if you only know the result (ie, the public key) it is computationally very expensive to determine the original prime factors. If you pick big enough numbers, it becomes effectively impossible to undo the multiplication

RegalPotoo , 1 month ago

This is an "x-y question" - what are you actually trying to achieve?

Clearly you are concerned about... someone.... knowing your home IP address - who, and why?

RegalPotoo , 1 month ago

Definitely interested - is the mainline situation any better than with ARM?

I've been bitten before with a device that "supports" a major distribution, but only if you install our custom pre-built image (good luck auditing what we've tweaked) and only with our special pre-built kernel that isn't even an LTS version, and has a bunch of patches applied to support whatever weird peripherals we decided to throw on the board, and will get exactly 0 updates after the initial release.

Raspberry Pi gets around this by being big enough to get buy in from vendors (Ubuntu distributes a special kernel + firmware bundle), but support for all the other smaller knock offs seem shaky at best

RegalPotoo , 1 month ago

As in, hardware RAID is a terrible idea and should never be used. Ever.

With hardware RAID, you are moving your single point of failure from your drive to your RAID controller - when the controller fails, and they fail more often then you would expect - you are fucked, your data is gone, nice try, play again some time. In theory you could swap the controller out, but in practice it's a coin flip if that will actually work unless you can find exactly the same model controller with exactly the same firmware manufactured in the same production line while the moon was in the same phase and even then your odds are still only 2 in 3.

Do yourself a favour, look at an external disk shelf/DAS/drive enclosure that connects over SAS and do RAID in software. Hardware RAID made sense when CPUs were hewn from granite and had clock rates measures in tens of megahertz so offloading things to dedicated silicon made things faster, but that's not been the case this century.

RegalPotoo , 1 month ago

I'd be super surprised if this was western intelligence. Stuxnet escaping Natanz was an accident, and there is no way that an operation like this would get approved by the NSAs Vulnerabilities Equities Process.

My money would be MSS or GRU. Outside chance this is North Korean, but doesn't really feel like their MO

RegalPotoo , 1 month ago

The reason openssh links liblzma in the first place is to enable a systemd feature, so naturally "systemd bad, it's proximity to a security issue is yet more proof that a pile of shell scripts in a trenchcoat is a superior init system" etc

RegalPotoo , 1 month ago

Can you block a specific instance client side? Last time I went looking in settings I only saw options to block specific communities

RegalPotoo , 1 month ago

TIL, thanks

RegalPotoo , 2 months ago

It's not just let's encrypt - the common names of any SSL cert issued by a public CA have to be recorded in a public certificate transparency log. You can use tools like https://crt.sh to search the logs

RegalPotoo , 2 months ago

Previously Gandi, but they've jacked up their prices and cut features, so in the process of moving to AWS Route53.

My main requirements are:

• Competitively priced (doesn't need to be the absolute cheapest, but the feature set better justify the price)
• Able to manage domain with Terraform (I've got 10 domains, and copy-pasting DNSSEC keys around gets old really fast)
• Not be CloudFlare (fuck those guys in particular)

RegalPotoo , 2 months ago

A quick guide to explain what is going on here, and what the numbers mean: https://pbs.twimg.com/media/DaMLUoGXUAI21V6.jpg:large

RegalPotoo , 2 months ago

I'd considered doing something similar at some point but couldn't quite figure out what the likely behaviour was if the workers lost connection back to the control plane. I guess containers keep running, but does kubelet restart failed containers without a controller to tell it to do so? Obviously connections to pods on other machines will fail if there is no connectivity between machines, but I'm also guessing connections between pods on the same machine will be an issue if the machine can't reach coredns?

RegalPotoo , 2 months ago

This is neat. I've played about with the idea of doing something similar, but embedding the result in a minimal Linux image built for some esoteric CPU and emulating it in the browser using something like JSLinux

RegalPotoo , 2 months ago

Neon works great for me.

• I prefer Debian derived distros (RH derivatives are fine as a technology, but I've been using Debian derivatives for so long that RedHat feels like coming home and finding someone has rearranged your cutlery drawer and all your plates - I don't care if your system makes more sense, in sure I'd get used to it but right now I can't find anything!)
• I do most of my work in Docker or using tools I install from upstream
• I don't really play games so don't care about marginal performance gains from newer drivers

Pretty much I just want a laptop that just works when I need it to, while still having a nice, friendly, modern interface and Neon does that.

RegalPotoo , 2 months ago

What is it about Ubuntu LTS that makes it a hard pass?

RegalPotoo , 2 months ago

I don't really care if I'm running a kernel from 5 years ago as long as I'm still getting timely security updates. What I care about is having up to date versions of the apps I actually use day-to-day - through Flatpack, Docker or whatever, and I prefer to have an up to date WM cos it's something I interact with a lot.

RegalPotoo , 2 months ago

Debian makes more sense to me because I've been using Debian and Ubuntu since people were getting excited about Debian Wheezy coming out soon.

What little I have used of RHEL and CentOS they seem to be pretty logically designed, just different. I hadn't come across any real WTFs trying to use them. RHEL makes Debian look bleeding edge and reckless with their updates by comparison

RegalPotoo OP , 2 months ago

Empty password doesn't prompt for a fingerprint, and I thought that was the old hacky workaround for Plasma 5 that Plasma 6 was supposed to have fixed?

RegalPotoo OP , 2 months ago

Will do if I can establish what the expected behaviour is supposed to be - from the one line on the website I'd expect a "login with fingerprint" button or something, but I might be wrong - so I know what I'm seeing is actually a bug and not me misinterpreting

Will see if I can track down the original PRs or something, see if there is screenshots or a proposed UI design

RegalPotoo , 2 months ago

I've started a similar process to yours and am moving domains as they come up for renewal, with a slightly different technical approach:

• I'm using AWS Route 53 as my registrar. They aren't the cheapest, but still work out at about half the price of Gandi and one of my key requirements was to be able to use Terraform to configure DS records for DNSSEC and NS records in the parent zone
• I run an authoritative nameserver on an OCI free tier VM using PowerDNS, and replicate the zones to https://ns-global.zone/ for redundancy. I'm investigating setting up another authoritative server on a different cloud provider in case OCI yank the free tier or something
• I use https://migadu.com/ for email

I have one .nz domain which I'll need to find a different registrar for, cos for some reason route53 doesn't support .nz domains, but otherwise the move is going pretty smoothly. Kinda sad where Gandi has gone - I opened a support ticket to ask how they can justify being twice the price of their competitors and got a non-answer

RegalPotoo , 2 months ago

Cloudflare would probably meet my technical needs, but I refuse to give them any money due to how enthusiastic they are to have white supremacists on their platform

RegalPotoo , 2 months ago

My local bus authority has a GTFS feed, but requires an API key so I suspect I'm not going to be able to submit that :/

RegalPotoo , 2 months ago

This is relevant to my interests, thanks. Looks like it's pretty early stages though?

RegalPotoo , 2 months ago

Cool - was trying to get set up with v1.94, but had real trouble getting pgvecto-rs to work properly, pgvector seems much more stable and better supported and was a breeze to get running

RegalPotoo , 3 months ago

• An HP ML350p w/ 2x HT 8 core xeons (forget the model number) and 256GB DDR3 running Ubuntu and K3s as the primary application host
• A pair of Raspberry Pi's (one 3, one 4) as anycast DNS resolvers
• A random minipc I got for free from work running VyOS as by border router
• A Brocade ICX 6610-48p as core switch

Hardware is total overkill. Software wise everything is running in containers, deployed into kubernetes using helmfile, Jenkins and gitea

RegalPotoo , 3 months ago

Something like odoo (https://www.odoo.com/) might work?

You probably aren't going to find something that works for your specific needs right out of the box, so your best bet would be finding a platform that gets you 80% of the way there and provides enough of a plugin mechanism that you can develop the remaining 20% of the functionality yourself

RegalPotoo , 3 months ago

This is something I'm also interested in; if you find something please update us

RegalPotoo , 3 months ago

Ubuntu LTS, but in the process of replacing it with Debian

RegalPotoo , 3 months ago

• There has been some technical decisions over the last few years that I don't think fit my needs terribly well; chief of these is the push for Snaps - they are a proprietary distribution format, that adds significant overhead without any real benefit, and Canonical has been pushing more and more functionality into Snap
• I previously chose Ubuntu over Debian because I needed more up to date versions of things like Python and PHP, with Docker this isn't really a concern any more, so slower, more conservative approach Debian takes isn't as big of an issue

RegalPotoo , 3 months ago

What is the plan for rolling the mega release out to Neon users?

Are there plans for updating Neon once the 22.04 lts is released?

Thanks

RegalPotoo , 3 months ago

Thank you! Will switch my laptop over to testing tonight and see how it goes

RegalPotoo , 3 months ago

Look, it's all about authorial intent - if the author had wanted their book to be easy to reference or accessible to people who use screen readers, they would have published a DRM free PDF in the first place. Gotta respect the artist's vision.

RegalPotoo , 3 months ago

From the previous issue it sounds like the developer has proper legal representation, but in his place I wouldn't even begin talking with Haier until they formally revoke the C&D, and provide enforceable assurances that they won't sue in the future.

Also I don't know what their margins are like, but even if this cost them an extra $1000 in AWS fees on top of what their official app would have cost them (I seriously doubt it would be that much unless their infrastructure is absolute bananas), then it would probably only be a single-digit number of sales that they would have needed to loose to come out worse off from this.