farcaller

farcaller , 3 days ago

Fediverse generally runs on ActivityPub, which uses HTTP as a transport, so you’ll be good. The problem is that the clients don’t talk to fediverse, it's more of a server-to-sever protocol; you'd look into the specific server APIs. But you’re good there, too - all the big fediverse players use RESTful HTTP for their client-facing API.

farcaller , 4 days ago

By all means, use the publicly available code within the limits its license permits. Always strive to give credit back (I oftentimes add notes to where I took config bits even in my private my-eyes-only repos to have some breadcrumbs).

Remember that licensing and copyrights are kind of separate things. People own copyright to their work (unless they explicitly give it up), and licenses are the terms on which you can use their copyrighted work.

Know the basics of the OSS licenses and know which ones you can copy things from verbatim (e.g. don’t touch AGPL code unless you also use AGPL). Generally, I just keep the original license and add a note to my license file saying that e.g. this code is licensed under Apache 2.0, but some parts are MIT.

It gets somewhat murkier when you use someone's code and base yours on that. IANAL, and that's very much the legal territory. If at all possible, just reuse the original copyright and license and then derive your work (given the license allows that).

Being on the receiving side of this a few times (people using my code verbatim in their projects I stumbled upon) it leaves a bit of a sour taste in the mouth when you see your copyright header replaced with someone else's completely. Don’t do that. All the three times it happened to me, the other party was quick to remedy the situation, though (2 added the original copyright note back, 1 removed all my code). So just don’t do that. Make a habit to read that dumb tall copyright notice at the top of the file every time and you’ll quickly learn what to expect.

farcaller , 2 days ago

Or just slap a GPL and subsume everything within a vortex of FREEDOM, and thusly become a true FOSS dude

Yeah, no. I suppose this is sarcasm, but just in case: not every license is compatible with GPL, GPL has a few versions, and not everything is GPL-3-and-above.

Personally, I prefer Apache-2.0. It just seems more fair.

farcaller , 3 days ago

Your requirements sound a lot like Chrome Remote Desktop and it's pretty trivial to install, which might be a handy thing for family members that aren’t tech-savvy.

farcaller , 14 days ago

I don’t like helm, so I use nix to maintain my fediverse deployments in kubernetes. Typically that'd just autoupdate itself to new releases, but for lemmy specifically I upgrade by hand nowadays since one release some time ago broke my deployment and its schema change was incompatible with the automated rollback.

My setup is a combination of https://github.com/farcaller/nixdockertag (auto-updated docker imagesfor things where I fully own the deployments) and https://github.com/farcaller/nixhelm (for helm charts that I either consume verbatim PR have local patches on). Both just auto update nightly thanks to github.

farcaller , 21 days ago

Any language you’re comfortable with is good for that. Ruby, JS, and Go come to mind the first because they all have solid ActivityPub libraries which are going to save you some time on interconnection. Any programming language can do static html.

farcaller , 27 days ago

I really enjoy writing clojure lately. the only thing that annoys me is the whole "hosted" thing where you either get a bunch of good clojure-native libraries or all the JS's npm mess (other clojure hosts are very much non-existent).

farcaller , 28 days ago

I'd swap Prometheus for VoctoriaMetrics. It's a drop-in replacement with a much better resource consumption story and a few extra goodies.

farcaller , 28 days ago

There's way more and I already tried three implementations while trying to get a set of features I need. It's a wild west out there and the resource usage is way higher than e.g. hosting Prosody. Seemingly it has to do with chatrooms being a full mesh, but my single user server consumes about 700mb RSS and 2.4 gb VSZ which is kinda high.

farcaller , 1 month ago

In case if you e.g. have eth0 and eth1 and neither is guaranteed to be up. It's more of a router setup, though (Cisco routers are well-known to use the loopback interface like this).

farcaller , 1 month ago

It really depends on the specific hardware. I have Mikrotik routerOS CHR that routes between VLANs at 6Gbit/s without breaking a sweat on a $300 intel box.

At the same time, some managed switches are dirt-cheap nowadays and they generally can push the traffic around as fast as it comes in.

farcaller , 1 month ago

One more for mikrotik (I run the VM version on a small linux box).

I tested a ton of those (pf/opn-senses, VyOS, even Cisco), and noone of the free ones can handle IPv6 in a reasonable way in 2024, which is slightly bizzare. Mikrotik has some annoyances, but it's rock solid as a router.

I don’t use its container features and instead run podman in a vm next to it. Works great.

farcaller , 1 month ago

OpnSense is incapable of proper DHCPv6-PD, that's when your route receives a prefix from upstream and delegates parts of it downstream. More specifically, it does the delegation, but it doesn’t add the relevant routes, effectively blackholing the allocated prefixes.

VyOS fixed this specific bug since I reported it. RouterOS and IOS never had it.

farcaller , 14 days ago

PD delegates the whole prefixes, i.e. it allows the subrouters to ask for a subnet of the size they need.

farcaller , 2 months ago

I got my account closed with no reason a hair after 12 months. It was good while it lasted, and I have the backups outside of oracle's cloud.

farcaller , 2 months ago

I wouldn’t specifically say nixOS is stable in the same sense debian is but yes, it can totally handle this use case. I mainly run k8s on it, but a few home machines run docker (or, rather, podman) containers.

A thing about nixOS is that quite often you won’t need containers at all and would be better off without them, managing your apps as part of the system state as a whole. I only do that because I can’t be bothered to properly switch to nixOS services for ELK (which is supported by nixOS).

It's a very stable solution in general and usually ends with a configuration that either doesn’t apply at all or applies with no issues. Gitops included for pretty much free. It requires understanding nix, and it can be tricky, but not overly tricky.

All and all I haven’t had an Ubuntu in homelab for two years now and can’t be happier about that.

farcaller , 3 months ago

Try VictoriaMetrics. Basically the same feature set as Prometheus, but so much more resource friendly for homelab scale. I store some metrics for 12 months now, because it's easy.

farcaller , 3 months ago

I tried opn/ pfsense, VyOS (the rolling one. Stable is paid only), and a couple commercial options. Surprisingly not a single free/foss option can do IPv6 properly (I was looking specifically for prefix delegation for downstream routers). Cashed out for a single RouterOS CHR license and never bothered since.

But otherwise I tend to like VyOS. the rolling releases as the only free option make it somewhat questionable for something more serious though.

farcaller , 3 months ago

oh, that's actually a fair point! You’re correct.

DHCPv6-PD is still effectively broken, though.

farcaller , 3 months ago

I'd be curious to see comparison with Logseq. As it's rightly mentioned, there are thousands of note taking apps and I’m not quite sure I see the selling point of SB. I really love the idea of notes as a database, but the query langauage seems subpar, more akin to obsidian's dataview than the overwhelming power of tiddlywiki's filters or Logseq's queries.

I went from evernote to tiddlywiki to Obsidian to Logseq and somewhat stuck here now because I got the powerful queries in a very neat UI. With the market oversaturated as it is, I'd be nice to see what Silverbullet brings to the game that others don’t, what are the distinguishing features.

farcaller , 3 months ago

I disabled DHCP and IPv6

Why, though?

farcaller , 3 months ago

There you go!

farcaller , 3 months ago

You mentioned failing to find the github markdown specs. Those are the specs.

farcaller , 3 months ago

Why would you need specifically "cloud" logging for that? Spinning up grafana and loki is rather trivial in the modern containerized world and that'd cover 90% of what you want from logs. Neither is a resource hog, too, it's so much better that e.g. the ELK stack for logs that you only look through occasionally.

farcaller , 3 months ago

I went for a much simpler approach lately as I downscaled my hardware for efficiency.

I run NixOS on the bare metal. It gives the system management a declarative approach, just like kubernetes would. On top of that, I run libvirt as a hypervisor. In other scenarios I'd use tinyvmm and cloud-hypervisor, but I found qemu way better for the variety of homelab workloads and libvirt is pretty straightforward.

Some vms have pci passthrough, e.g. my routeros vm gets a bunch of NICs directly, some have various funny network topology. Libvirt used to be a pain in that regard, but it's actually fine with NixOS because you manage both sides of the networking stack in declarative configuration.

I run NixOS on the vms too (now for the sake of easy upgrades), and I have a bit of a split between running services natively (systemd is very good about “containerizing” things nowadays) and using docker (mostly because of laziness, e.g. Elastiflow was easier to deploy this way). Finally, I have a single dokerized Ubuntu that's more like a VM (as in, I never had a dockerfile for it, it's fully stateful) running the matter home automaton bits because I gave up on properly containing the matter python stack and went for an easy way out.

Now, a word about alternatives.

I used to run Ubuntu. No more. Upgrading the OS is always a huge pain even if everything is in docker. I want my OS to be managed in a config file and be able to easily roll back to the previous state.
I used to run k3s, but even though it is much thinner than k8s, it is still very much ram hungry and I just don’t want to pay for that. Besides, complex networking is often non-trivial due to how its networking works, and multus is a world of pain.
I used to run different hypervisors for the VMs (kubevirt, tinyvmm, a bunch others). I went way back to libvirt mostly because it’s straightforward in tuning very specific qemu bits I cared for in the homelab. I have some cpu overprovisioning, so I want to make my quotas set up extremely precisely, sacrificing the right workloads.

farcaller , 3 months ago

I’ll make a note here that a firewall is useful for internal traffic, too. Those IoT devices can get pretty annoying, so you'd want to e.g. drop your cheap webcams into a VLAN and disallow them from talking to enjoying but their cloud, and especially the other VLANs, or isolate Alexa capable device so it won’t try to figure what else you got there in your house over mDNS (it will).

A managed switch would do nicely. Having isolated ports on the switch (and the wifi AP) is also great if you want to make sure the specific device will only talk to the gateway and not its peers.

farcaller , 4 months ago

Unifi is specific about expecting the controller address to not change. You have several options:
There's the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.

Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.

Finally, the most bulletproof option is to just have a static IP address on the controller. It's a special case, so it's reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.

I'd advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.

farcaller , 4 months ago (edited 4 months ago)

Here's how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with http://controller-ip:8080/inform, which means that if you ever change the controller IP, you’ll must adopt your devices again.

There are several other ways to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You'd provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).

Now, there's still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.

farcaller , 4 months ago

It’s more of a chat-to promotion than a useful list. “Use firewalls?” No shit!

farcaller , 4 months ago (edited 4 months ago)

no Federation with instances that use altered versions or proprietary versions of AP.

It’s especially funny given (the last time I checked) neither kbin nor lemmy actually followed the spec properly. They ignore the jsonld requirements and resort to field names, that, by the spec, should be dropped.

Edit: lemmy is actually good now!

farcaller , 4 months ago

But lemmy doesn’t use “plain json”, it annotates some fields with the schema, just not all of them, which makes it a mess. You either do json-ld proper, or you don’t do it at all.

farcaller , 4 months ago

I took a look at the current traffic and you’re absolutely correct, lemmy (as of 0.19) has a proper schema with everything covered!

farcaller , 5 months ago

isn’t threads already several times larger than the whole of the “fediverse”?

farcaller , 5 months ago

Regarding firewall stuff, disable it on your machine and you are fine.

How do you know OP doesn’t have a bunch of unsecured services sticking out into their LAN ready to be a target for the next cryptolocking scam?

Slightly sarcastic, but yeah, OP, do not just turn your firewall without understanding pros and cons of doing such. At the very least, see what your server exposes to the network (ss -tunlp will give you a good starting point), and see if there’s nothing unexpected in there that might be abused.

farcaller , 5 months ago

FWIW Sourcegraph chrome extension adds a neat “open in Sourcegraph” to github pages and SG is just superior. Why would you use Github’s mediocre search either way ¯_(ツ)_/¯

farcaller , 6 months ago

IANAL and you really should ask a lawyer about this. The answer very much depends on your work contract and country of residence (the latter due to the fact that some generic contracts’ statements might be legally unenforceable in specific jurisdictions).

I’ll throw in a random fact: the contract might say that whatever you write as a programmer is still company’s property even off the clock and it will be legal in some US states.

farcaller , 6 months ago

Streaming JSON parsers are a thing, e.g. pdjson for C. It’s, of course, a different approach and it’s generally slightly trickier to work with those, but that’s what you would use of you have unbound document size and you can process it in chunks.

farcaller OP , 8 months ago

I wouldn’t quite call Lemmy’s protocol much friendly either. I’m trying to implement it and it’s a bit of a mess, honestly. There’s absolutely no documentation, private database specifics leaking into the public interfaces, and an absolutely horrendous authentication scheme.

farcaller , 10 months ago

You can always use sqlite cloud

/s?