xantoxis , 13 days ago (edited 13 days ago)

EDIT: Noticed you're talking about Gitlab in the question, and I responded about Github, but I'm certain that gitlab does everything the same way, because that's all the technology is capable of. (I have no way to test the ssh -T command at the end for gitlab, though, so ymmv.)

To clear up some minor confusion here:

1. Github knows nothing about your private key. There's very little metadata stored in the private key, and github.com has access to none of it. That includes email address or identity.
2. Github has identity information stored for you, and then, separately, you uploaded a public key. The public key also contains no information about you, but github knows it's part of your account. Additionally, github enforces a requirement that your public key can't be uploaded to any other account, for the reason I'm about to state below.
3. Github has an index built of everyone's public keys (or more likely their digests, although the technical details of the index are not something known to me--and it doesn't matter). When it sees an authentication request, it looks up the digest in the index, which maps to a user account.

At this point it already knows who is trying to authenticate. Once your authentication request succeeds with your public key (the usual challenge-response handshake associated with asymmetric cryptography), github interacts with your ssh client (most likely git) applying the permissions of your user and your user account.

BTW, github has a documented method for testing the handshake without doing any git operations:

ssh -T git@github.com

Depending on your ssh config, you might also need to supply -i some_filename.pem to this. Github will reply with

Hi aarkon! You've successfully authenticated, but GitHub does not provide shell access.

and then close the connection.

Note that the test authentication uses the username git and, again, contains no information about who you are. It's all just looked up on github's side.

xantoxis , 14 days ago

Guys, I wouldn't vote for her if I were you. I'm pretty sure if she wins she's going to kill everyone's dog

xantoxis , 22 days ago (edited 22 days ago)

I'm not gonna read this person's Evangelion analogy, but I did go to the trouble to hunt down what Jon Ringer actually did.

Here's a link.

I don't agree with him, and representation of particular minority groups, including gender minorities, are important when they are particularly under attack. It is important to actively resist the marginalization of groups under attack by elevating their voices.

That said, I'm not sure what Jon did was actually "actionable". I'd say, stop listening to him and treating him as a leader? As someone with lots of close trans friends, I think this guy lowkey sucks, but I think this suspension is weird.

xantoxis , 22 days ago

Jon Ringer's actual actions did include pushback against representation for trans people. I'll take your word for it that this article didn't mention those exchanges; I'm not readin' all that.

xantoxis , 22 days ago

Well I didn't see the comment you're apologizing for so, no apology necessary ig?

xantoxis , 24 days ago

Terraform and OpenTofu are great tools for building virtual infrastructure, e.g. using AWS API calls to spin up AWS virtual machines and provision them with networks and security relationships and stuff like that--in an automated, repeatable way. They are generalized tools for deploying and modifying infrastructure, even if it's not in the cloud (there are many tools in these frameworks that apply to self-hosted setups).

The rest of the words after "Terraform fork" are just the names of companies that decided to help OpenTofu, and are not especially helpful in understanding what it is or what it's used for.

xantoxis , 1 month ago

Went to their site to see the pitch. "avoiding unnecessary entanglements" lmao this fuckin distro is trying to prevent WWI

xantoxis , 1 month ago

I don't have the authority to do that

OK, so it's the governor we need

xantoxis , 1 month ago (edited 1 month ago)

In almost 30 years I've never seen anyone actually switch databases underneath an existing product. I have worked at one place where generic database APIs were required because it was a product that supportedf multiple databases, but no individual customer was really expected to switch from one database to another, that's just how the product was written.

I have heard of this happening, but it's the kind of thing that happens in one of two scenarios:

1. Very early in a product's lifetime the developer (probably a startup) realizes the database they chose was a poor choice. Since the product doesn't even exist yet, the switching cost is low, and generic database use wouldn't have helped.

2. A management shakeup in a very mature product causes the team to switch databases. This is, as you observed, usually part of a major rewrite of some kind, so lots of things are going to change at once. Also--critically--this only happens with companies that have more money than sense. Management doesn't mind if it takes a long time to switch.

   It won't go smoothly, at all, but nobody actually cares, so generic database use wouldn't have helped.

xantoxis , 1 month ago

At that point the DM should just print out a picture of the final boss with his name and map coordinates on it.

xantoxis , 1 month ago

Wild, so it would suggest that the actor wasn't Chinese at all. An authentic Chinese person probably wouldn't choose a name that sounded like that, any more than I would name myself Sean MacBerkowitz, it would just sound wrong.

A random name generator might produce something like this, of course, if it wasn't programmed to be too picky.

xantoxis , 2 months ago

I agree with you and understand what you're saying but I'd like to clarify that "sociopath" is just the newer psychology term for "psychopath". They're the same.

xantoxis , 2 months ago

So in the, let's say, top one-third tier of the options, something like this: https://www.amazon.com/Beelink-SER5-Mini-PC-Desktop-Computer/dp/B0C286SR8V/ref=pd_ci_mcx_pspc_dp_d_2_i_1?pd_rd_i=B0C286SR8V

Or, similarly, this, which is my current mediaserver: https://www.amazon.com/gp/product/B0C1X191NR/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1

I went with the second one--more ram. Anecdotally, some people think beelink is more reliable but this is not a universal opinion, and my experience has been that the minisforum is extremely reliable.

If you search similar you can find options both up and down depending on your actual budget. You probably don't want to do components on these things, apart from maybe putting in a bigger m.2 nvme.

xantoxis , 2 months ago

It's true, the fact that we never drew and quartered this guy does seem like a failure of our responsibilities

xantoxis , 3 months ago

I definitely had rogue legacy in mind! Great game, but I don't think it leaned hard enough into just how grim and manipulative the whole enterprise is. Also I think you could have a lot of fun with the "marketing" mechanics, like, can the fairies explore the "real" world at all to find the right place to leave their macguffins? Can they leave better "bait", like magical books for the chosen kids to find, or even a shiny sword where it doesn't belong? Maybe they can recruit agents in the real world whose only job is to guide kids into their meat grinder.

xantoxis , 3 months ago

The article itself says Google is already complying. Come on man

xantoxis , 3 months ago

Samwise was a fellow who was always there with a ready smile and a network security recommendation

xantoxis , 3 months ago

What the fuck is this single-use knife

xantoxis , 3 months ago

"Congratulations, other friend! You are clearly my favorite."

xantoxis , 3 months ago

Unfortunately this AI was playing Stardew Valley

xantoxis , 3 months ago

I can answer this one, but mainly only in reference to the other popular solutions:

• nginx. Solid, reliable, uncomplicated, but. Reverse proxy semantics have a weird dependency on manually setting up a dns resolver (why??) and you have to restart the instance if your upstream gets replaced.
• traefik. I am literally a cloud software engineer, I've been doing Linux networking since 1994 and I've made 3 separate attempts to configure traefik to work according to its promises. It has never worked correctly. Traefik's main selling point to me is its automatic docker proxying via labels, but this doesn't even help you if you also have multiple VMs. Basically a non-starter due to poor docs and complexity.
• caddy. Solid, reliable, uncomplicated. It will do acme cert provisioning out of the box for you if you want (I don't use that feature because I have a wildcard cert, but it seems nice). Also doesn't suffer from the problems I've listed above.

xantoxis , 3 months ago

Heh. I am, as I said, a cloud sw eng, which is why I would never touch any solution that mentioned ansible, outside of the work I am required to do professionally. Too many scars. It's like owning a pet raccoon, you can maybe get it to do clever things if you give it enough treats, but it will eventually kill your dog.

xantoxis , 3 months ago

Sure, I mean, we could talk about

• dynamic inventory on AWS means the ansible interpreter will end up with three completely separate sets of hostnames for your architecture, not even including the actual DNS name. if you also need dynamic inventory on GCP, that's three completely different sets of hostnames, i.e. they are derived from different properties of the instances than the AWS names.
• btw, those names are exposed to the ansible runtime graph via different names i.e. ansible_inventory vs some other thing, based on who even fuckin knows, but sometimes the way you access the name will completely change from one role to the next.
• ansible-vault's semantics for when things can be decrypted and when they can't leads to completely nonsense solutions like a yaml file with normal contents where individual strings are encrypted and base64-encoded inline within the yaml, and others are not. This syntax doesn't work everywhere. The opaque contents of the encrypted strings can sometimes be treated as traversible yaml and sometimes cannot be.
• ansible uses the system python interpreter, so if you need it to do anything that uses a different Python interpreter (because that's where your apps are installed), you have to force it to switch back and forth between interpreters. Also, the python setting in ansible is global to the interpreter meaning you could end up leaking the wrong interpreter into the role that follows the one you were trying to tweak, causing almost invisible problems.
• ansible output and error reporting is just a goddamn mess. I mean look at this shit. Care to guess which one of those gives you a stream which is parseable as json? Just kidding, none of them do, because ansible always prefixes each line.
• tags are a joke. do you want to run just part of a playbook? --start-at. But oops, because not every single task in your playbook is idempotent, that will not work, ever, because something was supposed to happen earlier on that didn't. So if you start at a particular tag, or run only the tasks that have a particular tag, your playbook will fail. Or worse, it will work, but it will work completely differently than in production because of some value that leaked into the role you were skipping into.
• Last but not least, using ansible in production means your engineers will keep building onto it, making it more and more complex, "just one more task bro". The bigger it gets, the more fragile it gets, and the more all of these problems rears its head.

xantoxis , 3 months ago

Really all of these have solutions, but they're constantly biting you and slowing down development and requiring people to be constantly trained on the gotchas. So it's not that you can't make it work, it's that the cost of keeping it working eats away at all the productive things you can be doing, and that problem accelerates.

The last bullet is perhaps unfair; any decent system would be a maintainable system, and any unmaintainable system becomes less maintainable the bigger your investment in it. Still, it's why I urge teams to stop using it as soon as they can, because the problem only gets worse.

xantoxis , 3 months ago

Well people use ansible for a wide variety of things so there's no straightforward answer. It's a Python program, it can in theory do anything, and you'll find people trying to do anything with it. That said, some common ways to replace it include

• you need terraform or pulumi or something for provisioning infrastructure anyway, so a ton of stuff can be done that way instead of using ansible. Infra tools aren't really the same thing, but there are definitely a few neat tricks you can do with them that might save you from reaching for ansible.
• Kubernetes + helm is a big bear to wrestle, but if your company is also a big bear, it's worth doing. K8s will also solve a lot of the same problems as ansible in a more maintainable way.
• Containerization of components is great even if you don't use kubernetes.
• if you're working at the VM level instead of the container level, cloud-init can allow you to take your generic multipurpose image and make it configure itself into whatever you need at boot. Teams sometimes use ansible in the cloud-init architecture, but it's usually doing only a tiny amount of localhost work and no dynamic invetory in that role, so it's a lot nicer there.
• maybe just write a Python program or even a shell script? If your team has development skills at all, a simple bespoke tool to solve a specific problem can be way nicer.

xantoxis , 4 months ago

one three seven seven
vs
one three three seven

And you'll notice that the entry under "Torrents" does not actually match the name you typed into your description text, as yours has two sevens. Crafty indeed, and they could stand to make this a little more obvious in the document.

xantoxis , 4 months ago

1. I agree Naomi Wu is a force for good
2. Elon Musk sucks
3. This article does not actually establish any meaningful blame for Elon Musk in Naomi Wu's plight.

Sorry, yes Elon Musk is the reason Twitter is shitting itself to death, but that doesn't make Elon the main person responsible for Naomi's problems. It's probably not even top 10. It's weird to call him out in this.

xantoxis , 4 months ago

well, 23 years ago this graph would have had windows 2000 WAY in the lead.

xantoxis , 4 months ago

This is incorrect. It's true that most (in fact, I would say almost all) forks go nowhere but that doesn't mean forking isn't incredibly valuable. Even the example you cite, "original project is dead" isn't just incidentally useful, it's critical to open source. Other examples include:

• project's core team is part of a for profit org that is moving the project in a bad, profit motivated direction:
• project's leader suddenly and dramatically loses respect (maybe he killed his wife or something);
• project's leader dies without leaving a digital will regarding who controls the core repo;
• project continues to direct effort into features while falling to address major security concerns;
• project is healthy and useful in every way but there is an important use case not being addressed, and the fork would address it.

Even if 99% of forks fail, that's irrelevant because 99% of original projects fail in the same ways. Forks are critical to open source.

xantoxis , 4 months ago

Does that make it not a substantive complaint about nextcloud, if it can’t run well in docker?

I have a dozen apps all running perfectly happy in Docker, i don’t see why Nextcloud should get a pass for this

xantoxis , 4 months ago

There are actually technical requirements for HIPAA compliance (HITRUST or HITECH, or maybe both, idr any more). Essentially no HPI (healthcare information about an individual), unencrypted, in transit, ever. Also, not unencrypted on disk, ever. The idea is that if your network security slips and someone manages to place a traffic snoop somewhere, they still can’t listen in.

It’s almost never a requirement (and very rarely implemented) in mid- to low-risk security situations, and even for HIPAA entitties, encryption in transit is usually implemented with an encrypted layer 3 of some kind. But I could see a fairly simple high-risk app needing the network to contain nothing in plaintext.

Unless you’re Jason Bourne, I doubt you need it for your homelab.

xantoxis , 5 months ago

Loving the NUC. You’re paying about what I paid and getting twice the RAM and twice the SSD space, so, from where I’m sitting, it looks like a good deal. I’ve got 4 VMs running on mine–and one of those is running about 8 containerized apps–so I’d say you should have room to do whatever you want with that bad boy.

If you’re doing any kind of media center, I would definitely prioritize high speed Internet and hardwired connections as well. I hardwired my whole house for my project.

I added a 4TB external drive to mine, which should easily fit within your budget, and I’d recommend it if, again, you’re doing media stuff.

xantoxis , 5 months ago

hth. In truth my setup is also to experiment with automation and it’s a fun hobby, so more power to you! Getting to watch some very fast streaming TV is a bonus.

xantoxis , 5 months ago

Then go join threads.net? Nobody’s stopping you from doing that. That would put you on a server friendly to your beliefs.

Server admins also have opinions, and are not required to take a democratic vote and each individual user’s choice into account. They can decide for themselves, and they will, for good or ill. If you don’t like where it ends up, your user decision should be to fuck off to threads.

xantoxis , 5 months ago

Do you know why Facebook paid a billion dollars for Instagram? Instagram wasn’t worth that much. It wasn’t generating a billion dollars in revenue. It probably still doesn’t.

Facebook bought Instagram because Instagram was a growing app that was popular with a demographic Facebook wanted to control. They spent a billion dollars to eliminate a growing threat.

Mastodon and, to a lesser extent, Lemmy, represent a growing threat. Not a very big one right now, but it could become a bigger one. It could become another billion dollar problem for the goliaths on the Internet, in a few years. They need to have total control, if a social media app starts to fragment it just collapses instead as users decide to go wherever the other users are.

Facebook’s 1000:1 user ratio would make Lemmy irrelevant and stave off that billion dollar problem for Facebook down the road. An incredibly cheap way to kill a tiny but growing competitor.

xantoxis , 4 months ago

Facebook accounts are free, that’s all ya need man

xantoxis , 4 months ago

Interesting. Then why would we want lemmy drowning in all that?

xantoxis , 5 months ago

It’s basically always this. Your phone in the same room with someone else’s phone. This is stronger around christmas when people are looking for gift ideas, so they push this mind control shit on you even harder.

It’s not actually listening to you–that’s been debunked multiple ways–but what it’s doing instead is arguably worse.

xantoxis , 5 months ago

They literally give you a locker when you go in for an MRI because you have to spend so long naked. This was never a problem for her. She’s just stupid.

xantoxis , 5 months ago

Fixed it ages ago

xantoxis , 5 months ago

My problem with it is it’s a waste of a ring slot. The odds of this helping you at all are miniscule. Fighting enemies that attack within a range of <=22? This ring doesn’t help you at all.

xantoxis , 5 months ago

While that’s true, op has rightly raised the issue of photos, videos and documents meaning things that were created by them and uniquely meaningful to the family. If those only exist within the self hosting Rube Goldberg machine, they’re not coming back out without careful documentation.

I would also add anything created by me, so art, my personal writing and drafts, software I haven’t released yet, and so on.

xantoxis , 5 months ago

You don’t need the Pythagorean theorem to know that the answer to this one is no. The range is 30 feet. They are more than 30 feet. The answer is no.

xantoxis , 5 months ago (edited 5 months ago)

Ope. Hang on.

Normally this is obviously correct, but in this case, we have to consider how tall the characters are. As a DM, I would rule that if any part of the character (their actual person, not including, say, the reach of the sword they’re holding) is within the 30’ circle, or could be if they actively collaborated with the cleric using free actions, then the bless would affect them.

There’s also a few definitions we need to talk about:

• if the cleric (we’ll call them Carl) is 30’ in the air, that is understood to mean that if the spell holding them up there fails, they will fall 30’. By the same token, a character 0’ feet in the air can only fall 0’. We can infer that Carl’s feet (or the bottom part of the PC, at any rate) are 30 feet in air.
• we consider Carl to be in the center of the 5x5 grid square in the plane A formed 30’ above the flat terrain.
• the “allies are 20ft away” part is a bit too fuzzy for this to work (how many allies? which ones? they can’t all occupy the same grid square unless they’re tiny), so we’ll have to make some calls here. Let’s just consider one ally, Alice, who is 20’ away.
• We consider Alice to be in the center of her grid square, in the plane T formed by the flat terrain.
• When we say Alice is “20ft away” from Carl, we mean that a perpendicular line drawn through the cleric intersects with T at the center of a grid square in A–we’ll call this square C(T) and Carl’s square at current altitude C(A), and the center of C(T) is 20’ from the center of Alice’s square A(T). Visualized as a battle grid you would have C ◻◻◻ A in plane T, with 3 empty squares separating them. On a physical table, Carl would also probably be standing on a little platform or a d6 to indicate altitude.
• “Range: 30ft” 30 feet from what? Definitely not Carl’s god, they’re probably not even in the room. Maybe we mean 30ft from Carl’s 3rd chakra, or maybe it’s just 30ft from any part of Carl’s person. That seems easier, let’s go with that one.

Based on some anthropometric data I found very quickly, the average human woman has a vertical reach of about 77 inches or 6’ 5". That’s naked, and she’s probably wearing boots, let’s add another inch for the soles so 6’ 6".

We can give her a little bit more of an advantage as well; the shortest path between Alice and Carl is a straight line following the radius of the sphere, so she could “lean in” a bit with her arm to get closer. She can’t go a full 45 degrees without falling prone though, so this only adds a little. Without a posable figure and a 3d model of the space in front of me I couldn’t tell you how much she could reasonably add by pointing her body and hand at an angle, so let’s just call it 2 more inches and keep measuring vertically.

We’ll call the apex of her fingertips at 80 inches above T a new plane F, and A(F) is the point where she touches that plane with her fingers.

Now we get to actually apply the Pythagorean theorem. It’s a triangle formed by the points (C(A) -> A(A) = 240") as leg 1 and (A(A) -> A(F) = 280") as leg 2. The hypotenuse, then, is 368 inches.

30ft is 360 inches. Is 80 inches of Alice enough to put a fingertip through any part of a 30ft sphere around Carl’s feet?

No it isn’t. So no +d4 for you Alice, piss off.

xantoxis , 5 months ago

You might not understand channels people mention in day to day talk from youtube or references.

Hahaha jesus nah, the only time I ever hear people mention streamers or youtubers is to go “Who the hell is THAT? they did WHAT to their underage fans?” And then I immediately stop caring about them.

xantoxis , 5 months ago

I’ve been using fastmail for a few months now. Besides being a really top-notch replacement for gmail and even adding a few features, it also onboards you by giving you a couple quick fields to fill out and then immediately imports everything you had in gmail. And then it keeps importing it, continuously, as long as you want.

It’s not like i’m paying for gmail, so I’ll keep the account alive as long as I need while I switch all the same accounts and records that you are (validly) mentioning as a barrier. I could actually do most of it in one sweep, if I just searched for my old email address in 1password, but it’s not really that time-sensitive to switch, and in the meantime I get to use fastmail.

xantoxis , 6 months ago

Fuck’s sake dude aren’t there enough places to put porn on this service

xantoxis , 6 months ago

The dynamic applies to anything where you are expected to make regular payments.

Renting an apartment? Landlord wants to see you and fix your shit as little as possible.

Renting a car? They want you to drive it as little as possible so they can keep renting it for as long as possible. Maybe they’re charging you by the mile, too, just to cover that base completely.

Now think about the US healthcare industry.