Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)A

aksdb

@ aksdb @lemmy.world

Posts
2
Comments
409
Joined
2 yr. ago

  • The Windows Subsystem for Linux is now open source

    Jump

  • Yeah but it also shows the weird naming of WSL. It's Windows (32) on Windows 64, but Windows Subsystem for Linux instead of Linux on Windows 64 (which would at least have fit the pattern).

  • Verifying & Validating a Docker Container

    Jump

  • I talk fully about software. Add appropriate nftable rules to the container network and that's it.

  • Self-hosting is having a moment. Ethan Sholly knows why.

    Jump

  • For me it's not even about better or worse, but about different. For them it's a nice iteration after many years, but for be it is one of the dozens of apps I use irregularly that suddenly behaves and works different and forces me to relearn things I don't have any gain from. Since each of the different apps get that treatment every once in a while, I end up having to adjust all the damn time for something else.

    I would really like we could go back to functional applications being sold as is without forced updates. I do not need constant changes all the time. WinAmp hasn't changed in 20 years and still does exactly what it is supposed to. I could probably spin up an old MS Word 2000 and it would work just like it did 20 years ago.

    Many modern apps however change constantly. No wonder they all lean towards subscriptions if they "have to" work on it all the time. But I, as a user, don't even want that. I want to buy the thing that does what it's supposed to and then I want it to stay that way.

  • Verifying & Validating a Docker Container

    Jump

  • Well, a big advantage of containers is, that you can isolate them pretty aggressively. So if you run a container that is supposed to serve content on a single HTTP port, expose only that port, mount no unnecessary volumes and run it on a network that blocks all outgoing traffic. Ideally the only thing left will be incoming traffic on the one port the service is supposed to serve.

  • ZFS or LUKS/btrfs for my use case

    Jump

  • btrfs because it was simple

    Personally I found ZFS far more simple. The userspace tools make more sense to me. Also I like, that volumes can have a default (relative) mount point attached. So in a recovery scenario, I simply have to open the zpool with a relative base path, and then have all my volumes ready to go. If I want to recover a btrfs system with multiple subvolumes, I typically need to know exactly which ones and where to I have to mount them (each individually).

    Also I go really used to zfsbootmenu.

  • The Windows Subsystem for Linux is now open source

    Jump

  • Microsoft really has a knack for that. I also like WoW64, which contains the binaries for running 32 bit applications on Windows 64 bit. For historical reasons, the 64 bit binaries live in system32, obviously.

  • Ansible iptables best practices?

    Jump

  • Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

    nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

     
        
[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

    and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

    Edit: oh and as an example how the actual rules file looks like:

     
        
#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

    and with that I have my ipv4+6 firewall that allows pings and http

  • Developing a self-hosted alternative to Google Keep

    Jump

  • The shopping list alone is beautifully done. Glad that I could help 🙂

  • Developing a self-hosted alternative to Google Keep

    Jump

  • There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.

    -- Leon Bambrick

  • Developing a self-hosted alternative to Google Keep

    Jump

  • Regarding your requirement, you might want to take a look at KitchenOwl.

    If you prefer freestyle notes/lists, Joplin can share and sync note collections as well.

  • If you have to pick only one Desktop Environment and use it till your computer breaks, what would you choose?

    Jump

  • KDE is one of the main reasons for me to use Linux. I immensely like the performance, silence and battery lifetime of MacBooks. But if I have to work with anything but KDE, it's not worth it for me. The only thing OSX does better than basically any other desktop out there, is the ability to drag whole virtual screen between monitors.

  • Online office suite alternatives

    Jump

  • CryptPad is absolutely fantastic. Easy to host and secure design.

  • Deleted

    Linus responds to Hellwig - "the pull request you objected to DID NOT TOUCH THE DMA LAYER AT ALL... if you as a maintainer feel that you control who or what can use your code, YOU ARE WRONG."

    Jump

  • I can understand Hellwig's fear, though.

    From what I gather as a bystander, it's apparently common that a refactoring in your module that breaks its API will involve fixing all the call-sites to keep the effort on the person responsible for the change. Now the Rust maintainers say "it's fine; if it breaks, we'll deal with it" which is theoretically takes away the cross-language issue for the C-maintainer. Practically I can very well see, that this will still cause friction in the future.

    Let's say such a change happens and at that time there's a bit of time pressure and the capacity on the rust maintainers is thing for whatever reasons. Will they still happily swallow that change or will they start to discuss if it's really necessary to do that change? And suddenly, the C-maintainer has a political discussion on top of the technical issue they wanted to solve.

    As someone who just wants to get shit done, I would definitely have that fear.

    (That doesn't mean it's still a bullet not worth swallowing. The change overall can still be worth the friction. I am just saying that I think it's not totally unwarranted that a maintainer feels affected by this even though current pledges from the other parties promise otherwise; this stance can change or at least be challenged over and over.)

  • Resigning as Asahi Linux project lead

    Jump

  • It was an example. I don't have a fucking clue how all the maintainers are named.

    The main question was: why can a maintainer NACK something not in their responsibility? Isn't it simply necessary to find one maintainer who is fine with it and pulls it in?

    Or even asked differently: shouldn't you need to find someone who ACKs it rather than caring about who NACKs it?

  • Resigning as Asahi Linux project lead

    Jump

  • Can a maintainer really NACK any patch they dislike? I mean I get that Hellwig said he won't merge it. Fine. What if for example Kroah-Hartman says "whatever, I like it" and merges it nonetheless in his tree?

  • PSA: Update to Plasma 6.3 can make Wayland session unusable if you have configured monitor ICC profiles

    Jump

  • Damn, so that was the issue. I spent 2h trying around with different packages I suspected to cause an error during start. Then I desperately moved my .config dir out of the way to rule out an incompatible config and lo and behold... it worked. I then moved it back and tried to delete configs more finegranular. After a few iterations without success I just removed almost all kde and plasma related configs and reconfigured everything from scratch. I should have scrolled through my feed earlier 😁

  • Kingdom Come: Deliverance 2 hits 1m sales in just one day

    Jump

  • The second one gives you the necessary flashbacks to catch up if you should intend to follow the story. It also explains all the basics of the game mechanics as part of the quests.

  • How do you guys feel about the Pomodoro Technique?

    Jump

  • Maybe only using the pause timer would work. Once you start procrastinating, start the timer, allow yourself to do whatever but once the timer is done, back to work.

  • The Witcher 4 Recasts Ciri

    Jump

  • I even heard people being surprised it's not Geralt. When they were surprised I started to question myself if I just dreamed that they announced that wayyyy back.