towerful

@towerful@programming.dev

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

towerful ,

If Trump loses this election, where does the Republican party have to go?

Denial, subversion and violence?

towerful ,

DRM = Direct Render Manager

I had no idea, was confused, and the article never de-acronyms/initialisms the term

towerful ,

"well, I don't want to be racist and I try not to be racist. Is there something I can improve on or that I'm ignorant of?"

If you aren't racist then it flips the onus back on them to prove you are racist, while also showing any offense you might have caused to be accidental and that you are willing to self-improve

towerful ,

Found the project manager

towerful ,

It's absolutely something The Onion would post.

towerful ,

Speaking of being alive, fellow human! I wouldn't be alive without my favourite daily nutrient bar Solyent Lime Green! 4 out of 5 fellow humans know it's the limiest!

towerful ,

Yeh, immutable distros... You can install software, it's just you have to declaratively define what software you want, then apply that as a patch.
You don't just apt install cowsay, you have to create a file that defines the installation of cowsay.
This way, if you have to change how cowsay is installed, you tweak that patch file and reapply it.
If you have to wipe & reinstall (or get a new computer or whatever) you just apply all your patches, and the system is the same again.

towerful ,

Oh, no kidding.
I always thought immutable required the declarative installs.
I guess, immutable is more "containerised userland"?

towerful ,

They need to add seals to their seals, and valves to their valves.
If 1 is good, 2 is better!

towerful ,

The simplest explanation is a new kind of star, or a new kind of star cycle.
We have seen interesting radio signals before, they have all been explained by some sort of star behaviour.

The simplest explanation is NOT the evolution of an entire other species that survives all the way through to advanced tech to send radio signals.

towerful ,

The complexity involved to have sentient life evolved to the point that it can create radio waves is an astronomically small possibility. Having that coincide with our ability to detect such a thing is even smaller.
The history of "we don't know what this signal is or means" has always been "a new type/phase of star".

The only assumption here is that life is rare, and advanced life is rarer still. Which is supported by all of our science so far

towerful ,

I'm saying it's false to apply Occam's razor to this scenario and draw a conclusion that this is caused by non-human life.

I'm not assuming earth is unique. There have been many earth-like planets that have been discovered.
I'm not even assuming humans are unique, given all of space-time.

It is extremely unlikely that there exists intelligent life other than humans at this time (or within the window-function of time required for us to receive a transmission from however many million lightyears).
Like, it is vanishingly small. The insane series of events that has lead to an intelligent species being dominant on a planet is ridiculous, to be honest.
In other words, humans are essentially unique at this point in "observable" time.

It is extremely likely it is a natural phenomena that we don't understand, or even equipment malfunction, misinterpretation, miscalculation etc.
We have discovered unknown signals, then learnt what they are. Humans don't know everything.
We have discovered unknown signals, then realised it was a nearby microwave, or a dodgy connection, or whatever. Humans make mistakes.

The simplest explanation in order to not have to deal with a new research project is probably "aliens".
But the simplest explanation is "natural phenomena we don't understand yet"

towerful ,

Can't wait for the pandemic of plastic eating fungus infecting the human race and living on the micro plastic in our testicles.
Or, like, all medical tools becoming impossible to package and ship cause of this fungus.

towerful ,

I don't really care about "the economy".
I care about the increase in costs, increases in productivity and the non-increases in wages.
The economy is how well companies are extracting profit. Idk what the word is for what I care about.

towerful ,

Most multinational web apps will have different deployments for different countries.
Locating the servers geographically closer to the users reduces latencies and costs.
Running different deployments allow them to tailor more closely to local regulations, without having it impact everyone else

towerful ,

Sure, but what you are describing is the problem that k8s solves.
I've run plenty of production things from docker compose. Auto scaling hasn't been a requirement, and HA was built into the application (so 2 separate VMs running the compose stack). Docker was perfect for it, and k8s would've been a sledgehammer.

towerful ,

It's not a workaround.
In the old days, if you had 2 services that were hard coded to use the same network port, you would need virtualization or a different server and make sure the networking for those is correct.

Network ports allow multiple services to use the same network adapter as a port is like a "sub" address.
Docker being able to remap host network ports to containers ports is a huge feature.
If a container doesn't need to be accessed outside of the docker network, you don't need to expose the port.

The only way to have multiple services on the same port is to use either a load balancer (for multiple instances of the same service) or an application-aware reverse proxy (like nginx, haproxy, caddy etc for web things, I'm sure there are other application-aware reverse proxies).

What do you call application modules that are responsible for business logic?

Somewhere between API resources, queue workers, repositories, clients and serializers there is a class of ... classes/modules that does the needful. Gun-to-my-head, I would call them "services" but I'm looking for a less overloaded term. Maybe capabilities? Controllers? Pick a term from the business domain? What do you call...

towerful ,

"broker" as a service-between-services is a great name

towerful ,

Surely you want to enable 802.1q? Like, that is vlan aware switching and routing. Or is that on the nas?

Edit:
Some troubleshooting:

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation

towerful ,

If they are on the same subnet, why are they going via the router? Surely the NIC/OS will know it's a local address within its subnet, and will send it directly; as opposed to not knowing where to send the packet, so letting the router deal with it.

I'm assuming you are using a standard 24 bit subnet mask, because you haven't provided anything that indicates otherwise and the issue you present would be indicative of a local link being used - this possible

towerful ,

That whole "shortest path" has caught me out before (tho in a different way)!
And firewall logs of "state violation" aren't always helpful when that's pretty much the default log message

towerful ,

If holding the bag of money means you don't need an O2 tank, I guess that's actually pretty decent.
Or maybe the dad is just tired of wearing an O2 tank & mask

towerful ,

Obviously it's a fart counter. Resets at midnight.
OP has been busy!

towerful ,

Yeh, fraud implies/requires intent.

towerful ,

"New Releases"... Funny how the watched progress bar is halfway through that film

towerful ,

Well, if the Tories get back in then deporting people to Rwanda and expansion of oil drilling in the north sea will be guaranteed.
Voting for lab, there is a chance that these will be cancelled.

Tories have had decades in charge, and shit is fucked.
Labour are more progressive - not enough for my taste, but better than constant austerity

towerful ,

Yup. Such is a 2-party system.
Vote for the less-evil

towerful ,

The xkcd explained brushes near it.

Many of the passengers would suffer extreme injuries from the changes of velocity (up to 230 mph based on a loop radius of 3 x ship length) and rotation (unlike rollercoasters, or even airplanes during simple take-off and landing, passengers aren't normally strapped down).

towerful ,

Essentially any android or iPhone with location services active will periodically report SSIDs and the current location.
This is put into a publicly accessible database/API to allow location lookup based on nearby SSIDs that's accurate to a few meters.

“You may not have Apple products, but if you have an access point and someone near you owns an Apple device, your BSSID will be in [Apple’s] database,” he said. “What’s important to note here is that every access point is being tracked, without opting in, whether they run an Apple device or not. Only after we disclosed this to Apple have they added the ability for people to opt out.”

Appending _nomap to your wifi ssid apparently opts-out of Google and Apples WiFi positional service database

towerful ,

120 litres (4 people, 10 litres per person per day, 3 days) of water is also 120kg. Pretty unwieldy.
Bathtubs are 160 litres. So, it's essentially storing an extra bathtub.

towerful , (edited )

LE certs can always be "side loaded" by acme.sh or LEbot or whatever, and the reverse proxy restarted to use the new certs. So, the whole "pro subscription to use specific certs" shouldn't be a factor, except a little more work/config (so, money Vs time).

Now for my opinion...

For base security, all it's doing is looking at whatever you tell it to look at in an http request and forward/drop/block as such.
HAProxy is well battle-tested. Nginx is well battle-tested. Traefik and caddy are comparably newer contenders, but considering their adoption they are probably well battle-tested.
Which means, an established reverse proxy is only going to be as secure as the software it's forwarding traffic to.

If there happens to be some mental TLS handshake RCE that comes up, chances are they are all using the same underlying TLS library so all will be susceptible...
But at least an attacker only gets access to the reverse proxy server. Which is why it's worth having that in a locked down isolated VM, ideally built in a way that is extremely easy to rebuild (declarative configs like docker-compose and some scripts, or even something like nixos for an immutable OS).

As for add-ons... Most WAFs only look for things like XSS injection or SQL injection or exploitative HTTP request formats. Very very basic attack vectors that any decent HTTP stack and reasonably built software shouldn't have to even worry.
Any DDOS protection is more likely to blast your network connectivity, which (for self hosting) a WAF isn't going to be able to do anything about.
I'm not sure how good they actually are against a DOS attack that is caused by bugs/inefficiencies in the application. Maybe they monitor for long/increasing response times, and block further requests to them? Might cause a lot of false-positives for your users.

So, the only real benefit - that I see - are zero-day exploit protections.... and that only matters if they are built around near-realtime updates like crowdsec is. I don't know how it compares to cloudflares WAF, tho.
Any zero-day protection that isn't being managed and updated in near-realtime is about as effective as you monitoring news of your installed services/programmes and updating them regularly. Because you are likely to update your WAF and apps when you hear about those, or regular scheduled updates will deal with them before you even learn about them.

I guess there is security in layers, and if layers of security is more important than CPU consumption/response time/requests per second (ie have an abundance of processing, servicing few users, etc) then it might be a no-brainer.

The only other time I can see a generic WAF being useful is if you have rolled your own framework and HTTP stack, and are running your own software. Because, you won't get that right... So might as well have the extra protection of a WAF.

Or, I guess, with really old unsupported software.
But surely there is a newer take or fork of it?

There is also the "am I worth it" factor.
Like, what is your actual threat model?
Defend against the usual script-based attacks (IE low hanging fruit), only expose/forward ports that are actually required, use some sensible security that isolates more vulnerable systems (IE a proxy) from more sensitive (ie a database or storage), and update regularly on stable/lts branches.

Edit:
I just googled bunkerweb.
First we had firewalls. Then we got web application firewalls. Along came next generation firewalls. Now we have Next Generation Web Application Firewalls with paid features like "Pay per protected services" and "Best effort support included"

Maybe I'm just salty

towerful , (edited )

That got a bit long.
Reading more into bunkerweb.

Things like the "limit" feature are going to doink people on cgnat or large corporate networks. I've had security stuff tripped by a company using my software, and it's a PITA cause all the requests from legit users come from only a few IP addresses.

Antibot isn't going to be helpful for things like JS requests, because cookies aren't included by default with fetch requests - so the application needs to be specifically built for this (at which point, do it at an application level so it can scale easier?).
And captcha. For whatever that is worth these days.

Reverse Scan is going to slow down every request (as it scans the remote client for suspicious open ports, so a 500ms delay as default).

Country is just geo-ip.

Bad Behaviour is just rate limiting (although with a 24h ban). Sucks if a few corporate/cgnat users all hit a 404 and suddenly that entire company/ISP's IP is blocked for a day.

This seems like something to use when running a TOR server or something, where security is more important than user experience. Like, every feature seems to punish legit users

towerful ,

So, is public accessibility actually required?
Does it need to be exposed to the public internet?

Why not use wireguard (or another VPN)? Even easier is tailscale.
If you are hand selecting users (IE, doesn't actually need to be publicly accessible), then VPN is the most secure and just run a reverse proxy for ease & certs.
Or set up client certificate authentication, so only users that install a certificate issued by you can connect to the service (dunno how that works for 3rd party apps to immich)

Like I asked, what is your actual threat model?
What are your requirements?
Is public accessibility actually required?

towerful ,

Haha, as soon as they said "pluto only needs 4.8km/s [dV]" I was like "great, let's sun-dive our waste from pluto, then"... Like, glossing over the whole "getting the waste to pluto" part.
Which they then went on to discuss.

towerful ,

Was this actually reported?
Or is this a reference to something I don't get?

towerful ,

Ah, I see. It's Europe *

towerful ,

That took 2 comments of rage-bait bullshit for you to say that?

Like, at no point did you actually say you are a helpless victim in this.
It read like "I have and enjoy MY house on the beautiful coast. Why is everyone going to be so mean to me when the bill comes due?!"

towerful ,

I mean, you made a lot of aggressive comments and exploded back at commenters before you actually explained your stance/position.
And it all read like "have pity on those beach front home owners when the tides come", as opposed to "yeh, beach front home owners are assholes, I wish they would do something to actually help. Unfortunately the regular population are essentially hostage to ever increasing rent, insurance and food prices making moving anywhere safer more and more difficult each season"

Maybe it's cause it's text.

towerful ,

You put the prices up because you can and you get more money out of the customers, and then you pass it on to the shareholders because the business you’re in is providing a good return to your shareholders.

Why privatising things like water, communication, power, healthcare etc is a bad idea.
Profits should be derived from excess needs, not essential.

towerful ,

"free Ubers for life".
Absolute bargain to get your own laws

towerful ,

A quick Google suggests what you have.

If the code you have quoted is verbatim what you have tried, seems like you need to extract the parentheses and possibly a single or double quote, depending on the source css. The example source you have given has a single quote.

select-before(select-after(//div/@style, "backgound-image: url("), ")")

Should be (notice the extra ' relating to url('...url'))

select-before(select-after(//div/@style, "backgound-image: url('"), "')")

But I don't think that would cause xpath to fail... It would just extract the wrong value

Edit:
Further reading suggests xpath 1.0 does have limited functionalities. But, like you, can't find anything concrete.

towerful ,

Those "once in a lifetime" or "once in a decade" weather events seem to be quite common these days

towerful ,

Trees!
Trees store lots of environmental and atmospheric data in their trunks. When they get fossilized a lot of that information remains intact.
Also, ice cores. Layers of ice protect previous layers of ice from further contamination, so are a pretty good snapshot of the environment/atmosphere at a given point in time.

https://www.bbc.co.uk/newsround/67074940

Wiki has more detailed information on how Miyake Events are "stored" in trees and ice cores.
https://en.m.wikipedia.org/wiki/Miyake_event

towerful ,

Between those that watched the short and those that didn't?

towerful ,

Perhaps a member of the cult is also a part of the local law forces, so they don't have immediate concerns about the law coming down on them.
Or at least feel they would have enough warning to not have to start immediately disbanding.

Could lead to a purge of corrupt law enforcement quest.

Do companies store facial and voice recognition data from the thousands of hours of zoom/teams calls that their employees use?

I heard a person call into a show the other day, voice only, and talk about some poor working conditions at a factory. Made me think about how it would probably be so easy for nefarious bosses to be able to identify that person with all of the data that comes from us looking directly into cameras and speaking clearly in modern...

towerful ,

Companies would only do it in response to an incident.
Same as any IT related thing. IT will block bad websites, maybe have some alerts for common stuff, but will only sift through logs when something goes wrong so they can assess the extent, impact and fixes for things.

The exceptions are probably like Amazon where they have the processing power and dev-time to do things like this to their own employees, which might also turn into a marketable product for other companies.
Military contractors might as well (Boeing...)

towerful ,

Training will never stop, tho.
New models will keep coming out, datasets and parameters are going to change.

towerful ,

I'd expect anything that has a battery which defines the lifespan of a piece of electronics to make that battery replaceable.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •