N0x0n

joined 10 months ago
[–] [email protected] 1 points 2 minutes ago

As long as the EU doesn't reinvent the wheel, why not? I mean if they are going to fork Linux and rewrite a EU-based linux OS, this would further divide the community and make issues and security a lot more wacky... Not sure this is a good idea.

[–] [email protected] 10 points 1 day ago* (last edited 16 minutes ago)

Lutris + wineprefixes works great but most of the time it's harder to configure and needs some search around the web to get it right !

Non-steam games with proton on steam works like nearly every time without to much hassle (if supported) !!

If you're afraid of your account ban, create a dummy steam account only for your pirated games.

[–] [email protected] 1 points 1 day ago

Yeah, specially in the US where money rules the actual debate. If you don't have a few millions to spare on a fancy election parade... Don't even bother.

That's way politics is the war of the rich and why all multi billion dollar companies feel safe in the US.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

If you're tired of python's and venv issues, give miniconda a try. It solved most of my issues with dependencies and different python version in scripts.

It's probably a skill issue regarding to pip/pipx/venv... But miniconda really made everything easier.

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago) (1 children)

What about exFAT? It overcomes FAT32's limitation and is nearly readable on every OS and has way higher file size limits.

Edit: In case of external storage like USB/hard drive.

[–] [email protected] 2 points 2 days ago* (last edited 2 days ago) (1 children)

Hahaha.... What a stupid take. Yeah scientific research isn't biased and hasn't been poisoned by conflict of interest... never has been and never will I guess? Scientific research is the ultimate truth of wisdom and you don't need your own critical thinking anymore 😮‍💨 (Yeah the tobacco industry was right, smoking is healthy !)

when the researchers themselves are saying the work isn’t over. why are all the super geniuses in this thread so smugly announcing this topic is wrapped up?

It's better to be safe than sorry

Edit:

Therefore, the fact that no evidence for large-scale mobile eavesdropping has been found so far should not be interpreted as an all-clear. It could only mean that it is difficult – under current circumstances perhaps even impossible – to detect such attacks effectively.

https://link.springer.com/chapter/10.1007/978-3-030-22479-0_6

Scientific enough?

[–] [email protected] 1 points 2 days ago

76 up's / 68 down's on OP's post.

It's very close, still the majority wins, that's how it works, if not happy change the system not the voters.

Maybe not 24x7 but this did happened and people have reported it multiple times. If you really think those multi-billion dollars companies are not capable of or won't do anything so sketchy because it's not "worth it", then it's time to open your mind to the possibility that those companies are not your friends.

[–] [email protected] 1 points 2 days ago (4 children)

Hello !

Version 6.1.1 (250) arm64-v8a https://f-droid.org/en/packages/chat.simplex.app/ https://f-droid.org/repo/chat.simplex.app_250.apk

Here's the analysis: https://www.hybrid-analysis.com/sample/9b14b4f80b479a7eb2a5e9fb22ad3f5d547690f4e30da6b5c6f0e9ed8d4039da/672727b3fd3db6063b002513

Same exact result:

  • Pattern match: "https://android.googlesource.com/toolchain/llvm-project"
  • Pattern match: "https://developers.google.com/protocol-buffers///"
  • Pattern match: "https://issuetracker.google.com/issues/new?component=618491&template=1257717"

Dunno if this is something we should worry about or not ? Maybe OP and myself are not educated enough to interpret the results, however I'm also not very comfortable seeing those Found potential URL in binary/memory from SimpleX's APK. Do you have any further thoughts?

Thanks.

[–] [email protected] 1 points 2 days ago (6 children)

For using Obtainium, how do you avoid or block all apps from Github that depend on GCM, Firebase, or Google services?

You do have a point though, but how does that even comes into the mix? Obtainium fetches directly from the source (api.github.com).

But to answer your question, it's blocked at the DNS level with RethinkDNS. Blocking all requests, except those explicitly allowed by myself.

This seems more like hardcoded into the .APK or that we can't correctly interpret the results or something is wrong in the analysis. And I'm also curious to get more Info's from someone.

[–] [email protected] 3 points 3 days ago* (last edited 3 days ago) (10 children)

I tried it with the official github .apk and same result. I have no idea what it means though maybe someone could chime in?

Found potential URL in binary/memory:

  • Pattern match: "https://issuetracker.google.com/issues/new?component=618491&template=1257717"
  • Pattern match: "https://android.googlesource.com/toolchain/llvm-project"
  • Pattern match: "https://developers.google.com/protocol-buffers///"

Except that they need something to make an android application (android SDK) and somehow to get issuetracker feedbacks, there's nothing to worry about ? I guess? I don't know.

[–] [email protected] 2 points 3 days ago

Haha! Seriously? This works? I mean they will probably just disable your account that's all, but that's a neat trick if it works !

[–] [email protected] 2 points 4 days ago

This is a neat workaround !! Still, for privacy reason I keep my addons to a strict minimum.

However I save your comment as emergency workaround ! Thanks for the tip !

 

TIL something new... My hate for MacOS took over common logic. 2.8GB, 3 seconds file transfer on USB was to beautiful to be true. After some further investigation and hints from @[email protected] @[email protected] I learned that Linux writes to cache before writing it to the device, to see whats happening in the background: sync & watch -n 1 grep -e Dirty: /proc/meminfo.

Still, the transfer speed on Linux was slightly faster than on MacOS. My rant was unjustified, It just my fault for being clueless on some more advanced Linux stuff. But I learned something new today, so this post was actually helpful !

Howerver, I still hate MacOS and will probably give Asahi remix a try.

Thanks to everyone !


Hey guys ! I'm getting tired/bored of MacOS' shenanigans... Yesterday was the last drop that make me think of trying an alternative.

While trying to upload a 2.8 GB file over to an USB-C stick it took like 8 minutes? Okay that's "good" enough if you only do it from time to time... But 25 files takes literally 1h30min... Are we in 2001?

I mean the exact same 2.8GB file, with the exact same USB-C stick took FU***** 3 seconds on Linux !!

Ohh and don't think I didn't tried to "fix" the issue, after a long search on the web I came across a lot of people having similar issues that aren't fixed since 2 major updates? With a total radio silence from the shiny poisonous Apple...

Among other things I tried:

  • Disable Spotlight indexing sudo mdutil -a -i off
  • Reformat the USB stick from Mac
  • All available filesystem FAT32, exFAT...(yes even MacOS native APFS)
  • Another USB stick
  • ....

Enough is enough. I was willing to learn their way of thinking for my personal experience and somehow always got my way around to reproduce what I learned on Linux to Mac. But now that there is an alternative OS, I think I'm ready to get back home.

So does anyone here already gave Asahi Remix a try? If so what was your experience with it?

I read their FAQ and most of their documentation and it seems good enough for daily drive (except for some quirks here and there) but I wanted to hear from people who already made the jump and how was their personal feeling.


PS: I got that MacOS for my birthday from a family member with good intentions. That wasn't a personal choice. While I'm more than happy and thankful for the gift, I totally hate it more and more... Especially because MOST of my self-hosted services, applications, scripts, are open source.

 

Hi everyone !

Intro

Was a long ride since 3 years ago I started my first docker container. Learned a lot from how to build my custom image with a Dockerfile, loading my own configurations files into the container, getting along with docker-compose, traefik and YAML syntax... and and and !

However while tinkering with vaultwarden's config and changing to postgresSQL there's something that's really bugging me...

Questions


  • How do you/devs choose which database to use for your/their application? Are there any specific things to take into account before choosing one over another?

  • Does consistency in database containers makes sense? I mean, changing all my containers to ONLY postgres (or mariaDB whatever)?

  • Does it make sense to update the database image regularly? Or is the application bound to a specific version and will break after any update?

  • Can I switch between one over another even if you/devs choose to use e.g. MariaDB ? Or is it baked/hardcoded into the application image and switching to another database requires extra programming skills?

Maybe not directly related to databases but that one is also bugging me for some time now:

  • What's redis role into all of this? I can't the hell of me understand what is does and how it's linked between the application and database. I know it's supposed to give faster access to resources, but If I remember correctly, while playing around with Nextcloud, the redis container logs were dead silent, It seemed very "useless" or not active from my perspective. I'm always wondering "Humm redis... what are you doing here?".

Thanks :)

 

Edit

After a long process of roaming the web, re-runs and troubleshoot the script with this wonderful community, the script is functional and does what it's intended to do. The script itself is probably even further improvable in terms of efficiency/logic, but I lack the necessary skills/knowledge to do so, feel free to copy, edit or even propose a more efficient way of doing the same thing.

I'm greatly thankful to @[email protected], @[email protected], @[email protected] and Phil Harvey (exiftool) for their help, time and all the great idea's (and spoon-feeding me with simple and comprehensive examples ! )

How to use

Prerequisites:

  • parallel package installed on your distribution

Copy/past the below script in a file and make it executable. Change the start_range/end_range to your needs and install the parallel package depending on your OS and run the following command:

time find /path/to/your/image/directory/ -type f | parallel ./script-name.sh

This will order only the pictures from your specified time range into the following structure YEAR/MONTH in your current directory from 5 different time tag/timestamps (DateTimeOriginal, CreateDate, FileModifyDate, ModifyDate, DateAcquired).

You may want to swap ModifyDate and FileModifyDate in the script, because ModifyDate is more accurate in a sense that FileModifyDate is easily changeable (as soon as you make some modification to the pictures, this will change to your current date). I needed that order for my specific use case.

From: '-directory<$DateAcquired/' '-directory<$ModifyDate/' '-directory<$FileModifyDate/' '-directory<$CreateDate/' '-directory<$DateTimeOriginal/'

To: '-directory<$DateAcquired/' '-directory<$FileModifyDate/' '-directory<$ModifyDate/' '-directory<$CreateDate/' '-directory<$DateTimeOriginal/'

As per exfitool's documentation:

ExifTool evaluates the command-line arguments left to right, and latter assignments to the same tag override earlier ones.

#!/bin/bash

if [ $# -eq 0 ]; then
    echo "Usage: $0 <filename>"
    exit 1
fi

# Concatenate all arguments into one string for the filename, so calling "./script.sh /path/with spaces.jpg" should work without quoting
filename="$*"

start_range=20170101
end_range=20201230

FIRST_DATE=$(exiftool -m -d '%Y%m%d' -T -DateTimeOriginal -CreateDate -FileModifyDate -DateAcquired -ModifyDate "$filename" | tr -d '-' | awk '{print $1}')

if [[ "$FIRST_DATE" != '' ]] && [[ "$FIRST_DATE" -gt $start_range ]] && [[ "$FIRST_DATE" -lt $end_range ]]; then
        exiftool -api QuickTimeUTC -d %Y/%B '-directory<$DateAcquired/' '-directory<$ModifyDate/' '-directory<$FileModifyDate/' '-directory<$CreateDate/' '-directory<$DateTimeOriginal/' '-FileName=%f%-c.%e' "$filename"

else
        echo "Not in the specified time range"

fi



Hi everyone !

Please no bash-shaming, I did my outmost best to somehow put everything together and make it somehow work without any prior bash programming knowledge. It took me a lot of effort and time.

While I'm pretty happy with the result, I find the execution time very slow: 16min for 2288 files.

On a big folder with approximately 50,062 files, this would take over 6 hours !!!

If someone could have a look and give me some easy to understand hints, I would greatly appreciate it.

What Am I trying to achieve ?

Create a bash script that use exiftool to stripe the date from images in a readable format (20240101) and compare it with an end_range to order only images from that specific date range (ex: 2020-01-01 -> 2020-12-30).

Also, some images lost some EXIF data, so I have to loop through specific time fields:

  • DateTimeOriginal
  • CreateDate
  • FileModifyDate
  • DateAcquired

The script in question

#!/bin/bash

shopt -s globstar

folder_name=/home/user/Pictures
start_range=20170101
end_range=20180130


for filename in $folder_name/**/*; do

	if [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -DateTimeOriginal "$filename") =~ ^[0-9]+$ ]]; then
		DateTimeOriginal=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -DateTimeOriginal "$filename")
	        if  [ "$DateTimeOriginal" -gt $start_range ] && [ "$DateTimeOriginal" -lt $end_range ]; then
			/usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$DateTimeOriginal/' '-FileName=%f%-c.%e' "$filename"
			echo "Found a value"
		echo "Okay its $(tput setab 22)DateTimeOriginal$(tput sgr0)"

		fi

        elif [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -CreateDate "$filename") =~ ^[0-9]+$ ]]; then
                CreateDate=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -CreateDate "$filename")
                if  [ "$CreateDate" -gt $start_range ] && [ "$CreateDate" -lt $end_range ]; then
                        /usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$CreateDate/' '-FileName=%f%-c.%e' "$filename"
                        echo "Found a value"
                echo "Okay its $(tput setab 27)CreateDate$(tput sgr0)"
                fi

        elif [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -FileModifyDate "$filename") =~ ^[0-9]+$ ]]; then
                FileModifyDate=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -FileModifyDate "$filename")
                if  [ "$FileModifyDate" -gt $start_range ] && [ "$FileModifyDate" -lt $end_range ]; then
                        /usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$FileModifyDate/' '-FileName=%f%-c.%e' "$filename"
                        echo "Found a value"
                echo "Okay its $(tput setab 202)FileModifyDate$(tput sgr0)"
                fi


        elif [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -DateAcquired "$filename") =~ ^[0-9]+$ ]]; then
                DateAcquired=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -DateAcquired "$filename")
                if  [ "$DateAcquired" -gt $start_range ] && [ "$DateAcquired" -lt $end_range ]; then
                        /usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$DateAcquired/' '-FileName=%f%-c.%e' "$filename"
                        echo "Found a value"
                echo "Okay its $(tput setab 172)DateAcquired(tput sgr0)"
                fi

        elif [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -ModifyDate "$filename") =~ ^[0-9]+$ ]]; then
                ModifyDate=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -ModifyDate "$filename")
                if  [ "$ModifyDate" -gt $start_range ] && [ "$ModifyDate" -lt $end_range ]; then
                        /usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$ModifyDate/' '-FileName=%f%-c.%e' "$filename"
                        echo "Found a value"
                echo "Okay its $(tput setab 135)ModifyDate(tput sgr0)"
                fi

        else
                echo "No EXIF field found"

done

Things I have tried

  1. Reducing the number of if calls

But it didn't much improve the execution time (maybe a few ms?). The syntax looks way less readable but what I did, was to add a lot of or ( || ) in the syntax to reduce to a single if call. It's not finished, I just gave it a test drive with 2 EXIF fields (DateTimeOriginal and CreateDate) to see if it could somehow improve time. But meeeh :/.

#!/bin/bash

shopt -s globstar

folder_name=/home/user/Pictures
start_range=20170101
end_range=20201230

for filename in $folder_name/**/*; do

        if [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -DateTimeOriginal "$filename") =~ ^[0-9]+$ ]] || [[ $(/usr/bin/vendor_perl/exiftool -m -d '%Y%m%d' -T -CreateDate "$filename") =~ ^[0-9]+$ ]]; then
                DateTimeOriginal=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -DateTimeOriginal "$filename")
		CreateDate=$(/usr/bin/vendor_perl/exiftool -d '%Y%m%d' -T -CreateDate "$filename")
                if  [ "$DateTimeOriginal" -gt $start_range ] && [ "$DateTimeOriginal" -lt $end_range ] || [ "$CreateDate" -gt $start_range ] && [ "$CreateDate" -lt $end_range ]; then
                        /usr/bin/vendor_perl/exiftool -api QuickTimeUTC -r -d %Y/%B '-directory<$DateTimeOriginal/' '-directory<$CreateDate/' '-FileName=%f%-c.%e' "$filename"
                        echo "Found a value"
                echo "Okay its $(tput setab 22)DateTimeOriginal$(tput sgr0)"

                else
			echo "FINISH YOUR SYNTAX !!"
		fi

	fi
done

  1. Playing around with find

To recursively find my image files in all my folders I first tried the find function, but that gave me a lot of headaches... When my image file name had some spaces in it, it just broke the image path strangely... And all answers I found on the web were gibberish, and I couldn't make it work in my script properly... Lost over 4 yours only on that specific issue !

To overcome the hurdle someone suggest to use shopt -s globstar with for filename in $folder_name/**/* and this works perfectly. But I have no idea If this could be the culprit of slow execution time?

  1. Changing all [ ] into [[ ]]

That also didn't do the trick.

How to Improve the processing time ?

I have no Idea if it's related to my script or the exiftool call that makes the script so slow. This isn't that much of a complicated script, I mean, it's a comparison between 2 integers not a hashing of complex numbers.

I hope someone could guide me in the right direction :)

Thanks !

 

Hi everyone :).

Just getting started with Manjaro as daily drive to get some easier arched based distro. Except for the LVM bug with calamares everything is pretty smooth :).

But at first boot, I saw they have added their personal Manjaro logo on boot and I directly though of the bug exploit logoFAIL I heard a few month ago and It made me curious if this is something that could be exploitable by Manjaro.

Probably not, this would harm their image and hard worked system, but I'm still curious... If someone smarter/more knowledgeable than me could chime in and give some valuable information on this topic regarding Manjaro, I would really appreciate it !

Thank you !

 

Hi everyone.

I'm curious to understand what could happened to simpleX if the new "security" plan in EU gets voted?

Because I'm not versed enough with the political and legal wording in thoses papers I've got a hard time to actually understand.

  • Will simpleX be obligated to comply?
  • Will simpleX retire from EU?
  • Would It be illegal to use simpleX if the bill passes?
  • Could we still use simpleX with a proxy/VPN from a country outside of EU?
  • ...

I'm genuinely concerned about what I'm reading here and there on lemmy... I hope someone could give me some interesting point of view.

Thanks.

 

cross-posted from: https://lemmy.ml/post/15968883

Hello everyone ! Nobody seems to have an answer on [email protected] (or maybe they are not interested because it's an enteprise network community?) and [email protected] seems dead?

Anyway, If anyone could guide me or direct me to the right direction, I would really appreciate it !


TL:DR

What is encapsulated into the frame that makes everyone understand: "OHHH that’s for 10.0.0.8, your docker container on bridge network br-b1de on the veth2b interface !!! "


Hi everyone !

I'm scratching my head in finding an actual answer on how virtual networking in docker actually works (mostly on the packets/frame level) or some good documentation to improve my understanding on how everything fits together.

Because I'm probably lacking the correct network terminology I made a simple network topology of my network. Don't hesitate to correct any network mistake.

In my scenario, my docker container with the virtual interface veth2b22c98 and the following ip (10.0.0.8) connects to bridge network br-b1de95b5ea89. When I curl, from my conntainer, lemmy.ml the packets/frame is send to my enp4s0 and goes through my wireguard tunnel to my VPN provider which sends back the packet/frame/handshake...

I probed every interface with tcpdump (enp4s0, wg0, br-b1,veth2b):

  • enp4s0: Every packet/frame is encapsulated into the wireguard protocol with my physical interface's IP (192.168.1.30) and no DNS is visible on that interface (like expected) and sends it out to my ISP's public IP.

  • wg0: Shows every packet/frame with the actual protocol with my wireguard's interface IP (192.168.2.1) with the destination IP of lemmy.ml (Dst: 54.36.178.108)

  • br-b1: Shows every packet/frame with the actual protocol with my containers IP (10.0.0.8) with the destination IP of lemmy.ml (Dst: 54.36.178.108)


I know there is a mix of 2 different concepts in my scenario (wireguard tunnel and virtual networking) but I really do not understand how the frame gets back to my docker container. When I look at the frames on wg0, there is no mention of either the MacAddress of my container or the actual IP of my container.

How/when/what ? is exactly happening to my frame so that it gets to the correct target between my physical interface, virtual interface, bridge ? I mean with VLAN's there's a VLAN tag on the frame, so you can easily identify with Wireshark where it should go. But here, I cannot find any clue who or what is doing the magic so the frame finds it's way back to my docker container.

What is encapsulated into the frame that makes everyone understand: "OHHH that's for 10.0.0.8, your docker container on bridge network br-b1de on the veth2b interface !!! "


Sorry for my broken English and lack of networking terminology and thank you for those who beared with me and are willing the give me some hints/proper networking lesson.

11
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

Edit: Whoops I just read that [email protected] is for enterprise networks? I hope my small homelab question doesn't break the rules? If so I will redirect my question.


Hi everyone !

I'm scratching my head in finding an actual answer on how virtual networking in docker actually works (mostly on the packets/frame level) or some good documentation to improve my understanding on how everything fits together.

Because I'm probably lacking the correct network terminology I made a simple network topology of my network. Don't hesitate to correct any network mistake.

In my scenario, my docker container with the virtual interface veth2b22c98 and the following ip (10.0.0.8) connects to bridge network br-b1de95b5ea89. When I curl, from my conntainer, lemmy.ml the packets/frame is send to my enp4s0 and goes through my wireguard tunnel to my VPN provider which sends back the packet/frame/handshake...

I probed every interface with tcpdump (enp4s0, wg0, br-b1,veth2b):

  • enp4s0: Every packet/frame is encapsulated into the wireguard protocol with my physical interface's IP (192.168.1.30) and no DNS is visible on that interface (like expected) and sends it out to my ISP's public IP.

  • wg0: Shows every packet/frame with the actual protocol with my wireguard's interface IP (192.168.2.1) with the destination IP of lemmy.ml (Dst: 54.36.178.108)

  • br-b1: Shows every packet/frame with the actual protocol with my containers IP (10.0.0.8) with the destination IP of lemmy.ml (Dst: 54.36.178.108)


I know there is a mix of 2 different concepts in my scenario (wireguard tunnel and virtual networking) but I really do not understand how the frame gets back to my docker container. When I look at the frames on wg0, there is no mention of either the MacAddress of my container or the actual IP of my container.

How/when/what ? is exactly happening to my frame so that it gets to the correct target between my physical interface, virtual interface, bridge ? I mean with VLAN's there's a VLAN tag on the frame, so you can easily identify with Wireshark where it should go. But here, I cannot find any clue who or what is doing the magic so the frame finds it's way back to my docker container.

What is encapsulated into the frame that makes everyone understand: "OHHH that's for 10.0.0.8, your docker container on bridge network br-b1de on the veth2b interface !!! "

Sorry for my broken English and lack of networking terminology and thank you for those who beared with me and are willing the give me some hints/proper networking lesson.


Edit: Changed something on my network diagram (wireguard is not in a container it's bare bone on the server) and some typo.

11
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

Hi everyone :)

It's time to switch and give my home network a proper minimal hardware upgrade. Right now everything is managed by my ISP's AIO firewall/router combo. Which works okayish, but I'm already doing some firewall/dns/VPN stuff on my minimal spare laptop server to bypass most of my ISP's restrictions. So it's time to get a little bit "crazy" !

While I do have some "power user" knowledge regarding Linux/server/selfhosted services/networking, I'm a bit clueless hardware wise, specially regarding my ISP's 2.5G ethernet port.

I do have a 5giga connection from my Internet provider (Obtic fiber) which is divided into 4 ethernet ports (Eth1 2.5G, Eth2 1G, Eth3 1G, Eth4 0,500G or something in that range). And right now the Eth1 port is connected through an old 1G switch.

  1. To take full advantage of my ISP's 2.5G ethernet port do I need a router AND a switch capable of 2.5G througput ? Or only the router and the switch is going to divid it accordingly between all connected devices on a 1G switch?

I'm also looking for some recommendation/personal experience for a router and a switch with a budget of 250e.

First I was interested into a BananaPI as a router, to tinker a bit, but it seems a bit of a hassle to flash it with OpenWRT, then I found an interesting post on Lemmy talking about the Intel N100 Celeron N5105, which looks like more what I'm looking for but I'm not sure ?

  1. I have no idea what's the best bet, a SBC (bananapi mini, orange pi, raspberry pi...) a fully fleged router (like TP-Link AX1800 and flash it with opensense/openwrt) or an Intel N100 Celeron N5105 Soft Router ?

The capabilities I'm looking for:

  • VLAN capable
  • AP VLAN capabable to segment wifi
  • Taking advantage of my ISP's 2.5G ethernet port
  • Firewall customization capabilities

I have an eye on a managed switch I found on amazon (SODOLA 6 Port 2.5G Web Managed) but I have no idea how reliable they are, I have never heard of SODOLA.

  1. Any good recommendation I should look at for a managed switch that would work great with the same capabilities above?

  2. Probably last question, is regarding wifi APs. Is it possible to make an access point from my router even tough it hasn't atennas? If I connect an access point directly to my router, will it be capable of giving away wifi connection?

Thanks for reading though, I'm a bit unsure how I should spend my money to have a minimal but reliable/capable homelab setup. Every advice is welcome. But keep in mind, I want to keep it minimal, a good enough routing capbability with intermediate firewall customisation. I'm already hosting a few containers with a spare laptop and the traffic isn't going to be to crazy.

 

Hi everyone !

Right now I can't decide wich one is the most versatile and fit my personal needs, so I'm looking into your personal experience with each one of them, if you mind sharing your experience.

It's mostly for secure shared volumes containing ebooks and media storage/files on my home network. Adding some security into the mix even tough I actually don't need it (mostly for learning process).

More precisely how difficult is the NFS configuration with kerberos? Is it actually useful? Never used kerberos and have no idea how it works, so it's a very much new tech on my side.

I would really apreciate some indepth personal experience and why you would considere one over another !

Thank you !

16
submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
 

Hello !

Getting a bit annoyed with permission issues with samba and sshfs. If someone could give me some input on how to find an other more elegant and secure way to share a folder path owned by root, I would really appreciate it !

Context

  • The following folder path is owned by root (docker volume):

/var/lib/docker/volumes/syncthing_data/_data/folder

  • The child folders are owned by the user server

/var/lib/docker/volumes/syncthing_data/_data/folder

  • The user server is in the sudoers file
  • Server is in the docker groupe
  • fuse.confhas the user_allow_other uncommented

Mount point with sshfs

sudo sshfs [email protected]:/var/lib/docker/volumes/syncthing_data/_data/folder /home/user/folder -o allow_other

Permission denied

Things I tried

  • Adding other options like gid 0,27,1000 uid 0,27,1000 default_permissions...
  • Finding my way through stackoverflow, unix.stackexchange...

Solution I found

  1. Making a bind mount from the root owned path to a new path owned by server

sudo mount --bind /var/lib/docker/volumes/syncthing_data/_data/folder /home/server/folder

  1. Mount point with sshfs

sshfs [email protected]:/home/server/folder /home/user/folder

Question

While the above solution works, It overcomplicates my setup and adds an unecessary mount point to my laptop and fstab.

Isn't there a more elegant solution to work directly with the user server (which has root access) to mount the folder with sshfs directly even if the folder path is owned by root?

I mean the user has root access so something like:

sshfs [email protected]:/home/server/folder /home/user/folder -o allow_other should work even if the first part of the path is owned by root.

Changing owner/permission of the path recursively is out of question !

Thank you for your insights !

 

Hi everyone :)

For those interested, I share my just finished personal Firefox user.js. It's based on the latest arkenfox and has the same privacy features, with some personal tweaks to fit my workflow. And also easier to read 😅.

https://github.com/KalyaSc/fictional-sniffle/blob/main/user.js


KEEP IN MIND

Except for the privacy focused entries, some are personal choices for an easy drop-in Firefox preferences backup. This is what I consider a good privacy model and some entries could break YOUR workflow, especially if you don't have self-hosted alternatives (Vaultwarden, Linkding, Wallabag).

I'm not an expert, but most of those entries are the same as Arkenfox's user.js. I really encourage you to read their file for better understanding on what each entrie does. While my file is easier to read, one downside is the lack of documentation for each entries.

Also, this is not just a COPY/PAST. It took a lot of effort, time, reading, testing and understanding. I kept a similar naming scheme for cross referencing.

I learned a few things and hope that you also will enjoy, edit, read and learn new interesting things.

Happy hardening !


Features

  • Automatic dark mode theme (Keep in mind you still need Dark Reader or similar plugin for web pages in dark mode.)
  • Deep clean history on every Firefox quit. Only cookies as exception are kept. I need them for my self hosted services.
  • Disable password/auto-fill/breache. Vaultwarden takes care of everything.
  • All telemetry disabled by default except for the crash reports. To also disable the crash reports, comment the begining of the following lines with //:
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
  • DoH disabled (got my personal VPN with DoH enabled)
user_pref("network.trr.mode", 5);
  • Disable WebRTC. If you need it for video calling, meetings, video chats:

Comment the following line:

user_pref("media.peerconnection.enabled", false);

Uncomment the following (arkenfox default, it will force WebRTC inside your configured proxy)

//user_pref("media.peerconnection.ice.default_address_only", true);
//user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
  • FIxed Width and Height (1600x900) (Finger print resistant) arkenfox's default
  • Resist Fingerprinting (RFP) which overrides finger print protection (FPP)
  • Alot of other tweaks you can discover while reading through the file.

How to use/test this file ?

Open firefox, type about:profiles and create a test profile. Open the corresponding root folder, put in the user.js and launch profile in a new browser.

After testing and happy with the result, BACKUP your main Firefox profile somewhere safe and put the user.js in your main profile to see if it fits your workflow.

Room for improvement / TODO.

Alot of the settings in the 5000 range form arkenfox's user.js need further testing and investigation, because they could breake and cause performance/stability issues.

  • JS exploits:
- javascript.options.baselinejit
- javascript.options.ion
- javascript.options.wasm
- javascript.options.asmjs
  • Disable webAssembly
  • ...

TODO

  • Disable non-modern cipher suites
  • Control TLS versions
  • Disable SSL session IDs [FF36+]

Also those settings are another beast that needs further testing/investigation on how they work.

The user.js file

https://github.com/KalyaSc/fictional-sniffle/blob/main/user.js

WARNING

Arkenfox advise agianst addons who scramble and randomize your fingerprint characteristics (like chameleon).

WHY? Because resist fingerprint takes care of most things. See 4500: RFP (resistFingerprinting) in arkenfox user.js.

[WARNING] DO NOT USE extensions to alter RFP protected metrics

    418986 - limit window.screen & CSS media queries (FF41)
   1281949 - spoof screen orientation (FF50)
   1330890 - spoof timezone as UTC0 (FF55)
   1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
 FF56
   1333651 - spoof User Agent & Navigator API
      version: android version spoofed as ESR (FF119 or lower)
      OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
   1369319 - disable device sensor API
   1369357 - disable site specific zoom
   1337161 - hide gamepads from content
....

Very long list !

Final words

I'm open for any constructive criticism or any constructive comment that could help me out to improve or understand something new or something I misunderstood. Sure that's not 100% my work, but as I said it took a lot of time, testing, searching, reading... Please don't be a crazy Panda...

Credits

https://github.com/arkenfox/user.js

https://github.com/pyllyukko/user.js/

https://wiki.archlinux.org/title/Firefox/Privacy

18
submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
 

After the discussion in the following post I dug a bit deeper the rabbit hole.

While I mostly relied on Exodus to see if an app has trackers in it... I was baffle to see all the sketchy requests it made while dumping the DNS requests with PCAPdroid...

Over 200 shady requests in a few seconds after login... here's a preview:

While I don't use AdguardVPN, I have Adguard Home as my DNS server in my homelab... I think It's time to switch to pi-hole !

Edit: VPN pcapdroid

view more: next ›