Irresponsible and malicious journalism like this is why I have an immediate distrust against any sort of reporter that tries to talk to me. Probably irrational but still.

I hope your balls explode.

I wish him the very same.

Yup!

Never seen this before, but you can enable NFS debugging with ‘rpcdebug -m nfs -s all’ (or nfsd on the server, or rpc for the underlying protocol). It prints to dmesg.

IIRC Keepass2Android does have that feature.

This is a great project. The way it handles mixing markup and code is on point. Also, for drawing its CeTZ is so much nicer than TiKZ, the LaTeX equivalent. I made some great graphics with it for a seminar presentation and paper that I couldn’t have done anywhere near as easily with LaTeX. (The presentation slides I made entirely with Typst, the paper had a LaTeX template that I didn’t feel like remaking because it was huge so I just embedded the graphics I made with Typst)

I’m not convinced this is a good idea. Resident keys as the primary mechanism were already a big mistake, syncing keys between devices was questionable at best (the original concept, which hardware keys still have, is the key can never be extracted), and now you’ve got this. One of the great parts about security keys (the original ones!) is that you authenticate devices instead of having a single secret shared between every device. This just seems like going further away from that in trying to engineer themselves out of the corner they got themselves into with bullshit decisions.

Let me link this post again (written by the Kanidm developer). Passkeys: A Shattered Dream. I think it still holds up.

What they suggest sounds like setting up a bridge interface between your LAN and the VPN interface to connect the VPS with your LAN. That’s actually a good idea since it would not need you to have a separate /64 for your local network. In this case I’m pretty sure that your VPN needs to be a layer 2 VPN, i.e. transports whole ethernet frames instead of TCP/UDP only, for this to work correctly. Wireguard doesn’t do this, OpenVPN can for example.

To make the VPS a gateway, you need to configure it to forward packets between networks and then set it as your default route on the clients (with IPv6, default route is usually published using router advertisements, set up radvd service on your VPS for that). That’s pretty much it IIRC except for the firewall rules. Here’s an article that’s some cloud stuff but is also applicable to your situation: https://www.linode.com/docs/guides/linux-router-and-ip-forwarding/#enable-ip-forwarding

I had the network before moving here (created it when I did have a public IPv4). Can’t test creating one new since it will only allow me to make one per IP.

Hm, it doesn’t? I’m not behind CGNAT but I’m in a network I don’t control (university dorm) so my gateway is just another device in the local network and I don’t have a public IP which I control, which I feel like should effectively be the same thing as CGNAT, and it works for me. Maybe it isn’t the same.

The easy way is to just use tunnelbroker.net, that is what I currently have (this would use one of their assigned net blocks, not the one from the VPS). Set it up on the Pi, set up IP forwarding with appropriate firewall rules, make the Pi serve RA so clients can assign themselves an IP, done (IIRC).

If you want to set up the v6/v4 gateway yourself, I would do this with a /64 you can fully route to your home network like you would get with tunnelbroker.net because then you don’t have to deal with the network split and essentially two gateways for the same network (your Pi and the VPS), because otherwise your clients would assume the VPS is directly reachable since it’s in the same network when in reality it would have to go through the gateway (you would have to set up an extra route in that case on every client, I think). You’d need a second network from Oracle for this.

But it’s pretty much the same thing I would assume plus the setup on the VPS side, make the VPN route your /64 block (or use 6in4 which is what tunnelbroker.net uses), configure IP forwarding on the Pi and the VPS between the VPN interface and local/WAN respectively.

You’re looking for an OAuth-compatible identity provider (personally I use Kanidm, if Keycloak does that too that works, I’ve never used it). And then set it up as the auth mechanism for Immich, and whatever else you want: https://immich.app/docs/administration/oauth

How about GNU M4 + Make (output)?

(to be clear this is a joke suggestion. but yes it is what I legitimately use)

I like to order tech stuff from mindfactory.de

Don’t use passwords for public SSH in the first place. Disable password authentication and use pubkeys.

I’m in a similar situation. Before I had to move all was fine, I had a single ethernet port I plugged my router into. It even had a static IPv4 (even though no IPv6 but I could just use tunnelbroker). Literally perfect.

After I moved I’m now stuck in this horribly designed network that has a stupid internet cafe tier login portal even for wired devices, unencrypted wifi, seemingly every single device from every student on the same network (I am getting blasted with other people’s broadcast packets and I’m pretty sure the network congestion from that is where my weird intermittent packet loss comes from). And now I don’t have any public IP address at all.

Whoever they hired to set this up is an absolute moron who has no idea about network security or how to make an efficient network and considering the internet cafe login portal probably likes to cause as much suffering as possible. (Not saying I’m necessarily qualified but the fact alone that I can connect to other people’s AirPlay devices means they failed at both.)

And the reason all of this is a problem is that they also don’t allow putting a router/firewall in front so I can get a sane network. Had to tear down pretty much all the infrastructure I set up in the old place because a lot of it was relying on me having control over the network. Of course, I knew none of this before I moved in, I was explicitly looking for internet shenanigans in the contract.

I now have a janky Wireguard mesh network setup with one of the machines being the IPv6 gateway. Awful but at least I have public addresses and IPv6 (and with that a bit of my own network space) again.

Me too, Intel

Registrars (or DNS providers if you don’t use the one that comes with your registrar) worth using have an API to manage DNS entries. That’s basically all there is to DynDNS.

Just one more lane will fix traffic bro

Recently, I met with a founder who cringed when his colleague used the word “humans” instead of “users.” He wasn’t sure why.

Yeah because it sounds super weird. Who says “humans” instead of “people”.

• “my app has 2000 users” - yes
• “2000 people use my app” - yes
• “2000 humans use my app” - you’re definitely an alien

Either way what a stupid article. The AI angle pretty much makes me dismiss it outright because I refuse to let AI dictate anything I do except for adding AI crawlers to my website’s robots.txt. And then you’ve got the corporate focus which is also really strange since that’s not the only place where there’s “users”. Open-source software also has users (and developers, so if you want to replace “users” with “people”, does that mean developers are not people?) and I would be insulted if someone implied I “depersonalize” the people who use my software by calling them users. It’s just a descriptive word and this article and everyone quoted here seems like they’re trying to pull a bad connotation to the word out of thin air.