[-] bazmatazable@reddthat.com 8 points 4 months ago

Thank you for the post, I do like reading what experts have to say about our digital privacy. I don't like that many of these articles/discussions focus on specific choices that a user can make to gain more privacy. Please can we stop pretending that there is any alternative to WhatsApp. The network effect is why we use their platform not for any other reason. Its like advising someone to speak Fuzhou instead of Mandarin when in China, its not that its wrong to do so just that it is poor advice, or at the very least assumes that your priority is to speak Fuzhou over actually communicating with other people. The author says as much themselves: “Collective problems need collective solutions.” This is great! But shortly after we read: “Instead of using WhatsApp, use Signal.” groan + face-palm. I want to be positive and reiterate that I am happy that this is being debated at all.

192

cross-posted from: https://lemmy.world/post/16402340

California socialite Rebecca Grossman sentenced to 15 to life for killing 2 kids in crosswalk

A wealthy California woman who co-founded a burn center foundation in the Los Angeles area was sentenced to 15 years to life in prison Monday for the hit-and-run killings of two children while they were in a crosswalk more than three years ago.

Rebecca Grossman was speeding when she struck and killed Mark Iskander, 11, and his brother Jacob, 8, while they were in a crosswalk in the Los Angeles-area city of Westlake Village on Sept. 29, 2020.

“The loss of these two innocent lives has devastated their family and our community. Ms. Grossman’s blatant disregard for human life is a stark reminder of the grave consequences of irresponsible behavior behind the wheel,” Los Angeles County District Attorney George Gascón said in a statement.

A jury convicted Grossman in February on two counts of second-degree murder, two counts of vehicular manslaughter with gross negligence and one count of hit-and-run driving resulting in death.

64

cross-posted from: https://reddthat.com/post/19788762

If you ever wanted to know too much about where the majority of our search results come from and the many niche alternatives trying something different.....

31

cross-posted from: https://reddthat.com/post/19788762

If you ever wanted to know too much about where the majority of our search results come from and the many niche alternatives trying something different.....

93

If you ever wanted to know too much about where the majority of our search results come from and the many niche alternatives trying something different.....

[-] bazmatazable@reddthat.com 8 points 8 months ago

I think this is related to the GNU Taler open source project. Appears they are testing to see if the technology is appropriate. New EU project NGI TALER will bring private and secure online payments to the Eurozone

120
The Fraud of Plastic Recycling (climateintegrity.org)

So upsetting that it takes decades for this information to surface.....

168
submitted 9 months ago* (last edited 9 months ago) by bazmatazable@reddthat.com to c/worldnews@lemmy.ml
24

Following on from this discussion: https://reddthat.com/post/6044040 I finally updated my VPS setup - deleted everything and started fresh with a whole new approach. I decided to make a full writeup for anyone that might find it useful or at least mildly interesting. I'm not an expert in any of the concepts that I wrote about so looking forward to the many many ways that I can improve! Many thanks!

11
submitted 1 year ago* (last edited 1 year ago) by bazmatazable@reddthat.com to c/selfhosted@lemmy.world

TLDR~ Networking is deceptively easy to grasp conceptually and infuriatingly fiddly to implement in the real world. I am looking for help and advice to design a solution that fits my needs but done 'the right way'.

The Hardware and Physical Network:

The main server is living in my home, it is an intel NUC running Ubuntu. I rent a tiny VPS (linode) running Debian with a public facing static IP (hello internet!). My networking is fairly standard consumer grade hardware with most things wired into my main gigabit switch. I have more than one wifi access point but all that is managed by my router. The router is connected to my ISP router in a way that creates a double NAT situation. Before you comment - I can't change ISP, I can't open ports, I can't change the ISP router, my ISP doesn't hand out static IP addresses, if you have any questions about my ISP the worst possible answer is probably correct. (The connection however is fiber and I'm getting about 800Mbps down / 80Mbps up.)

The Software and Setup:

I now have about 65 docker containers running all the usual services with plenty of extra apps that are somewhat useful but also just for fun (the number of containers is a bit misleading because I often have separate containers for databases or cron jobs and the like). The greatest hits include: Nextcloud, Homeassistant, Jellyfin, Photoprism, Vaultwarden, Pihole, Mailu and more. I also have some services setup natively (apt install): tailscale, wireguard and mergefs. About half of my services are 100% local only where I can access them on an assigned port number (e.g. jellyfin would be "server_name:port_number") and I can access those services in a pinch either through tailscale or via wireguard which bring us nicely onto the VPS: The VPS is runnng a wireguard 'server' and I have wireguard client configs for my devices and for my home server so that if I connect to the wireguard VPN I can access my server and also route traffic to the internet just like any other VPN provider.

Reverse Proxy

Now this is the really tricky part. I also have my own domain and I have configured a series of subdomains for services that I want to be able to access seamlessly from anywhere. I don't want to use the VPS/VPN unnecessarily when I'm at home and I don't want to have to remember to toggle wireguard/tailscale whenever go out or come home. For the most part I have solved this but I am sure I have done this in an amateur way: I run two duplicate nginx reverse proxy containers, one on the VPS and one on the home server. The VPS is able to request and obtain https certificates from letsencrypt and these allow either reverse proxy to terminate the encrypted web traffic. When connecting from the public internet, nginx (on the VPS) then proxy forwards the connection unencrypted down through the wireguard tunnel (so still encrypted) back to my server at home. At home I am running a Pihole DNS server so that when I request the same domain but from my local network the request goes instead to the duplicate nginx reverse proxy. When connecting nginx (on my home server) the https termination is handled there and then forwarded on the wireguard network but now this is all happening on the server and not across the internet. Happy days? Yes for the most part this all works great but it does seem like the wrong way to do it.

Mailu (but not really)

Currently my Mailu setup is limited as I am using the fetchmail service to get incoming emails from my existing email providers (gmail etc) and I am using a SMTP relay to send email. Mailu is not actually doing the job of a fully independent email server which I'm fine with for now and it gives me the possibility to expand its functionality in the future. So really everything up to this point has been the back-story to explain my situation with Mailu now. Currently I have Mailu setup exactly as the developers suggest: Mailu is a collection of docker containers that make up the individual parts of an email server and the stack is all wrapped up nicely by using its own specially configured nginx reverse proxy (if you've been keeping score that makes 3). This reverse proxy manages the https connections and then routes them to the back-end servers (containers). I was able to make this work for the webmail service because I configured it to serve unencrypted over http and then use my existing nginx (VPS and home server) the same way as for all my other services. However I wanted to have access to the IMAP and the SMTP services and for this I took a different approach. I used the nginx "stream" block in the configuration to forward the IMAP and the SMTP connections from the public internet via the VPS but on my local network the connection is just direct to the home server. So I can connect Thunderbird from my laptop and K-9 from my phone and send and receive email. And with the magic of having my own DNS server this actually works totally fine because all the connections require authentication and I don't need to know the source IP address of the client connecting for this to work. So when I setup my mail clients I use my own domain for both the IMAP and the SMTP servers - very satisfying!

Sending and Receiving Email Properly:

Firstly, if the reports about actually sending email from your own sever are true then I can safely say its not for me. I am happy to use a relay I'm not a masochist.... I do want to properly receive emails to my email server and I think it should be much easier than sending. I did manage to receive some emails. I configured my domain MX records correctly and then by opening port 25 on my VPS and having nginx stream that connection to Mailu I was able to receive email directly (yay!) but with one major problem: the source IP for all the connections were from my internal wireguard IP and not the actual public IP of the server sending me the email. This was a huge problem for my spam filter as it needs the source IP when trying to identify spam. The number of false positives just skyrocketed.

Issues with Proxy Forwarding

I am obviously not the first person to face this issue so I know that technically this can be configured correctly. The issues I am facing is that if I try and enable any of the proxy protocols in nginx to send the client IP in the header then Mailu spits an error (like 500 bad command) because we are interfering with the email protocol and the connecting server doesn't like that. I have tried changing settings in the Mailu reverse proxy but everything I have tried so far has no effect. Alternatively we can go up a level and use some IP forwarding rules to rewrite the destination IP of the incoming packets (maybe using iptables instead of nginx) and this will transparently preserve the 'from IP' packet header but then we need to setup my home server to relay everything back to the VPS otherwise the return packets will come from my home IP and not the VPS IP which will fail to correctly establish the connection. My current thinking is to create another wireguard client (in a container this time) that is part of the Mailu stack and that I can assign its own virtual NIC and IP address. Then I can bind port 25 to a unique IP and then have a routing rule to redirect all this traffic from that IP back to the VPS.

Cry for help:

How do I get this to work without breaking everything!? Have I made this more complicated than it needs to be? Have I just reached the edge of what these systems were deigned to do?

Thank you!

[-] bazmatazable@reddthat.com 15 points 1 year ago

Before you post a snappy "just do X" or "try this software" try it yourself consent-letter-2123.pdf my complaint is not trivial.

[-] bazmatazable@reddthat.com 13 points 1 year ago

https://travel.gc.ca/docs/child/consent-letter-2123.pdf Open the form and try it yourself. What you are saying doesn't work for this form. You need the scripts embedded in the form to create the final consent letter.

[-] bazmatazable@reddthat.com 9 points 1 year ago

Adobe does sell licences for other companies to use the XFA format but even the software you linked has a free reader that pushes you to the paid full version. Also not FOSS.

[-] bazmatazable@reddthat.com 17 points 1 year ago

I'm glad that not everyone is oblivious to my suffering! Thanks for the validation!

[-] bazmatazable@reddthat.com 10 points 1 year ago

https://travel.gc.ca/docs/child/consent-letter-2123.pdf I was exactly in your position before I had to use this document! I was confident that a government form would not be this complicated but a big part of my frustration was that I was trying to solve the issue as if it was a PDF problem but PDF is an open standard and there are plenty of excellent FOSS tools and programs that can do anything you can imagine with a PDF. This form is an imposter!

[-] bazmatazable@reddthat.com 11 points 1 year ago

Very disappointed that the Canadian government uses them so much. I'm open to changing my mind if there is an explanation as to why this format is irreplaceable. Like maybe it offers some security feature or the like?

98

I was forced to fill out an XFA form (that was pretending to be a PDF) from the Canadian government and the experience left me feeling completely subjugated. The lengths that Adobe go to to make sure that you have the most frustrating experience possible is unbelieveable. Searching for alternatives or help leads you to either: be forced to buy their premium software (or a licensed equivalent) or subscribe for Adobe's online tools. Why is this propriety format allowed in government forms? What is so fantastic/irreplaceable about this format?

[-] bazmatazable@reddthat.com 16 points 1 year ago

Maybe you would be interested to try linuxfromscratch?

[-] bazmatazable@reddthat.com 9 points 1 year ago

Please share that article! 5% feels like just around the corner!

[-] bazmatazable@reddthat.com 7 points 1 year ago

I guess this is the endgame for tracking every user in the world but they added "universal basic income" in the title so that its not so obvious what they are up to?

[-] bazmatazable@reddthat.com 19 points 1 year ago* (last edited 1 year ago)

If you want a fair comparison between Windows, MacOS and Linux then I think its wrong to compare distros that don't come pre-installed when you buy your device.

Not one single MacBook owner had to install their OS and configure drivers etc. None of my family, friends or coworkers had to install Windows on any of their PCs (I know that some people do but not in any of my social circles).

Consider Pop_OS from System76 or Tuxedo OS from Tuxedo Computers, they have identical user experiences as Mac or PC:

Step 1: Buy computer Step 2: Turn on Step 3: Answer some one time setup questions Step 4: Get on with your life

If you have the opportunity to build your own PC and fresh install an OS from scratch then when you come across a problem that you don't have experience with you will be understandably frustrated.

Specifically Windows has the advantage that hardware manufactures always make drivers for Windows. If your hardware is supported then the Linux OS installation is not very different, but when the hardware is not plug-and-play then configuring Linux becomes its own kind of frustration torture.

TL;DR Get your computer with the OS already installed, then Linux is no more frustrating than a Mac or PC. Install Linux yourself and your mileage may vary.

view more: next ›

bazmatazable

joined 1 year ago