• 2 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle


  • If you talk to people about homelessness, they will readily admit they just don’t want to see it. If go to any cheaper grocery store you definitely are rubbing shoulders with people who use foodbanks. Food insecurity doesn’t go away just because you have a roof over your head.

    The rub is a foodbank in a grocery store will attract the more visible “unreliable access to showers” type of user, which would be unacceptable.





  • It’s easy* to setup Hashicorp Vault with your own CA and do automated cert generation and rotation, if you are willing to integrate everything into Vault and install your root CA everywhere. (*not really harder than any other Vault setup, but yaknow). I may go down this route eventually since I don’t think a device I don’t control has ever accessed anything I selfhost, or ever will.

    I have a wildcard subdomain pointing to my public IP, and forward port 80 to an LXC container with certbot. Port 80 appears closed outside the brief window when certbot is renewing certs. Inside my network I have my PiHole configured to return the local IP for each service.

    Nothing exposed to the internet at all. There is a record of my hostnames on Let’s Encrypt but not concerned if someone will, say, deduce apollo-idrac is the iDRAC service for a Dell rackmount server called apollo and the other Greek/Roman gods are VMs on it. Seemed like a house of cards that would never work reliably, but three odd years later I only have issues if a DNS resolver insists on bypassing my PiHole. And that DNS resolver is SystemD-ResolveD which should crawl back into whatever hellhole it came out of.


  • They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

    I don’t think there’s significant real tangible risk since who cares about your private selfhosted services and I’d be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn’t what I’m going to be worried about.

    But it is why CSRs are used.


  • Buddy if you are waiting for a Sign, this is it. It’ll never get more concrete than this message I’m typing for you right now. Having a lot of doubts is common. It wasn’t truly real for me until I started medication.

    My broad advice is to find a good psychiatrist (and don’t be afraid to switch if you aren’t happy) and dig as deep as possible for evidence both for and against. Go in with confidence that you have ADHD symptoms, but keep an open mind since there are alternative explanations. A diagnosis of “no you don’t have ADHD it’s actually ____” is also important information to know, and you will regret letting it drag out if you do have ADHD.


  • I’m curious what you would change about (Western?) society to make ADHD manageable like it apparently already is in “many countries,” in concrete well defined terms. Not sure how society could negate the emotional regulation issues that frequently come with ADHD. I would also emphasize there’s a distinction between “a society where people with ADHD can function” and “a society perfectly suited for people with ADHD.”

    I’m sensing that ADHD is a label thrust upon you, and if you feel you function fine without any sort of treatment it’s probably not accurate. It’s also now occurring to me how hilariously easy it would be to troll any sort of mental health issue. Depression isn’t a disorder it’s just SADNESS coming from MODERN SOCIETY and we just need to uncheck the CAUSE DEPRESSION box in society’s configuration.


  • The layoff includes Mary Kirby, who’s been a core writer in the Dragon Age franchise since the first game. Saw takes that the layoffs are just eliminating multiplayer positions, but that’s not true.

    I’ve long suspected that Dreadwolf will make or break BioWare. Since it’s following the same script as Andromeda and Anthem - endless delays, no public progress just lots of b-roll and concept art - I don’t think development is going well. ME: Legacy might have bought BioWare some breathing room but I can’t interpret this as anything other than death throes for the studio.

    BioWare is dead, long live Larian and Spiders?


  • I’ve found the idea of LXC containers to be better than they are in practice. I’ve migrated all of my servers to Proxmox and have been trying to move various services from VMs to LXC containers and it’s been such a hassle. You should be able to directly forward disk block devices, but just could not get them to mount for an MinIO array - ended up just setting their entire contents to 100000:100000 and mounting them on the host and forwarding the mount point instead. Never managed to CAP_IPC_LOCK to work correctly for a HashiCorp Vault install. Docker in LXC has some serious pain points and feels very fragile.

    It’s damning that every time I have a problem with LXC the first search result will be a Proxmox forum topic with a Proxmox employee replying to the effect of “we recommend VMs over LXC for this use case” - Proxmox doesn’t seem to recommend LXC for anything. Proxmox + LXC is definitely better than CentOS + Podman, but my heart longs for the sheer competence of FreeBSD Jails.