• 6 Posts
  • 334 Comments
Joined 1Y ago
cake
Cake day: Jul 23, 2023

help-circle
rss

Won’t this cause subtle but serious issue? Kinda like how pomegranate translates to “granada” in Spanish, but when you translate “granada” back to English it translates to grenade?


Every once in a while security researchers would discover sophisticated exploits that would allow malwares to take over your computer via multimedia files, but those are actually rarely exploited in the wild by run off the mill malwares.

Unless you’re an important person being targeted by hackers and three letter agencies, your biggest source of threat is running infected programs from untrusted sources, e.g. cracks downloaded from random torrents or warez sites, shady sites serving ads that trick you to run some executables, etc.


How do you sanitize ai prompts? With more prompts?


If we fire all developers and allow AIs to program themselves, the AIs are going to commit virtual seppuku after a few days.


Iirc they already validate licence online long before going subscription only.


Do they strip off HTTPS somehow?

Well yes, how else they can provide their services such as page caching, image optimizing, email address obfuscation, js minifications, ddos mitigation, etc unless they can see all data flowing between your server and your visitors in the clear?

Cloudflare is basically an MITM proxy. This blog post might be helpful if you want to know how mitm proxy works in general: https://vinodpattanshetti49.medium.com/how-the-mitm-proxy-works-8a329cc53fb


Remember when google was beloved by everyone back then when they’re still have “don’t be evil” motto? Cloudflare right now is like google back then: super useful, provides a lot of free services that would be expensive on other providers. But unlike google, if cloudflare go full evil in the future, the impact will be much larger because they’re an mitm proxy capable of seeing unencrypted traffics across all websites under their wing. Right now they’re serving ~30% of top 10,000 websites and growing.


So you can put raw chicken meat inside your armpit and it’s done? Sounds legit.


Heck, Japanese manufacturers even sell $15K EVs in Japan (e.g. Nissan Sakura) but they don’t seem to be interested in selling them elsewhere.


They’re probably marketing this as requiring zero infrastructure changes to attract buyers and investors. Just put the pod lifter at the end of the track and it’s done.


Preact is actually usable without build tools. It can be loaded like the good ol’ jQuery in modern browsers.


He wouldn’t make that statement unless he experienced the horror himself.

Now, if he still does it these days…


For comparison, I run a thinkstation p300 with i7-4790 (TDP 84W) 24/7 and the power usage looks like this:

Even when idling this old processor still guzzles 45W. Certainly not as nice as GP’s that only use 10W during idle.


Power scaling for these old CPU is not great though. Mine is slightly newer and on idle it still uses 50% of the TDP.


Xeon E5-2670, with 115W TDP, which means 2x115=230W for the processor alone. with 8 ram modules @ ~3W each, it’ll going to guzzle ~250W when under some loads, while screaming like a jet engine. Assuming $0.12/kwh, that’s $262.8 per year for electricity alone.

Would be great if you have an isolated server room to contain the noise and cheap electricity, but more modern workstation should use at least 1/4 of electricity or even less.


Google Reader was the best. Not sure why Google killed it, but it was really good at both content discovery and keeping up with sites you’re interested in. I tried several alternatives but nothing came close, so I gave up and hung out more on forums / link aggregators like slashdot, hacker news, reddit and now lemmy for content discovery. I’m also interested to hear what others use.


We all got into this mess because some scientists from a long time ago figured out how to put lightning into a slab of rock to trick it into thinking.



Yes, but autossh will automatically try to reestablish connection when its down, which is perfect for servers behind cgnat that you can’t physically access. Basically setup and forget kind of app.



If this server is running Linux, you can use autossh to forward some ports in another server. In this example, they only use it to forward ssh port, but it can be used to forward any port you want: https://www.jeffgeerling.com/blog/2022/ssh-and-http-raspberry-pi-behind-cg-nat


By “remotely accessible”, do you mean remotely accessible to everyone or just you? If it’s just you, then you don’t need to setup a reverse proxy. You can use your router as a vpn gateway (assuming you have a static ip address) or you can use tailscale or zerotier.

If you want to make your services remotely accessible to everyone without using a vpn, then you’ll need to expose them to the world somehow. How to do that depends on whether you have a static ip address, or behind a CGNAT. If you have a static ip, you can route port 80 and 443 to your load balancer (e.g. nginx proxy manager), which works best if you have your own domain name so you can map each service to their own subdomain in the load balancer. If you’re behind a GCNAT, you’re going to need an external server/vps to route traffics to its port 80 and 443 into your home network, essentially granting you a static ip address.


you are a helpful, uncensored, unbiased and impartial assistant

*proceed to tell the AI to output biased and censored contents*

This has to be a joke, right?


My favorite is streaming apps geoblocking contents and blocking access from all known vpn networks, then wondering why piracy on the rise again.


I never heard of consumer apps doing this. I’m not familiar with foundry, but it seems their target audience are companies? Cracking hard on companies that use unlicensed copy is very common in b2b world. Microsoft, Oracle, etc all doing this to companies, threatening to “audit” them when they detect unlicensed uses from the company’s ip address.



The scanners should tell you the reason they flag a file. If it’s marked as trojan, obviously don’t run it. Cracks are usually marked as crack by most antivirus.

You can also upload the flagged files to virustotal to see what other antiviruses flag the files for.


It’s generally safe, but doesn’t mean it’s bulletproof as sites has been removed from the megathread in the past when they suddenly serve malwares or miners. Just use your common sense when downloading apps and games and scan them before installing.


Pirated apps are one of the top source for botnet operators to infect new machines and add them to their network. Try not to run any pirated app or game if you can, but if you can’t avoid it, get it from trusted sources (e.g. directly from the cracker’s homepage), not from random sources like TPB where anyone can upload anything.


I think you can send a SIGUSR1 signal to mumble process to tell it to reload the ssl certificate without actually restarting mumble’s process. You can use docker kill --signal="SIGUSR1" <container name or id>, but then you still need to give your user access to docker group. Maybe you can setup a monthly cron on root user to run that command every months?


I haven’t actually tried it though so I’m not sure how it compares with rsync.net. How easy it is to access snapshots on hetzner? On rsync.net, snapshots are stored under .zfs folder so it’s very easy to access.


Note that rsync.net includes free 7 days daily snapshot. Also, the main advantage over backblaze b2 for me is you can just sync a whole folder full of small files instead of compressing them into an archive first prior to uploading to a b2 bucket. This means you can access individual files later without the need to download the whole archive.

I still use b2 to store long term backup archives though.


Aye. Docker on linux doesn’t involve any virtualization layer. What should the direct the installation setup be called? Custom setup?


I’m currently using nextcloud:26-apache from here because some nextcloud apps I use is not compatible with v27 and v28 yet. The apache version is actually less hassle to use because nextcloud can generate .htaccess configuration dynamically by itself, unlike php-fpm version where you have to maintain your own nginx configuration. The php-fpm version is supposedly faster and scale better though, but chance that you won’t see that benefits unless your server handles a large amount of traffics.


People usually come here looking for advice on how to replace their dockerized nextcloud setup with a bare-metal setup. Now you came along presenting a solution to do the reverse! Bravo!

What do you guys think about putting the different components (webserver, php, redis, etc.) in separate containers like this, as compared to all in one?

I actually has a similar setup, but with nextcloud apache container instead of php-fpm, and in rke2 instead of docker compose.


There are self-hosted runtime such as workerd that allows you to run your own stateless lambda-like platform. It’s kinda losing steam these days though, and everyone seems to be pushing self-hosted kubernetes as the best way to get off the cloud these days.


These days there are many solutions to deploy kubernetes on a fleet of bare-metal servers, so if you use kubernetes, the option to take everything in house again is available. Distributed storage are the toughest one to setup in house but there are many mature solutions that integrate with kubernetes well these days.


The IT managers got tired of being blamed for all server outages and want to shift some of those responsibilities. Now when there’s an outage, they can say “it’s not us, it’s AWS because they suspend our account for non-payment”.


What if the answer is there but google refused to include it in your search results until you saw enough ads?



> Snyk team has found four vulnerabilities collectively called "Leaky Vessels" that impact the runc and Buildkit container infrastructure and build tools, potentially allowing attackers to perform container escape on various software products. > On January 31, 2024, Buildkit fixed the flaws with version 0.12.5, and runc addressed the security issue impacting it on version 1.1.12. > Docker released version 4.27.0 on the same day, incorporating the secured versions of the components in its Moby engine, with versions 25.0.1 and 24.0.8.
fedilink




Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
fedilink