2xsaiko

  • 6 Posts
  • 931 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle

  • This seems super overcomplicated. What I would do is put all the subdomains on the public DNS, let HTTP(S) through the firewall for the respective hosts, deny everything from outside of your local network on the http server that isn’t under the HTTP challenge path and then run the HTTP challenge as you would for a public site.

    Then you can get certs, everyone outside trying to access will get 403, and inside the network you can access as normal.

    Of course you’ll have to trust your http server’s ACL for that, but I’m just going to assume servers like nginx (which I use) have a reliable implementation.









  • 2xsaikotoLinux@lemmy.mlGRUB is confusing
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    6 days ago

    GRUB is still the standard bootloader in physical deployments because it is the most likely to work

    The countless issues you can find online about being stuck at the GRUB prompt say otherwise. I’ve personally recently experienced GRUB on a computer seemingly randomly losing information about where the config file was stored, or at least not automatically loading it. God knows where that was supposed to be stored, running grub-install fixed it in any case.

    More likely it’s used by the big non-DIY distros because it’s less effort to maintain a single bootloader than one for UEFI and one for BIOS boot, because the latter you still need anyway.

    and supports most of the features you might want in a bootloader.

    That’s the understatement of the century. It’s basically a decently sized operating system at this point, with seemingly everything tacked on that you can think of such as support for what looks like a grand total of 11 partition table schemes, “The Bee File System”, disk driver for classic Macintosh, and a JSON parser.

    While some of what it has may have been needed for BIOS boot, the essential functionality is now provided by EFI APIs, and you do not need 337979 lines of C code anymore to implement a suitable bootloader for a contemporary system.

    And I probably wouldn’t even say anything if it was well written or maintained code. There’s clearly something very wrong with it if distributions feel the need to apply hundreds of patches to it, Fedora has 283 right now. I’ve also had a terrible experience trying to script some of its commands.

    I have 2 disks which each have an efi system partition. And the root file system is btrfs raid1 across 4 disks. This was very easy to set up and completely supported by grub with no custom configuration needed.

    This is of course also supported by any other bootloader, since which of the two ESPs to load from is determined by the UEFI, and mounting the rootfs is done by the kernel. You just need to sync the two ESPs. systemd-boot’s kernel-install admittedly can’t do this out of the box, but you can make it work with hooks.



  • 2xsaikotoLinux@lemmy.mlGRUB is confusing
    link
    fedilink
    arrow-up
    42
    arrow-down
    3
    ·
    7 days ago

    Since you use UEFI, you don’t have to use GRUB. It basically consists 90% of cruft left over that was needed for BIOS boot, and has a lot of moving parts and bad design (such as a single config file which has to be shared between OSes, which is so complex it needs a generator for it).

    Try systemd-boot, it’s lightweight and well designed.

    Anyway, looks like the target parameter is default now, the “esp” in the arch command is supposed to be substituted for the ESP path, for example /efi, so the only difference is bootloader-id. Which looks like that’s the label that show up in your UEFI setup for the boot entry.


  • I’m not talking about that, considering there is an argument to be made here that he is threatening others with these weapons. This wouldn’t be okay if he was clearly doing all this for fun either, would it.

    Besides, the video makes it sound like he’s homeless, living in that car. He himself says the weapons are to protect himself from the neighbors. He should be given a home, it does wonders for mental health when you don’t have to constantly worry about getting attacked by someone who doesn’t want you living on the street. There’s a high chance that would solve the problem.


  • If it’s not you yourself who decides whether you are “in crisis”, what you want to do about it or whether you want to do anything about it at all, you do not truly own your own life. This is something incredibly personal and subjective that nobody else has the right to judge, or can even judge accurately in the first place, except for you.

    And yes, this includes the right to take your life.

    If you are not allowed the right to self-ownership like that, what it comes down to is someone else can imprison you because they don’t like how you express yourself. There is a huge power imbalance here, and you won’t be able to advocate yourself because you’re “insane” and “don’t know what you’re talking about”.

    If it’s not you yourself who decides whether you are “in crisis”, it will be used against people for simply refusing treatment for a mental disorder, for example schizophrenia. It will be used to silence “undesirable” people by the state who decides what counts as “in crisis”.

    Often, the conditions inside of a mental hospital are actively making the mental state of the people who are confined there worse, which is then used as a justification to hold them there longer against their will.

    This is abuse, it’s dehumanizing, it’s traumatizing. It’s unacceptable.

    This is a right that falls in the same category and is equally as important as, for example, the right to have an abortion. Which of course, is also under attack right now from people who want to control others’ lives, especially in the US.

    I’m not talking about someone harming others. Clearly that is different.


  • It probably should be easier, but there needs to be a set process for doing it correctly.

    Absolutely not, it’s a massive violation of people’s autonomy already.

    Someone is in a mental health crisis, but not threatening themselves or others? Street Response pulls up instead of the cops.

    but they can’t have someone committed.

    Which, in my mind, kind of defeats the purpose.

    I think it’s completely unacceptable to involuntarily commit people that aren’t even threatening anyone. Let alone “threatening themselves” which is equally a concept that goes against autonomy and should not be a valid reason for commitment either. And I’m not even talking about how often abused this is in practice.



  • 2xsaikotonixos@lemmy.mlallow unfree will not work
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    9 days ago

    It goes in a module inside the attrset braces where other options are also set. configuration.nix already has that.

    {
      nixpkgs.config.allowUnfree = true;
    
      # more option definitions
    }
    

    Actually, post your code. That way we don’t have to guess.




  • 2xsaikotoSelfhosted@lemmy.worldMy thoughts on docker
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    11 days ago

    Yeah, when I got started I initially put everything in Docker because that’s what I was recommended to do, but after a couple years I moved everything out again because of the increased complexity, especially in terms of the networking, and that you now have to deal with the way Docker does things, and I’m not getting anything out of it that would make up for that.

    When I moved it out back then I was running Gentoo on my servers, by now it’s NixOS because of the declarative service configuration, which shines especially in a server environment. If you want easy service setup, like people usually say they like about Docker, I think it’s definitely worth a try. It can be as simple as “services.foo.enable = true”.

    (To be fair NixOS has complexity too, but most of it is in learning how the configuration language which builds your operating system works, and not in the actual system itself, which is mostly standard except for the store. A NixOS service module generates a normal systemd service + potentially other files in the file system.)