For me it was the inappropriate description on the last post. This is not an NSFW community and I didn’t want to read that.

The point is how expensive it is. For your 1 request, you wait 2 seconds, and the power draw is a minor inconvenience. For the massive botfarm, it adds up to days of CPU time and a significant portion of the electricity bill.

Poettering only very recently left microslop

Not much of a newsletter but Dolphin Emu progress reports.

Lots of things wrong with this but one I haven’t seen yet is that CachyOS literally depends on ArchLinux, yet is more “independent” than it?

These are terrible axis to try and plot operating systems, and limiting yourself to such low resolution with no overlap doesn’t help.

Hell yeah! 10x speed improvement for free!

What I’m noticing more, is that you can keep a consistent 11.4MB/s, this feels relatively close to what you’d usually pull through a 100mbit/s link (after accounting for overhead). If that’s the case, it shouldn’t matter how the NFS client decides to chunk the data, for how much throughput there is to the NAS. Which means you’re looking at a broken NFS server that can’t handle large single transmissions.

If it’s not the case, and you’ve got a faster network link, it seems that the NAS just can’t keep up when given >2gb at once. That could be a hardware resource limitation, where this fix is probably the best you can do without upgrading hardware. If it’s not a resource limitation, then the NFS server is misbehaving when sent large chunks of data.

Basically, if your network itself (like switches, cables) isn’t broken, you’re either dealing with a NAS that is severely underspecced for what it’s supposed to do, or a broken NFS server.

Another possibility for network issues, is that your proxmox thinks it has gigabit (or higher), but some device or cable in between your server and NAS limits speed to 100mbit/s. I think it’d be likely to cause the specific issues you’re seeing, and something like mixed cable speeds would explain why the issue is so uncommon/hard to find. The smaller buffers more frequent acknowledgements would sidestep this.

Do note I am also not an expert in NFS, I’m mostly going off experience with the “fuck around and find out” method.

Sounds like a band-aid fix to a completely different problem. If NFS is timing out, something is clearly broken. Assuming it’s not your network (though it could very well be), it’s likely the Synology NAS. Since they’re relatively closed devices afaik, I sadly can’t help much in troubleshooting. And sure, dumping 25GB on it all at once is heavy, but it should handle that, being a NAS.

Matrix (Synapse with Element) can be self-hosted for free, though they have optional paid plans for enterprises. The main goal of Matrix is federation (connecting with other servers), though this can be turned off completely. This is probably the most “business” look/feel you can get fully FOSS, if that’s what you’re looking for.

XMPP has more clients/servers, and is more for the technically oriented end user. I can’t really give recommendations here, as I haven’t extensively used XMPP.

Spacebar (formerly Fosscord) is a Discord clone (API compatibility as a goal) that can be selfhosted.

I’ve seen many default docker-compose configurations provided by server software that expose the ports of stuff like databases by default (which exposes it on all host interfaces). Even outside docker, a lot of software, has a default configuration of “listen on all interfaces”.

I’m also not saying “evil haxxors will take you over”. It’s not the end of the world to have a service requiring authentication exposed to the internet, but it’s much better to only expose what should be public.

UFW works well, and is easy to configure. UFW is a great option if you don’t need the flexibility (and insane complexity) that manually managing iptables rules offers,

The job of a reverse proxy like nginx is exactly this. Take traffic coming from one source (usually port 443 HTTPS) and forward it somewhere else based on things like the (sub)domain. A HTTPS reverse proxy often also forwards the traffic as HTTP on the local machine, so the software running the service doesn’t have to worry about ssl.

Be sure to get yourself a firewall on that machine. VPSes are usually directly connected to the internet without NAT in between. If you don’t have a firewall, all internal services will be accessible, stuff like databases or the internal ports of the services you host.

You need a couple things:

• The kernel driver (dkms)
• Userspace component
• Kernel headers (for dkms)

First get your kernel headers, this is easy enough, but varies based on which kernel you have installed. The format of the package name is {kernel}-headers. If you have the linux kernel, get linux-headers. If you have linux-lts, get linux-lts-headers. If you’re not sure on this, the command pacman -Q | grep linux searches for installed packages containing linux in the name. If you have multiple kernels installed, get the headers for all of them.

Then install (from AUR) at least nvidia-580xx-dkms (display out) and nvidia-580xx-utils (Acceleration, like 3D and video decoding). If you have Steam or play Windows games under Wine, be sure to get lib32-nvidia-580xx-utils too.

Also of note is the order in which you install things. Having the kernel headers installed is important for the DKMS modules to install succesfully. If you already have nvidia-580xx-dkms but were missing your kernel headers, you should reinstall it after installing your kernel headers.

There is a way, but no point in doing so. As such no OSes offer such an option out of the box. For file encryption to be of any use, you need there to be some kind of authentication before being able to access those files (like a password).

The easiest method would be to encrypt the entire drive, as modern Linux and Windows both support using the TPM for automatic unlocking. With that, set up standard user autologin and you’ve made the drive encryption useless.

No, not really. “Casting” through the netflix app basically just turns your phone into a remote for your TV. The TV still plays videos from Netflix directly, using the Netflix app (or website). Casting using Google or Apple’s solution casts to a proprietary device with all the content protections functional, just like using the app on those devices.

The content protections are bypassed way easier on a computer by using the website and some black magic. The removal/paywalling of casting is purely removing convenience from the user that had barely any financial impact on the company.

The documentation you were looking at might’ve been the Matrix specification.

There is documentation on how to host a Matrix server, I’d honestly recommend using containers (maybe docker compose) for this one. It can definitely be confusing setting up a service like a Matrix homeserver for the first time.

As for other people finding it, you can (and should) make your homeserver invite-only. It’s also possible to disable federation, which makes the server self-contained. It will not accept incoming connections from other servers, nor make outgoing connections to other servers.

This does mean everyone you want to talk with has to be on your homeserver. There are probably better options available if you want to avoid Matrix’ federation issues, like Spacebar.

Web push for notifications. Sure, there’s privacy implications, but it’s already near universal. There’s other options like ntfy.sh if you’re not limited to existing infrastructure. UnifiedPush also works well as a protocol for push notifications.

Everything else can be handled in-app. Password reset will have to be done by an admin, though it’s completely doable for a small selfhosted service.

Some of the downsides OP listed may or may not always apply, but there are always downsides. Either you have to set up your own email server (with extra maintenance burden), or your “selfhosted” app suddenly relies on third party infrastructure, like your email provider (or those of other users on your instance).

That’s just Ubuntu, including their marketing strategy towards enterprise clients for desktop. (Without the pun in the name of course)

The RomM project does exactly that

This is heavily sensationalized. UEFI “secure boot” has never been “secure” if you (the end user) trust vendor or Microsoft signatures. Alongside that, this ““backdoor”” (diagnostic/troubleshooting tool) requires physical access, at which point there are plenty of other things you can do with the same result.

Yes, the impact is theoretically high, but it’s the same for all the other vulnerable EFI applications MS and vendors sign willy-nilly. In order to get a properly locked-down secure boot, you need to trust only yourself.

When you trust Microsoft’s secure boot keys, all it takes is one signed EFI application with an exploit to make your machine vulnerable to this type of attack.

Another important part is persistence, especially for UEFI malware. The only reason it’s so easy is because Windows built-in “factory reset” is so terrible. Fresh installing from a USB drive can easily avoid that.