But that’s an awesome insult. Or a grunge band name if you lean that way.

Snap Controversy

Just today at work other team wrote a bunch of ready-made images on their SBCs. In about 10% of them snap shat the bed by corrupting one json file which rendered their environment unusable. They did it in a pretty stupid way by writing an sd card, inserting it into SBC, booting up and disconnecting power after very short visual confirmation that system gave some signs of life. And snap was doing whatever it’s doing in the background. So I had the pleasure of removing said json-file and reinstalling all their crap manually on those failed units.

So, maybe not strictly speaking fault of snapd, but yet another problem it caused for me without any practical reason other than the environment they chose just uses snap instead of something more robust.

In here it’s mostly not, but it’s currently +5 degrees celsius outside so I’m keeping my clothes. And whatever little is left of my privacy too, thank you.

Our team has office days once or twice per month and fuck all gets done on those days. Time is spent on social chitchat, longer coffee breaks and lunch with more small talk, discussing random ideas and almost anything else than actual work. And those are really nice to have, when we’re mostly scattered across few cities and limited to text chat or calls they tend to be strictly about the task at hand. The office days give a sort of a break on normal schedule and while very little gets actually done the discussions often include planning future stuff, going trough previous changes, current situation and workload more broadly and so on. After those days, even if nothing got done, we’re all a bit more on board on almost everything and it’s nice to actually meet the people we interact with every day.

But for actual work, for the stuff we do, the office doesn’t offer anything we couldn’t do remotely. I have more comfortable setup at home than at my cubicle at office, I can listen to whatever I want at how loud I want without disturbing others, no hassle with commute (even if mine is pretty much as short as it can be) and so on.

Another happy Hetzner customer here. ~10 years so far, both for business and for personal use. 1€/month won’t happen, but they’re not that expensive either.

They are ‘customers’ not ‘civilians’. Totally different thing, pinky swear.

Unfortunately that’s not valid.

$ tar -h
tar: You must specify one of the '-Acdtrux', '--delete' or '--test-label' options
Try 'tar --help' or 'tar --usage' for more information.

From man-page:

-h, --dereference follow symlinks; archive and dump the files they point to

DNS PTR records belong to the entity who owns the IP addresses, you can’t make reverse records for arbitary addresses like you can with forward zones. I haven’t heard about any residential ISP which would give access to PTR records and even on business lines that’s usually a premium.

What you could do is to get a VPN service which gives you these options, if there is one, I don’t know. Most likely you’re looking for a VPS for that and tunnel traffic with some kind of VPN-setup to your local instance. And at that point you might as well run the whole thing on VPS unless you happen to need a ton of storage or some other reason makes pure VPS server too expensive.

Nextcloud offers practically everything you ask for besides the family tree and even that might be available as a plugin (or “App” as Nextcloud calls tem). Or if you’re willing to split photos in a different app, Immich works great.

One option is to pull the keycap off and paint over it. If you feel really crafty you can sand off the coating to make whole keycap translucent and use a stencil. Personally I don’t look my keyboard that much that it’d bother me and it’s made by microsoft anyways, their ergonomic keyboard is the best one I’ve used so far.

Since no one has yet mentioned, by default if you’re running tar as a non-root user it extracts files with owner/umask of the current user and if you run it as root (or superuser) it’ll preserve ownership and permissions. From tar man page:

–no-same-owner

Extract files as yourself (default for ordinary users).

–no-same-permissions

Apply the user’s umask when extracting permissions from the archive (default for ordinary users).

As mentioned, with root the defaults are to keep UID/permissions as they are in the archive. (–preserve-permissions and --same-owner).

I do it. Postfix+dovecot+spamassassin managed with ISPConfig running on a VPS. Works just fine, but my domains already have a long-ish good reputation so that may play a part on my experience. Biggest headache is to keep things running, which occasionally means jumping trough hoops microsoft(mostly) and others throw at you by flagging your server as spam for no apparent reason.

It’s quite likely that any given IP, unless you get one from shady VPS provider or something, is “clean”. And if it’s not it’s usually not that big of a deal to get it cleared from major blacklists (spamhaus, google and microsoft covers quite a lot). You just need to dig up proper forms to tell them that you’re a new owner of said IP and promise to play nice.

Same goes with domain names, but if you get a new one that’s a non-issue. Just set up SPF-records properly (and preferably DKIM/DMARC, but those aren’t strictly necessary and need a bit more than a single TXT-record) and you’re good to go.

And then you of course need to stay away from those lists. If you configure your SMTP to act as a open proxy you’ll be on every shitlist on the planet pretty quickly. So, reasonable measures against compromised account (passwords, firewalls, rate limits…) and against other threats (misconfigured/unsafe web service used for spam and stuff like that). Any of those alone are not too difficult to accomplish, but there’s quite a few things you need to get right.

Maybe easier to get anything runnin quickly. But it obfuscates a lot of things and creates additional layer of stuff which you need to then manage. Like few days ago there was discussion about how docker, by default, creates rules which bypass the “normal” INPUT rules on many (most?) implementations. And backup scenario is different, it’s not as straightforward to change configuration than with traditional daemon and it’s even more likely to accidentally delete your data as a whole.

As I already said, docker has its uses, but when you’re messing around and learning a new system you first need to learn how to manage the ropes with docker and only after that you can mess around with the actual thing you’re interested of. And also what I personally don’t really like is the mindset that you can just throw something on a docker and leave it running without any concern which is often promoted with ‘quickstart’-type documentation.

You absolutely can run services without containers and when learning and trying things out I’d say it’s even preferable. Docker is a whole another beast to manage and has a learning curve of it’s own.

Containers can of course be useful but setting everything up, configuring networking, managing possible integrations with other components (for example authentication via LDAP) it’s often simpler just to run the thing “in traditional way”. With radicale you can just ‘apt install radicale’ (or whatever you’re using) and have a go with it without extra layer of stuff you need to learn before getting something out of the thing. And even on production setups it might be preferred approach to go with ‘bare metal’, but that depends on quite a few variables.

On residential connections it’s a bit pain in the rear, but if you get VPS (or something similar) it’s perfectly manageable. You just need to maintain stuff properly, like having proper DNS records, and occasionally clear false positives from spam lists. The bigger issue is to have proper backups and precautions, I’ve hosted my own emails for over 10 years and should I lose all the data and ability to receive new messages it would be a massive personal problem.

My TV is also 4K but my amplifier which eats all the inputs can only do 1080p. 4k quality on that 65" is better, but not by that much that I’d throw 500+€ for a new amp since the current one works just fine and it fulfils all my needs on a TV/media set.

Docker spesifically creates rules for itself which are by default open to everyone. UFW (and underlying eftables/iptables) just does as it’s told by the system root (via docker). I can’t really blame the system when it does what it’s told to do and it’s been administrators job to manage that in a reasonable way since forever.

And (not related to linux or docker in any way) there’s still big commercial software which highly paid consultants install and the very first thing they do is to turn the firewall off…

This actually is a really good idea.

Yes, for the reasons you mention. And very, very much no. My corporate hat immediately thinks about a crapload of stuff our network drives have which is under various NDAs, restrictions to store outside EU/ETA, restrictions to store even outside our country and so on. At least our accounts have mandatory MFA and other standard safety features, but cloud storage has a different threat model than our local hardware which also makes it’s own little headaches.

I don’t play on the contract/legal field on corporate at all, but I do know that some of those NDAs have numbers big enough to bring the whole circus down and other clauses which can even throw someone in jail if things really go wrong. I just hope I’m not the scapegoat at that point.

And it’s pretty easy to crawl into a random chamber without even noticing it. In fediverse that’s a lot less of a concern, but on algorithmic driven platforms I’ve caught myself couple of times in a hole I didn’t notice I dug myself in.