lvl

joined 1 year ago
[–] [email protected] 20 points 1 year ago

Try not to use paths, you'll have some weird cross-interactions when two pieces of software set the same cookie (session cookies for example), which will make you reauthenticate for every path.

Subdomains are the way to go, especially with wildcard DNS entries and DNS-01 letsencrypt challenges.

 

Chimera Linux is a non-GNU based Linux distribution. From what I see, they are trying to using the following alternatives:

  • *BSD core utilities (replacing GNU coreutils)
  • LLVM/clang (replacing GNU cc)
  • Musl (replacing libc)
[–] [email protected] 3 points 1 year ago

I'm a fan of SystemRescue. It's specifically designed for backing up and fixing disk layouts, and it supports both BIOS and UEFI booting.

I've never tried it on Secure Boot enabled devices (I usually disable secureboot before troubleshooting systems), so I do not know if they use a valid signed efi-stub.

For "simple" stuff, I usually boot a live ubuntu image. If the machine has sufficient RAM, I can get away with installing quite a few packages that I need for troubleshooting (gparted, gdisk, etc.).

[–] [email protected] 3 points 1 year ago (1 children)

RemindMe! 5 months

[–] [email protected] 3 points 1 year ago

He's the first person I blocked. Felt good, now I'm blocking a whole bunch of other people. Cleans the feed(s) quite alot.

[–] [email protected] 2 points 1 year ago

Not sure where yours is, but here, have mine:

🍿🍿🍿

[–] [email protected] 2 points 1 year ago

I second that. Amazing easy to use, configure, supports (LetsEncrypt) certificates via DNS-01 challenge and integrates with ease with most DNS providers.

Paired with authentication providers (keycloak, authelia, authentik), the "advanced" textbox lets you do forward proxying really easy, or customize your "basic proxy".

I'm not sure how many of these features are present in Traefik, it would be really nice if any of you know if any of these are easily supported in it:

  • Forward proxying
  • Custom rewrites (nginx internal; rewrites)
  • Unattended DNS-01 support with ACME (LetsEncrypt)
[–] [email protected] 1 points 1 year ago

Very capable tool, and useful in some cases. Does require security of the ptrace call to be unset (ptrace_scope) or set to the default (insecure one).

I'm a big fan of using ptrace_scope to restrict PTRACE_ATTACH to only allow parents (or grandparents, etc.) to attach to children. Quite useful - this particular security feature was unique to grsecurity and was good enough to be implemented in mainline (changed).

If you care about whether user processes should not be able to attach to other processes under the same UID, don't use it though!

[–] [email protected] 19 points 1 year ago (1 children)

My bet is liquidity is nonexistent. They are paying AWS with Amazon Advertising revenue: Amazon withholds ad payments for paying their AWS bills.

Would've expected the Xth richest person on earth to afford a bit of cloud services, especially after he bragged that he's simplifying the infrastructure, reduces infra costs.

[–] [email protected] 2 points 1 year ago

As Netflix tested these changes in other parts of the world first, they had sufficient metrics to know how this change will affect their user-base. They are expecting an increase in subs and in income.

I cancelled my sub (4 screens), which was shared among 5 people. Two of these decided to resubscribe by themselves, although not in the 4 screens configuration. From my calculations this means:

  • Cancellation of a 18EUR subscription
  • 2 new customers on Standard, 13EUR each
  • Netflix took a profit of 6EUR from this operation, while gaining an extra subscription.

I think this matches their "100% increase in subs" metric. The only question is how many others who resubscribe will go for the 2 screens (Standard) sub, or the 1 screen (Basic) sub. With basic, the same situation would result in a ~2EUR decrease in revenue.