irotsoma

Note that often it’s more efficient to move infrequently accessed memory for background tasks to swap rather than having to move that out to swap when something requires the memory causing a delay in loading the application trying to get the RAM, especially on a system with lower total RAM. This is the typical behavior.

However, if you need background tasks to have more priority than foreground tasks, or it truly is a specific application that shouldn’t be using swap and should be quickly accessible at all times, or if you need the disk space, then you might benefit from reducing the swap usage. Otherwise, let it swap out and keep memory available.

This. Get in writing the specific legally binding policies for personal use of their network resources. Not just the personal opinion of the IT people. They don’t write the legally binding policy that you are responsible for following.

I mean, in most cases this isn’t criminal law (in the US at least), so it means you have to attract enough attention of a corporation since they’re usually the only ones who can afford the legal costs to file the DMCA requests and responses for copyright violation. And with many other civil issues, often corporations with the money for it, don’t have standing to sue, and if they did, would be required to sue each individual in the appropriate jurisdiction.

With the removal of Section 230, these costs will go down significantly as a single user’s violation could be enough to bankrupt or shut down an entire site of violating content or, if serious criminal violations like child porn, put the person who hosts the site in prison who, will be much easier to identify and sue in a single jurisdiction or arrest than a random internet user.

Yeah, other countries have similar or even more strict requirements, so yeah it all depends on the jurisdiction. You have to also understand that just hosting something externally, doesn’t mean you don’t fall under laws of another country. It’s the internet. And if you live in a country, you may be held responsible for obeying their laws. I’m not a lawyer, so it’s something to be careful of even if externally hosted.

This is especially necessary to consider if you live in the US right now. One of the things the current administration is pushing for even harder than past administrations is removal of Section 230 of the communications act that was enacted in the 90s. This provides a defense against liability for the content you host as long as you make a reasonable effort to remove content that is illegal. Problem is that this makes it really difficult to censor (maliciously or otherwise) content because it’s hard to go after the poster of the content and easier to go after the host or for the host to be under threat to stop it from being posted in the first place. But it’s a totally unreasonable thing, so it basically would mean every website would have to screen every piece of content manually with a legal team and thus would mean user generates content would go away because it would be extremely expensive to implement (to the chagrin of the broadcast content industries).

The DMCA created way for censors to file a complaint and have content taken down immediately before review, but that means the censors have to do a lot of work to implement it, so they’ve continued to push for total elimination of Section 230. Since it’s a problematic thing for fascism, the current administration has also been working hard to build a case so the current biased supreme court can remove it since legislation is unlikely to get through since those people have to get reelected whereas supreme court justices don’t care about their reputation.

So, check your local laws and if in the US, keep an eye on Section 230 news as well as making sure you have a proper way to handle DMCA takedown notices.

Are there any guides to using it with reverse proxies like traefik? I’ve been wanting to try it out but haven’t had time to do the research yet.

Problem is that unless the person was paid for contributing, what goods or services are being exchanged with the project. I mean if Microsoft received money from that person for a subscription or something I might see them having to ban the user and refund the money. But what did the project receive that would violate sanctions? Volunteer work is usually not covered or else relief organizations and religious missionaries would be banned and the US historically loves sending those. What am I missing?

Yes it’s defects in the ingress-nginx controller package.

Depends on what you’re backing up. Is it configs for applications, images, video, etc? If it’s application configs, you can set up those applications in a virtual machine and have a process run that starts the machine, restores the configs, and makes sure the applications start or whatever other tests you want. There are applications for doing that.

If it’s images or videos, you can create a script to randomly pick a few, restore them, and check the integrity of the files. Usually just a check of the file header (first few bytes of the file) will tell you if it’s an image or video type of file and maybe a check on the file size to make sure it’s not an unreasonably small size, like a video that’s only 100 bytes or something.

All this seems like overkill though in most scenarios.

If you want to keep your LDAP as the source of truth, then Keycloak is also a very good option. I did that originally, but decided I only had a couple of things needing LDAP and that wasn’t worth keeping it around. Authentik was a good way to emulate an LDAP but with a different back end. But Keycloak is definitely my recommendation in your case.

Keycloak. Took me a bit to learn the basics, but it has been way easier to troubleshoot than Authentik and has more features. If you need something that mimics LDAP rather than syncing with an existing LDAP, then Authentik is pretty good. I don’t use LDAP, though.

I use Arthurian legend related stuff. Servers and desktops are locations. My portable devices are the names of swords. IoT devices are more explicitly descriptive since I won’t need to type in, but it’s more important to recognize them when I see them, like lightswitch-livingroom.

I really would love something like Amie Street before Amazon bought it to kill it. I got so much great music on there for pennies which then led me to buy more and more from those artists. My problem is I need to hear a song a few times before it digs into my soul. And preferably not when I’m paying too close attention to the technical aspects so it can hit me more emotionally. So just having a 10-30 second preview or just hearing it one time is never going to be enough to hook me on an artist. Also, cheaper b-sides since it was demand based meant I was much more likely to hear more of their music and get more invested in the artist.

DNS over TLS handles that. No need for DoH really. Unless DNS ports are blocked or captured by NAT or something and you need to use port 443 with DoH. At least not with a DNS server.

DoH is useful for individual applications to do their own DNS lookups bypassing the OS or network level DNS. Otherwise DoH and DoT provide the same basic protection. DoT is just at a lower network layer and thus more easily applies more broadly across the network or OS rather than being application or resolver specific. There’s never been a real need for a DNS server to use DoH instead of DoT unless DoT is blocked upstream.

Use VPN or DDNS connected to your domain registrar. Of course DDNS might not update immediately, especially if your domain host is not the same as your DNS provider, so you might have outages for short periods when your IP changes. So, depends on if you’re OK with that or what kind of connection you have and whether it changes your IP a lot.

Also, might be able to get an IPv6 address for free depending on your ISP or at least you can set up your router to request that your address block is retained for you. I know Comcast does this. Unfortunately, my ISP does not.

Unbound supports DoH if compiled with the support and given TLS certificates. I don’t use it internally on my home network because I have a pihole that I want to capture the traffic. I do use DNS over TLS for upstream communication, though.

Mine has those, but it was a different model that had the hardware required to do WiFi. Likely it’s not included and unless the device was designed to modify, it’s likely that the motherboard doesn’t have a way to add it easily and there won’t be much space to do your own WiFi card and soldering if the board does have the connections and support in the firmware/BIOS. Best bet would be a USB WiFi card.

Yeah, the system was on a single server at first and eventually expanded to either a docker swarm or Kubernetes cluster. So the single server acts as both a docker host and an NFS server.

I’ve had this happen multiple times, so I use this pattern by default. Mostly these are volumes with just config files and other small stuff that it’s OK if it’s duplicated in the docker cache. If it is something like large image caches or videos or other volumes that I know will end up very large then I probably would have started with storage off the server in the beginning. It saves a significant amount of time to not have to reconfigure everything as it expands if I just have a template that I use from the start.

Unlikely at least in the near future. The remnants of Dodd-Frank and anything that Biden did are high on the list for Trump’s chopping block.

I use NFS shares for all of my volumes so they’re more portable for future expansion and easier to back up. It uses additional disk space for the cache of course, but i have plenty.

When I add a second server or add a dedicated storage device as I expand, it has made it easier to move with almost no effort.