Skip Navigation

Posts
53
Comments
923
Joined
2 yr. ago

  • The docs say what they do and don't do - and they don't do that. Just actually read through them for yourself, you don't have to be a lawyer.

    This is just a bit of corporate box-ticking, but the pitchfork brigade has read 2 + 2 and is now screaming about 5s.

  • In the advertising bit they say what data they use and it's all broad stuff like device type and location, as well as aggregate data on how many people click on the ads. Of course, you can just disable this, which surely most people do - tbh I forgot there was even this "sponsored content" there at all (it was added a while ago I think).

    They don't say that your browsing habits, interactions or communications are used for anything besides doing what's required to actually do what you asked.

  • Yes, Mozilla does some AI, like the in-browser, privacy-respecting language translation. If you use the same feature in Chrome, the text is submitted to a Google server, but in Firefox it never leaves your browser. I don't see how this could be spun to count against Firefox/Mozilla.

  • My pleasure! Answering your question is a good motivation to actually document my setup.

    Also, if you're moving configs over, you might find podlet useful.

  • The Privacy Notice doesn't say anything problematic at all, why is everyone acting like Mozilla is going to be feeding every keystroke into a database/AI? It's just saying that they're allowed use your inputs to browse to the sites you've asked for, and to give the form data/uploads/mic/whatever to the sites you're using.

    A few words cherry picked from the middle of a sentence isn't how legal stuff works.

  • I use Caddy (with the Cloudflare module to handle the ACME stuff) as just another container. My setup is more classic internet server stuff - it's a VPS and all the services are internet-facing, so the DNS is via standard DNS records. Every service is on its own subdomain.

    My Caddy config is pretty minimal:

     
        
    $ cat caddy/Caddyfile
    {
            # Global configuration
            acme_dns cloudflare myapikey
            email mycloudflareaccount
            debug
            servers {
                    metrics
            }
    }
    
    manga.example.com {
            reverse_proxy kavita:5000
    }
    
    ...more containers
    
    # healthcheck target
    :8080 {
            respond 200
    }
    
      
     ini
        
    $ cat .config/containers/systemd/caddy.container
    [Unit]
    Description=Caddy reverse proxy
    After=local-fs.target
    
    [Container]
    ContainerName=caddy
    Image=caddycustom
    Network=kavita.network
    ...more networks
    PublishPort=1080:80
    PublishPort=1443:443
    PublishPort=1443:443/udp
    PublishPort=2019:2019
    Volume=${HOME}/caddy/Caddyfile:/etc/caddy/Caddyfile:Z
    Volume=${HOME}/caddy/data:/data:Z
    Volume=${HOME}/caddy/config:/config:Z
    Volume=${HOME}/caddy/httpdocs:/var/www/httpdocs:Z
    HealthCmd=wget -q -t1 --spider --proxy off localhost:8080 || exit 1
    
    [Service]
    Restart=always
    ExecReload=podman exec caddy /usr/bin/caddy reload -c /etc/caddy/Caddyfile
    
    [Install]
    WantedBy=multi-user.target default.target
    
      

    I have a dedicated podman user (fairly restricted, no sudo, etc) that just hosts podman (i.e. the service containers and Caddy). As it's all rootless, I use firewalld to make caddy show up on ports <1024: firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080. I prefer the tiny performance hit to mucking around with the privileged ports but for completeness you can do that with sysctl -w net.ipv4.ip_unprivileged_port_start=80.

    I don't specify subnets at all; I specify podman networks (one per service) and let podman handle the details.

  • I HATE those sites where popups come up when you are halfway reading something.

    Agreed, if I did want to sign up it would be when I've finished, not when I'm trying to read your own bloody content. I often sign up using their own domain with something like sales@ or something ruder. Petty, but it's a small vent. and if one person stops because of it I can die happy.

  • I love quadlets, here's an example:

     ini
        
    $ cat .config/containers/systemd/kavita.container
    [Unit]
    Description=Kavita manga server
    After=mnt-files.mount
    
    [Container]
    ContainerName=kavita
    Image=docker.io/jvmilazz0/kavita:latest
    AutoUpdate=registry
    Network=kavita.network
    PublishPort=5000:5000
    Environment=TZ=Etc/UTC
    Volume=/mnt/files/books/comics:/comics:ro
    Volume=/mnt/files/books/gnovels:/gnovels:ro
    Volume=/mnt/files/books/manga:/manga:ro
    Volume=${HOME}/kavita:/kavita/config:Z
    HealthCmd=curl -fsS http://localhost:5000/api/health || exit 1
    
    [Service]
    Restart=always
    
    [Install]
    WantedBy=default.target
    
    
      
     ini
        
    $ cat .config/containers/systemd/kavita.network
    [Network]
    NetworkName=kavita
    Options=isolate=true # library add uses Kavita site
    
      

    If you've dealt with systemd service files this will look familiar, with the addition of the container section.

    AutoUpdate=registry gives you automatic updates to 'latest' (or whatever tag you've set) and there's rollbacks too, so you just have to worry about the less-critical bugs in newer versions. Personally, I feel more secure with this setup, as this box is a VPS.

    Network=kavita.network - I put all my containers in different networks (with minimal privs, so many don't have outgoing internet access), and my reverse proxy is also in all of those networks so it can do its thing.

  • This is gloriously insane and I love it.

    And then to casually drop in that

  • It's how everyone who's anyone does code reviews!

  • I think it's probably a mix of criticising a joke for its accuracy, and the fact that it's in a single paragraph so it's a huge wall of text.

  • This seems quite serious, I'll definitely be reading the CVE once it's published. Luckily, I noticed the github notification of the release after only a couple of hours.

    edit: I read the advisory and it wasn't too bad in terms of attacker access:

    Impact
    An attacker can use any non-existent username to bypass the authentication system and gain access to various read-only data in Navidrome, such as user playlists. However, any attempt to modify data fails due to insufficient permissions, limiting the impact to unauthorized viewing of information.

  • I assume these numbers change you for the pleasure of being on hold - wouldn't it be illegal to artificially add 15 minutes of wasted time onto the bill?

    This while thing feels like a Onion article.

  • Turbo Pascal was my first real programming language, and Delphi was pretty pleasant to use for GUI programs as I recall.

    I'd never even heard of Lazarus, I might have to try it for a nostalgia trip.

  • Lots of the industrial programming languages are very different to "normal"/"proper" programming languages, and I can see them being localised.

    For example, this is (PLC programming language) Ladder Logic code:

  • Looks cool, but I see that this is a Kickstarter, and their previous projects seem to have lots of complaints. On this past performance, you should expect your stuff to be delivered quite late and with bad communications, but you will eventually get what you paid for.

    It's already 4x its goal, so I think I'll just wait until it appears on the SB Components site.

  • It works great and the config is simple. It doesn't handle triggering things from those keypresses, but you've probably already got something running that does that.

  • I happily use Helix for Rust, etc projects, and as a general editor. I switch back to VSCode for TypeScript/Svelte projects because the plugins make it more productive for me. I do miss the editing experience and need to check if there's a VSCode plugin that lets me not confuse my muscle memory.

    Helix was the thing that finally made me remap my caps lock key to esc.

  • I killed my MS Natural Ergonomic 4000 by fumbling half a cup of tea into it. I miss having the scroll/zoom in the centre, since I had to replace with the new Microsoft LXM-00004 model (with the stupid Office button) and that's just got dead space there. Some customisable buttons would be perfect.

    I've seen some ergonomic mechanical custom setups, but I've never been brave enough to start down that rabbit hole.