Pixel phone which doesn’t let you install CA certs any more

Is that something new? I can still install CA certs on my Pixel 6. It does give a scary warning, but you can just click through it.

Machete

Yeah but those $90 savings make IT management look good, and that 80k/year doesn’t come out of IT’s budget. Also the productivity loss can’t objectively be measured or will just be blamed on the employee.

broken window fallacy

Because Mandrake was a Red Hat fork

Deleting your efi partition doesn’t brick your board. It just makes your disk unbootable, but you can always install another operating system and create a new efi partition.

I think you’re confusing with the special efivarfs file system that is mounted under /sys/firmware/efi/efivars. If you delete stuff under there, you’re apparently going to have a bad time, because it directly deletes variables in your UEFI firmware which can prevent your system to POST.

You can use the wildcard domain

Yeah the problem was more that this machine is running on a network where I don’t really control the DNS. That is to say, there’s a shitty ISP router with DHCP and automatic dynamic DNS baked in, but no way to add additional manual entries for vhosts.

I thought about screwing with the /etc/hosts file to get around it but what I ended up doing instead is installing a pihole docker for DNS (something I had been contemplating anyway), pointing it to the router’s DNS, so every local DNS name still resolves, and then added manual entries for the vhosts.

Another issue I didn’t really want to deal with was regenerating the TLS certificate for the nginx server to make it valid for every vhost, but I just bit through that bullet.

I was afraid it was going to come down to that. I have been looking into configuration options for the apps, but they’re 3rd party nodejs apps and I know jack shit about nodejs so I’ve had no luck with it so far.

Going with vhosts anyway (despite the pains it will create on this setup) seems to be the preferred way forward then.

Thanks for the insight, and for confirming what I already suspected.

No worries, your input was helpful and informative anyway, so thanks.

Going with vhosts anyway seems to be the least cumbersome route at this point.

WEI is a proposed modification to Chrome/Chromium that doesn’t even exist yet, and that would have the side effect of blocking adblockers on every site that implements WEI.

This here is an already existing change to the YouTube service that blocks adblockers on YouTube.

Hmm no, that’s not really it… that’s more so that you don’t pass URLs starting with /app1/ onwards to the application, which would not be aware of that subpath.

I think I need something that intercepts the content being served to the client, and inserts /app1/ into all hardcoded absolute paths.

For example, let’s say on app1’s root I have an index.html that contains:

...
src="/static/image.jpg"
...

It should be dynamically served as:

...
src="/app1/static/image.jpg"
...

But the point is, for the cost of a single CD per month I was able to listen to any CD from any band whenever I wanted. It was an extremely easy decision to sign up.

Yeah but my point is, you pay but you don’t actually get those albums. So if after some years Spotify turns to shit you don’t have anything to show for when you cancel the service, and even though you have paid the equivalent of dozens of albums your music collection is gone.

Also, I don’t buy anyting near an album per month, so even on that level it doesn’t make sense to me. I do have a large collection, but I’m not really digging much current music anymore so if I buy two albums per year, it’s a lot.

This has nothing to do with WEI. Google can do more than one shitty thing at once you know.

Never understood why anyone would want to rent their music in the first place. As good as the service may be when you sign up for it, you know it will eventually turn to shit as they’re trying to monetize every last cent out of it, and then your only choices are to endure the shit or to quit the service and be left with nothing.

If you really want to get anal about it, yes I know there things like CNAME, PTR and MX records too but that’s outside of the scope of this discussion.

DNS doesn’t deal with ports, there’s no way to say: homelab.example.com should point to IP address 1.2.3.4 and port 12400.

Sure, but the point is not so much about which one to use but that the terminating point listening on 443 should sit outside of his network.

So he will either need a cloud service, or accept that he will have to add :12400 to his URLs.

DNS doesn’t deal with ports, it resolves hostnames to IP addresses and that’s it.

What you probably need is some kind of reverse proxy that sits outside of your network, listens on port 443 and then directs it to your home IP address on port 12400.

Is it really that bad if kids see a bit of porn? Like really? I grew up before the internet, but even in my day porn mags and VHS tapes got passed around when I was a teenager. Kids are always going to be curious.

Even so on the internet there are much worse things than porn that are harmful for the development of children. There are various groups of questionable morality like incels, or other mysogynistic groups, alt right stuff like neonazis, christofascists, climate deniers, … If I had children, I would be much more concerned about them falling into one of those ideological traps than them seeing some titties. Hell, even TikTok is probably more harmful for giving them a dopamine addiction and an increasingly short attention span.

So to me, it seems a bit weird to single out porn. It feels like a convenient scapegoat for parents who don’t want to spend time raising their kids and paying attention to what they are looking at on the internet.

As a general rule, you should always keep in mind that you’re not really looking for a backup solution but rather a restore solution. So think about what you would like to be able to restore, and how you would accomplish that.

For my own use for example, I see very little value in backing up docker containers itself. They’re supposed to be ephemeral and easily recreated with build scripts, so I don’t use docker save or anything, I just make sure that the build code is safely tucked away in a git repository, which itself is backed up of course. In fact I have a weekly job that tears down and rebuilds all my containers, so my build code is tested and my containers are always up-to-date.

The actual data is in the volumes, so it just lives on a filesystem somewhere. I make sure to have a filesystem backup of that. For data that’s in use and which may give inconsistency issues, there are several solutions:

• docker stop your containers, create simple filesystem backup, docker start your containers.
• Do an LVM level snapshot of the filesystem where your volumes live, and back up the snapshot.
• The same but with a btrfs snapshot (I have no experience with this, all my servers just use ext4)
• If it’s something like a database, you can often export with database specific tools that ensure consistency (e.g. pg_dump, mongodump, mysqldump, … ), and then backup the resulting dump file.
• Most virtualization software have functionality that lets you to take snapshots of whole virtual disk images

As for the OS itself, I guess it depends on how much configuration and tweaking you have done to it and how easy it would be to recreate the whole thing. In case of a complete disaster, I intend to just spin up a new VM, reinstall docker, restore my volumes and then build and spin up my containers. Nevertheless, I still do a full filesystem backup of / and /home as well. I don’t intend to use this to recover from a complete disaster, but it can be useful to recover specific files from accidental file deletions.