The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.

I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)

I use Jellyfin for music mostly and it struggles with metadata. For example, if a song has two artists on it and I edit to correct it, it won’t update correctly and I’ll edit up with the artist “Artist A; Artist B”.

Have you tried a packet capture with Wireshark or tcpdump to see what it’s doing? It might give better clues than a general error message.

On Windows the system wakes up when connected or disconnected from an AC adapter. On Linux the system will momentarily wake up but immediately go back into suspend.

I get why this could be a source of bugs, but if I unplug my laptop while its asleep why would I want it to turn on?

I’m working on adding ActivityPub to my Hugo blog right now. I support RSS, but I figured AP support means that you can get it into your Mastodon feed or even Lemmy feed making it easy to follow. Additionally, commenting (assuming it doesn’t get taken over by spammers.)

Which stops malicious usage, but doesn’t stop cases where web pages over use pushState as users move around instead of replaceState. I’ve seen maps that would add to the history every time a user moves around the map.

I’m on Wayland and KDE/Plasma. It worked on GNOME, but sadly not on Plasma.

One place it would be useful is if you are worried about somebody breaking into your home and stealing your computer. Don’t store the key on the home computer, instead store it on a cloud server. The home computer connects to the cloud server, authenticates itself with some secret, then if the cloud server authorizes, it can return the decryption key.

Then if your computer gets stolen or seized, it’ll connect via a different IP and the cloud server can deny access or even wipe the encryption key.

this doesn’t protect against all risks, but it has its uses.

Example: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server

I just saw this one mention endurain, a fitness tracker. I’ve been looking for something to self host data about my health, fitness, etc. Has anyone tried this or anything else in the self-hosted or open source fitness space?

If you are port forwarding. I recommend not exposing it on the default port of 25565 and instead expose it as a random port. Then, assuming you have a domain name, create an SRV record that points to your IP and port. This will cut down on the drive by scanners who scan by ports, but won’t totally eliminate it. If you do use the SRV record, your friends won’t even notice there’s a different port.

As a professional software dev, I worked with pretty much every OS daily. My personal computer was a Windows, my work laptop was a Mac, and I ran my code on Linux so I was familiar with the things I liked and disliked about each. I also ran my own set of server with my websites, mail servers, and various research projects to learn and grow.

Then I decided it was time to order a new laptop and I didn’t want to go to Windows 11 because I felt Microsoft was going too much into features I didn’t want like Ads, more tracking, pushing AI. Don’t get me wrong, I like AI, but it was too much about forcing me to use it to justify their stock valuations.

I also was working on reducing my usage of big tech, setting up self hosted services like pi-hole, Home Assistant, starting to work my own Mint alternative. It just felt natural to get a Framework laptop and try running Linux on it.

I still have a Windows desktop for games and other things, I still use Mac at work. I still like the Mac for it’s power efficiency and it doesn’t get as hot. Linux has some annoyances here and there, like dbus locking up, or weird GNOME issues, or for a while my screen would artifact until set some kernel params, or the fact that my wifi card would crash and I had to replace it with an Intel card, but I’ll stick with it.

There’s two main ways of doing geo-based load balancing:

1. IP Any-casting - In this case, an IP address is “homed” in multiple spots and through the magic of IP routing, it arrives at the nearest location. This is exactly how 1.1.1.1 and 8.8.8.8 work. It works fine for stateless packets like DNS, however it has some risks for stateful traffic like HTTP.
2. DNS based load balancing. A server receives a request for “google.com”, looks at the IP of the DNS server and/or the EDNS Client IP in the DNS query packet and returns an IP that’s near. The problem is that when you’re doing Wireguard, it goes phone -> pi-hole (source IP is some internal IP) -> the next hop (e.g. 1.1.1.1 or 8.8.8.8), which sees the packet is coming from your home/pi-hole’s public IP. Thus it gets confused and thinks you’re in a different location than you really are. Neither of these hops really knows your true location of your phone/mobile device.

Of course, this doesn’t matter for companies that only have one data center.

Sorry, what do you mean route it directly? Maybe I didn’t clarify well enough.

My DNS is routed over the VPN but Internet traffic is routed directly. The problem is the load balancing is done based on where the DNS server is so say Google even though the traffic egresses directly to the internet bypassing the VPN it still goes to a Google DC near my home. Not all websites do this so its not always an issue.

Yes, but if you hit a company doing DNS based load balancing, DNS is going to return an IP that’s near to your DNS server which may not be near your device. That’s going to add to the latency.

I have Wireguard and I forward DNS and my internal traffic from my phone over the VPN to my pi-hole at home. All other traffic goes directly over the Internet, not the VPN. So that means only DNS encounters higher latency.

However, because a lot of companies do DNS based geo load balancing that means even if I’m on the east coast all my traffic gets sent to the West Coast because my DNS server is located there. That right there has the biggest impact on latency.

It’s tolerable on the same continent, but once I start getting into other continents then it gets a bit slow.

Do the services themselves have any logs? Do you have a reverse proxy? Does it provide any logs? 503 means something received the request and tried to pass it on so something should have logs.

I think this a problem with applications with a privacy focused user basis. It becomes very black and white where any type of information being sent somewhere is bad. I respect that some people have that opinion and more power to them, but being pragmatic about this is important. I personally disabled this flag, and I recognize how this is edging into a risky area, but I also recognize that the Mozilla CTO is somewhat correct and if we have the option between a browser that blocks everything and one that is privacy-preserving (where users can still opt for the former), businesses are more likely to adopt the privacy-preserving standards and that benefits the vast majority of users.

Privacy is a scale. I’m all onboard with Firefox, I block tons of trackers and ads, I’m even somebody who uses NoScript and suffers the ramifications to due to ideology reasons, but I also enable telemetry in Firefox because I trust that usage metrics will benefit the product.

Why is telemetry useful or why is it needed to use pi-hole to block telemetry?

Telemetry is useful to know what features your customers use. While it’s great in theory to have product managers who dogfood and can act on everyone’s behalf, the reality is telemetry ensures your favorite feature keeps being maintained. It helps ensure the bugs you see get triaged and root caused.

Unfortunately telemetry has grown to mean too many things for different people. Telemetry can refer to feature usage, bug tracking, advertising, behavior tracking.

Is there evidence that even when you disable telemetry in Firefox it still reports telemetry? That seems like a strong claim for Firefox.

Totally. I used to contribute to Google maps quite a bit and got higher up in the Local Guides levels, but now I find myself contributing a lot to OSM. I feel a lot better about contributing to an open platform vs letting a company close up my changes.

I just haven’t made the switch to use it as a mobile client yet

Accidentally typo your password and get blocked. And if you’re tunneling over tor, you’ve blocked 127.0.0.1 which means now nobody can login.