dedime's recent activity

  1. Comment on Suggestions for things to do with a NAS? in ~talk

    dedime
    Link
    Since I've started homelabbing 6-7 years ago, I've always landed on the following necessities Jellyfin. FOSS version of Plex, I really like it. Has a Roku app which I use a lot. Pihole. DNS based...

    Since I've started homelabbing 6-7 years ago, I've always landed on the following necessities

    • Jellyfin. FOSS version of Plex, I really like it. Has a Roku app which I use a lot.
    • Pihole. DNS based ad blocking, for all the devices on my home network
    • Wireguard. Super lightweight VPN. OpenVPN, which I used prior, was a behemoth in comparison.
    • Caddy. Reverse proxy, provides HTTPS via LetsEncrypt and allows me to access Jellyfin / Pihole admin console.
    2 votes
  2. Comment on Attempting to cross Scotland in a completely straight line. (Part 1: Enter the factory) in ~humanities

    dedime
    Link Parent
    Spoiler Wall Absolutely gutted that they couldn't make it to the finish! In the end, I respect their decision to end their journey early, having come to an agreement with the coppers. That being...
    Spoiler Wall Absolutely gutted that they couldn't make it to the finish! In the end, I respect their decision to end their journey early, having come to an agreement with the coppers. That being said, I think they learned an important lesson, though they didn't speak to it in the video - trust your gut, if you think you've been spotted, pack up and camp elsewhere. If you know you've been spotted, unless you know for a fact it's all ok, pack up and camp elsewhere.

    Looking forward to seeing what he comes up with next. I hope they get a chance to revisit Scotland.

    3 votes
  3. Comment on What programming/technical projects have you been working on? in ~comp

    dedime
    (edited )
    Link
    I made a website scraper at work. The company is working on migrating our client's websites to a new platform, using an external development agency. We wanted an easy way to provide the agency...

    I made a website scraper at work. The company is working on migrating our client's websites to a new platform, using an external development agency. We wanted an easy way to provide the agency with a list of pages that a website has, and a list of images that page has. My scraping tool, given a site's base URL, will reach out to that site, fetch the sitemap.xml, parse all the available URLs, visit each one and save all the images to a named folder on the local filesystem. We'll then zip that folder up and send it over to the agency.

    I used golang to accomplish this. It's just an absolute pleasure to work with. It's extremely fast, and adding concurrency as an afterthought seriously took about 5 minutes.

    1 vote
  4. Comment on What programming/technical projects have you been working on? in ~comp

    dedime
    Link Parent
    I use Docker a lot, but I tend to take a pragmatic approach to it. e.g., If I'm developing a desktop app, I typically don't worry too much about Docker, other than perhaps compilation (build in...

    I use Docker a lot, but I tend to take a pragmatic approach to it. e.g., If I'm developing a desktop app, I typically don't worry too much about Docker, other than perhaps compilation (build in Docker + docker cp resulting binary to destination). Otherwise, I do tend to build with Docker in mind. If I think I might eventually want to use the software as a container, I just make sure I use a good software architecture so I'm not shooting myself in the foot later. If I know the software is going to be used primarily as a container, I write the software POC first and get it working in a container almost immediately, and I use that going forward for testing / building.

    1 vote
  5. Comment on Attempting to cross Scotland in a completely straight line. (Part 1: Enter the factory) in ~humanities

    dedime
    Link
    One of my YouTube favorites! I went ahead and bought his "Mission Across Scotland" poster that he advertised in this video, merch is my preferred way of supporting my favorite creators + I get a...

    One of my YouTube favorites! I went ahead and bought his "Mission Across Scotland" poster that he advertised in this video, merch is my preferred way of supporting my favorite creators + I get a fun decoration for the house.

    3 votes
  6. Comment on Australian Criminal Intelligence Agency looking to expand it's intelligence gathering powers by claiming that criminals use encrypted platforms 'almost exclusively' in ~tech

    dedime
    (edited )
    Link
    I'm waiting for the ban on the one-time pad. Gee, sir, I see you have a block of random characters in your notebook. You wouldn't happen to be practicing... encryption... would you? Like math? Off...

    I'm waiting for the ban on the one-time pad. Gee, sir, I see you have a block of random characters in your notebook. You wouldn't happen to be practicing... encryption... would you? Like math? Off to the brig!

    6 votes
  7. Comment on The next great disruption is hybrid work—thoughts from Microsoft on the future of work in ~life

    dedime
    Link
    Admittedly, I didn't read the entire thing, but their 7 stated trends ring true to me. #2 (Leaders are out of touch with employees and need a wake-up call) stands out in particular, at least for me:

    Admittedly, I didn't read the entire thing, but their 7 stated trends ring true to me.

    #2 (Leaders are out of touch with employees and need a wake-up call) stands out in particular, at least for me:

    Many business leaders are faring better than their employees. Sixty-one percent of leaders say they are “thriving” right now — 23 percentage points higher than those without decision-making authority. They also report building stronger relationships with colleagues (+11 percentage points) and leadership (+19 percentage points), earning higher incomes (+17 percentage points), and taking all or more of their allotted vacation days (+12 percentage points).

    4 votes
  8. Comment on A future without passwords in ~tech

    dedime
    (edited )
    Link
    I can't really trust Google, despite all of their claims that keeping you safe online is their top priority. Get ready for a Stallman-esque rant, because true safety starts with open source and...

    I can't really trust Google, despite all of their claims that keeping you safe online is their top priority. Get ready for a Stallman-esque rant, because true safety starts with open source and trusting the code you're running.

    Take everything I'm about to say about Google's capabilities with a grain of salt - to the best of our knowledge, this is what Google is capable of doing. This is not to say they are doing it, or are even capable of doing it, but the possibility is there and we have no way to determine otherwise.

    For one, Google can log into your account. They can also provide others access to your account. Anything you have stored in your account - photos, videos, emails, passwords, search history, messages, location history, browser history, contacts, apps installed - Google can access this at any time without barriers. Crucially, this means your passwords are not secret as they are (mathematically / encryption wise, not necessarily in practice) accessible by others. If Google cared, you could encrypt all of this information with a secret key only accessible to you. In fact, AFAIK the only Google product you can do this with is Chrome's Sync Passphrase, which you can use to encrypt all your Chrome data (browser history, passwords, form data, etc.). This is commendable, except for the fact that Google Chrome is closed source with no way to reproduce their builds, so you really can't even trust that they're doing this properly / at all, unless you're down to decompile the source code and verify yourself (every release).

    Two, Google is A-OK with making your account less secure without your consent. This is not a good model for security. As an example, I had a strong password to my Google account and TOTP as my second factor. TOTP is fantastic, as it relies on a shared secret with easily provable security parameters. It can be phished, but so can other second factors. Google took it upon themselves to add an additional second factor, their device based prompts. They also made it the default. This actually decreased my security posture, as now I have more second factor methods of authenticating my Google account. I also can't disable this feature. The only way to disable it would be to switch my phone from Google's Android to iOS or another OS. Why can't I disable this??? It's maddening.

    Third, perfect secrecy has been solved since the invention of the one-time-pad, everything else has been icing on the cake. I'd be perfectly happy if they could use information-theoretic secure encryption. Do it right, do it in the open, let the privacy-interested people take back their privacy and security into their own hands, and offer less-secure shortcuts for people who want it to be easy. If keeping you safe online was their top priority, they would have implemented this already. Instead, "keeping you safe online is our number one priority" is a bold faced lie. They should say "Keeping your personal data minable for our own purposes is our top priority. Keeping your personal data private would be nice too, we'll try our best but please recognize we won't encrypt your data unless we can get ahold of a copy of the key."

    Google doing personal data encryption right will never happen, but I still think about this a lot. There's no good (read: in my interest) reason to insecurely handle my data as they do, they just want to mine my data for money. You can provide all of the products that Google provides without violating peoples persons privacy, yet here we are. I accept of these imperfections because Google's services really are quite valuable, and I know they can't provide them for free, but it bugs me nonetheless.

    TL;DR: Google says trust us, ignoring the fact that their whole business is based on you using their closed source software which by definition you cannot trust.

    12 votes
  9. Comment on What programming/technical projects have you been working on? in ~comp

    dedime
    Link
    I've made a tiny program in Go to help move a file to the right location. It's a intended to be a helper program for using Tiddlywiki. When using Tiddlywiki on Windows 10 Chrome, the default save...

    I've made a tiny program in Go to help move a file to the right location. It's a intended to be a helper program for using Tiddlywiki.

    When using Tiddlywiki on Windows 10 Chrome, the default save location is %USERPROFILE%/Downloads/<wiki-name>.html. This makes sense, because you're downloading an HTML page and the default save location is in a user's download folder. However, I save my Tiddlywiki in %USERPROFILE%/Tiddlywiki. It is then synced from there to my other devices so I can access it anywhere. With my syncing program, I can't select individual files from a folder to sync - I have to sync the whole folder. This is where this program comes in: It runs in the background, waiting for the watched file path to be present, e.g. %USERPROFILE%/Downloads/<wiki-name>.html. When it see writes to this file, it waits a user-configurable amount of time for the writes to finish (e.g. 2 seconds), then it moves the file to the desired location, e.g. %USERPROFILE%/Tiddlywiki/<wiki-name>.html

    I've even included a notification icon so you can quit the app when desired, and it won't take up an active window. It will just run in the background.

    It's being developed on Windows, but it should technically be cross-platform - all of the libraries I've used are cross platform AFAIK. The hardest part I've had to deal with is detecting when the file is done being written to - using fsnotify, you'll see the html file being written 2-4 times before it actually stops. I set a timer in the background that resets with each write, and after the timer expires it moves the file. It works well now, but I had some serious troubles getting the one timer to be shared (required 2 goroutines + chans, which are newish territory for me)

    3 votes
  10. Comment on How to disagree in ~humanities

    dedime
    Link
    A graphical version of Graham's idea: https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Graham%27s_Hierarchy_of_Disagreement.svg/707px-Graham%27s_Hierarchy_of_Disagreement.svg.png I find...

    A graphical version of Graham's idea: https://upload.wikimedia.org/wikipedia/commons/thumb/7/7c/Graham%27s_Hierarchy_of_Disagreement.svg/707px-Graham%27s_Hierarchy_of_Disagreement.svg.png

    I find myself thinking of this image when judging the soundness of arguments, particularly online. I can use it to determine whether someone is arguing something in good faith, or is simply trying to squirm their way out of their position. However, sometimes, on sites I generally trust - like this one - I find highly voted responses to controversial topics that fall into the bottom 3 of this pyramid. Clearly a lot of people are perfectly happy to accept these arguments.

    What do you think of this way of framing arguments? Is it a good way of judging arguments? Does it have problems?

    4 votes
  11. Comment on Beyond Calibri: Finding Microsoft’s next default font in ~design

    dedime
    Link
    I actually quite like Grandview. Spacing between letters (kerning?) is bang on, unlike Tenorite and Seaford. The 'i' with a square for the dit is pleasing. Skeena's italic font is ugly, almost...

    I actually quite like Grandview. Spacing between letters (kerning?) is bang on, unlike Tenorite and Seaford. The 'i' with a square for the dit is pleasing. Skeena's italic font is ugly, almost like it's a computer font trying to be calligraphy. The only part I see as questionable is the ''' apostrophe, but to be honest I like it more than all of the alternatives. And there's something about it that's distinctly "Microsoft", even if I can't put my finger on it. Letter width is tight, which is pleasing to my eye.

    Bierstadt is a close second, with Tenorite being my third favorite. Seaford and Skeena are right out.

    10 votes
  12. Comment on Self hosting email at home? in ~comp

    dedime
    Link
    I'll give the standard warning you'll see in response to a lot of people who want to self host email: I've been told it's very difficult, time consuming, and fraught with errors, especially in...

    I'll give the standard warning you'll see in response to a lot of people who want to self host email: I've been told it's very difficult, time consuming, and fraught with errors, especially in regards to spam / spam filters. If you're looking for a reliable mail solution, you should not be self hosting your own email.

    That being said, for learning purposes it's an excellent exercise.

    If you're looking to "own" your own email, I recommend going with a free provider of an email service. For instance, I use Zoho - they allow me to bring my own domain, and allow you to configure SPF / DMARC however you please using DNS. It's set it and forget it, I haven't had to do any admin work on it since I've set it up.

    Side note - does anyone know of alternative free BYOD(omain) email providers other than Zoho? I'm pretty happy with them, but just curious.

    10 votes
  13. Comment on MathBox^2: PowerPoint Must Die in ~tech

    dedime
    Link
    I'm going to go throw rocks at my website now

    I'm going to go throw rocks at my website now

    4 votes
  14. Comment on What have you been eating, drinking, and cooking? in ~food

    dedime
    Link
    I made another excellent focaccia loaf. This time, I added some chopped kalamata olives and rosemary on top for taste and garnish. I cooked it in a stainless 1/2th pan, I made the mistake of...

    I made another excellent focaccia loaf. This time, I added some chopped kalamata olives and rosemary on top for taste and garnish. I cooked it in a stainless 1/2th pan, I made the mistake of forgetting to put parchment paper down so it stuck quite a bit to the bottom of the pan. Once I got it out though, it tasted wonderful. If I just want a quick snack, I serve it with olive oil and balsamic vinegar. If I'm feeling fancy, I can get some nice Italian deli meats, make a tapenade, and go crazy with some other ingredients to make a sandwich.

    I used the same recipe and portions as I did last time, the biggest difference was the pan - I used a half sheet tray last time, which came out a little too thin for my liking. I wanted this one to be suitable to be cut in half for sandwiches, so I went with a slightly smaller pan (and a slightly longer cooking time). It worked out well, and it's a good thickness for sandwiches.

    I also made some cinnamon buns with cream cheese icing that came out exceedingly well.

    Getting a stand mixer has been a blessing! It's much easier to decide to bake things now that I don't have to worry as much about the effort of kneading or mixing manually.

    3 votes
  15. What does analog have that digital doesn't?

    I saw another Tildes thread that was discussing radio stations, and it threw me back to when I was very young and not totally digitized - the tactile feel of the dial as you click-click-click your...

    I saw another Tildes thread that was discussing radio stations, and it threw me back to when I was very young and not totally digitized - the tactile feel of the dial as you click-click-click your way to your desired radio station, or the kind-of-subconcious-but-not-really memory you have of which buttons to press to jump to a saved frequency.

    What do you miss about analog controls and devices? What do you think we're missing out on in the digital age? If we're missing out, did we still make a leap forward into the digital age?

    25 votes
  16. Comment on Starting March 16, LastPass users on the free plan will only be able to use it on one "device type" (either PC or mobile) in ~tech

    dedime
    (edited )
    Link Parent
    Syncthing is great, and would be a perfect fit for KeePass! In my case, it doesn't add any additional security as I copy my keyfile around via USB and never transmit it over the internet.

    Syncthing is great, and would be a perfect fit for KeePass! In my case, it doesn't add any additional security as I copy my keyfile around via USB and never transmit it over the internet.

    3 votes
  17. Comment on Starting March 16, LastPass users on the free plan will only be able to use it on one "device type" (either PC or mobile) in ~tech

    dedime
    Link Parent
    It's been a while since I've set it up, but it still works beautifully. In KeePassXC, the method for setting it up is the same as setting up any other TOTP but you select the toggle for "Steam...

    It's been a while since I've set it up, but it still works beautifully. In KeePassXC, the method for setting it up is the same as setting up any other TOTP but you select the toggle for "Steam token settings".

    The tough part is obtaining your secret key. Steam does not expose this to you in any obvious ways, however if you're technically inclined you'll be able to follow the following instructions to retrieve this secret key: https://github.com/SteamTimeIdler/stidler/wiki/Getting-your-%27shared_secret%27-code-for-use-with-Auto-Restarter-on-Mobile-Authentication#getting-shared-secret-from-steam-desktop-authenticator-windows

    6 votes
  18. Comment on Starting March 16, LastPass users on the free plan will only be able to use it on one "device type" (either PC or mobile) in ~tech

    dedime
    (edited )
    Link Parent
    I've made a lot of password manager recommendations in the past, and I still stand behind KeePass! I've been using this set up for almost 7 years. Specifically: KeePassXC - for the desktop app....
    • Exemplary

    I've made a lot of password manager recommendations in the past, and I still stand behind KeePass! I've been using this set up for almost 7 years. Specifically:

    • KeePassXC - for the desktop app. Available at https://keepassxc.org (Free, open source software)
    • KeePassXC-Browser - An extension for autofill in your browser of choice, on the chrome / firefox extension stores (Free, open source software)
    • Keepass2Android - An android app for opening KeePass databases, on the play store (Free, open source software)
    • Google Drive Sync (Or any file syncing program of your choice, it doesn't affect the security) - For syncing the encrypted password database file to all of your devices. This is secure, because the database file is encrypted. (Gratis, but closed source software)

    This complete solution provides you the following crucial features, ones that I use and appreciate daily:

    • Password syncing to all of your devices
    • Strong, verifiably secure encryption of your passwords
    • TOTP, both the standard version and Steam version
    • Autofill for usernames / password in your browser

    And it also boasts other useful features:

    • Support for hardware keys and key files, in addition to a password, for your password database (I use a key file that I physically copy, offline, to my devices)
    • CLI support
    • SSH-agent integration - Automatically add your SSH keys to SSH-agent when you unlock your password database. This is a godsend.
    • Dark mode (KeePassXC)
    • Completely free, open source software - Nobody is going to pull the rug out from under you, and insist you pay them to continue using the software. KeePassXC, Keepass2Android, and the KeePassXC-browser extensions are completely free, will always be free, and are here to stay.
    • No need to host your own servers - suitable for the tech-inexperienced

    This set up has been so useful for me I use it for things outside of just passwords. For example, I store my credit cards, clothing size measurements, SIN, driver's license information, and other useful information in my password database.

    20 votes
  19. Comment on What programming/technical projects have you been working on? in ~comp

    dedime
    Link Parent
    RE acme clients, not sure if it'll work for your use case. But check out Caddy (v2)

    RE acme clients, not sure if it'll work for your use case. But check out Caddy (v2)

    1 vote