Max-P

You need to set up your PC to be on that IP address first, TFTP doesn’t magically listen to a particular IP, you need to configure the PC with that IP.

ip link set eth0 up
ip addr add 10.10.10.3/24 dev eth0
ip addr add 10.10.10.1/24 dev eth0

Then you can start the TFTP server on the interface:

dnsmasq -d --port=0 --enable-tftp --tftp-root=/path/to/tftp/root -i eth0

For all its flaws and mess, NFS is still pretty good and used in production.

I still use NFS to file share to my VMs because it still significantly outperforms virtiofs, and obviously network is a local bridge so latency is non-existent.

The thing with rsync is that it’s designed to quickly compute the least amount of data transfer to sync over a remote (possibly high latency) link. So when it comes to backups, it’s literally designed to do that easily.

The only cool new alternative I can think of is, use btrfs or ZFS and btrfs/zfs send | ssh backup btrfs/zfs recv which is the most efficient and reliable way to backup, because the filesystem is aware of exactly what changed and can send exactly that set of changes. And obviously all special attributes are carried over, hardlinks, ACLs, SELinux contexts, etc.

The problem with backups over any kind of network share is that if you’re gonna use rsync anyway, the latency will be horrible and take forever.

Of course you can also mix multiple things: rsync laptop to server periodically, then mount the server’s backup directory locally so you can easily browse and access older stuff.

Technically it wasn’t really designed with megainstances in mind that swallows the entire fediverse.

My instance has no problem whatsoever keeping up and storage is well under control. But we’re few here subscribed to a subset of available communities so my instance isn’t 90% filled with content I don’t care about and will never look at. Also reduces the moderation burden because it’s slow enough I can actually mostly see everything that comes through.

Lemmy itself is also pretty inefficient in that regard, you can very much make software that pulls instead and backfill local cache as needed.

Even my Reddit subscriptions would be pretty easy on my instance.

Technically it wasn’t really designed with megainstances in mind that swallows the entire fediverse.

My instance has no problem whatsoever keeping up and storage is well under control. But we’re few here subscribed to a subset of available communities so my instance isn’t 90% filled with content I don’t care about and will never look at. Also reduces the moderation burden because it’s slow enough I can actually mostly see everything that comes through.

Lemmy itself is also pretty inefficient in that regard, you can very much make software that pulls instead and backfill local cache as needed.

One thing to keep in mind is ActivityPub isn’t exactly made for social media in the sense most people use it nowadays. It’s intended to be more like RSS feeds: you’re support to subscribe to stuff like news sites and be able to bring it all into a content aggregator. Seen that way, its design makes a lot of sense.

It kinda works well for public microblogging as well. It’s when you start involving moderation, voting, sharing, boosting that things get kinda weird.

I’ll add some of my comments to that discussion.

You guys have basically been describing Aether and Nostr

The main issue is when your instance starts federating, accounts are created with a key pair that you will lose when changing software, and generally a whole bunch of URLs will no longer be valid. The actor ID of your user is https://feddit.org/u/buedi, not just buedi. Mastodon might make it https://feddit.org/@buedi instead. As per the spec, that is the canonical URL for the user/actor.

Other instances will still try to push content to your instance assuming the software it was registered with. So you may continue to receive data for Lemmy communities which Mastodon has no clue what that is or what to do with it.

You can host the API/frontend on a different domain no problem, but the actual ActivityPub service should be on a dedicated subdomain to avoid the issues.

That said, I believe after a couple days/weeks, it should eventually sort itself out as your instance keeps erroring out and gets dropped and reregisters with the new software.

https://seb.jambor.dev/posts/understanding-activitypub/

There’s a reason it only supports Pixel phones: none of the other manufacturers produce phones that are suitable for it. All the other ones either don’t let you unlock the bootloader, won’t let you relock it with your own keys, or disables other security featurea. Meaning anyone can just flash whatever code they want to the phone and completely nullify the security model.

For a bit, OnePlus did support this but they quietly removed that feature with the Android 12 bootloader update, and otherwise cut you off from the TEE anyway so the OS can’t even verify the boot chain.

The GrapheneOS team said they would happily support other devices if any met their criterias for support. None do. Pixels are the only phone where you can properly flash a custom OS on, and relock the bootloader and disable OEM unlocking like it’s the official OS with all the security features functional.

Sounds more like a rolling release than a mess to me. Makes sense for development and users that want to try out new features as they get developed.

From a developer’s perspective that sounds like a good idea too, no need to rip out features that weren’t ready in time and no need to rush a feature because it was in the developer preview therefore it has to ship.

The email used to be used to send you notices if your cert wasn’t renewed and other communications. They’ve just discontinued that feature, so the email isn’t super important.

It’s a good idea to provide a valid email address, but it’s not that important and doesn’t really matter for the purpose of issuing a certificate. It’s not part of the problem you’re having.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

The performance is a good point. You can do the striped mirror with ZFS too and still get the advantages of ZFS.

I think you can do all of that through the Proxmox UI, but it shouldn’t be too hard to do on the CLI either. You just make two mirror sets and you’re good to go. ZFS should automatically distribute the load across the two mirrors.

I’d probably do RAID-Z with ZFS rather than RAID10, better space utilization and better error correction. Should be able to easily set that up in the Proxmox web UI.

Everything else sounds good. Don’t worry too much about it, you will find things you wish you did differently regardless, that’s part of the learning experience.

want someone to prove his LLM can be as insightful and accurate as paid one.

The full DeepSeek model is available for download, and should generate about the same quality answers as the official one, with the bonus of less censorship. I pretty trivially got it to talk about the Tiananmen Square, and they can’t even ban me for it.

That said, that’s rarely the point. It’s usually because you can, a cost saving measure, sometimes you plainly just don’t need a good model, sometimes you want privacy, sometimes you need privacy at the cost of quality.

If your business is shoving customer reviews into a model, you really don’t need the best model for it to tell you how angry the customer is.

Personally I just do it for fun and because I can. Sometimes you just do things for no other reason than because you can.

You can’t really easily locate where the last version of the file is located on an append-only media without writing the index in a footer somewhere, and even then if you’re trying to pull an older version you’d still need to traverse the whole media.

That said, you use ZFS, so you can literally just zfs send it. ZFS will already know everything that needs to be known, so it’ll be a perfect incremental. But you’d definitely need to restore the entire dataset to pull anything out of it, reapply every incremental one by one, and if just one is unreadable the whole pool is unrecoverable, but so would the tar incrementals. But it’ll be as perfect and efficient as possible, as ZFS knows the exact change set it needs to bundle up. It’s unidirectional, so that’s why you can just zfs send into a file and burn it to a CD.

Since ZFS can easily tell you the difference between two snapshots, it also wouldn’t be too hard to make a Python script that writes the full new version of changed files and catalogs what file and what version is on which disc, for a more random access pattern.

But really for Blurays I think I’d just do it the old fashioned way and classify it to fit on a disc and label it with what’s on it, and if I update it make a v2 of it on the next disc.

Both use Linux under the hood. You can even install LineageOS on some TVs.

The only reason AndroidTV is bullshit is the manufacturers because casual users want shit like Netflix and Prime preinstalled. Google TV in particular comes with a lot of crap and the ads, which believe it or not some users take as a feature.

But that’s not inherent to Android TV as an OS, it’s exactly like Android phones and manufacturers preloading a bunch of crap to make an extra buck. If your run AOSP you get none of that crap, and it’s fully open-source.

Yeah, that’s enough to not have it exposed directly. I understand why they did it that way but very good to know, thanks!

I keep hearing claims that it’s not secure enough to be exposed on the Internet, but I can’t seem to find anything about unauthenticated vulnerabilities. It’s got a fair amount of CVEs but they all seem to affect when you’re an already authenticated user, mainly to XSS an admin as a regular user or the likes.

It’s written in C#, and publicly all you can do is pretty much attempt to log in, this feels like it should be pretty sane compared to some other PHP crap I run.

Do you have any examples of previous exploits or anything else to be concerned about?