[-] irotsoma 2 points 12 minutes ago

Because the fact that trans people even exist is "controversial" and "confuses children". In reality children are usually the least confused by the subject since they haven't been as exposed to hate speech saying we don't exist or are "destroying families".

[-] irotsoma 1 points 23 hours ago

Caveat, any reputable brand of thermal paste is basically the same. I've experienced many cheapo brands, especially stuff included with cheapo hardware, that had texture issues or nearly liquefied at high temperatures and made a mess. Also, had one that evaporated partly and tested positive for lead, so not the most healthy. Though one time is not a big deal, it is a big deal if you used it a lot.

Anyway, stick to reputable brands and most are the same. Slight differences are usually in max temperature, but that doesn't really apply to computer hardware much, but does affect some other moderately high temperature hardware that needs even cooling that I work with, like 3D printing.

[-] irotsoma 1 points 2 days ago

The only thing you gain from VPN is that the target server does not know your IP.

Not necessarily true. A VPN also prevents the ISP from collecting data on all of your connections. Currently ISPs (in the US at least) collect and sell what sites you visit even if they can't see the data due to HTTPS. Additionally, some have implemented, but then removed due to backlash but may implement again some day, MitM attacks on HTTPS connections in order to insert ads. Using a trusted DNS server that they don't also intercept can help avoid this, though. With a VPN the ISP won't see any of this, only the connection to the VPN server and have no way to insert themselves as long as they don't intercept the VPN connection itself before it's established.

[-] irotsoma 2 points 2 days ago

Not your preferences personally, but the preferences they think you have based on those categories because there are a lot of preferences that society says people of those genders are supposed to prefer. It's used in almost all advertising categorization because the majority of people give in to conforming to those preferences in order to fit in. Most men don't wear lacy pink and purple or they get called sissies or whatever, so they don't advertise lacy lingerie to people categorized as men for example. Otherwise they're wasting their ads. But LGBTQ+ people aren't really considered in these things because most ad companies are too conservative and even admitting LGBTQ+ people even exist is hard to get people like that to do.

[-] irotsoma 3 points 2 days ago

It's not that kind of breaking change. It's a change that won't affect most people. Only those who chose to use a custom location for their media location and chose to set that to a relative path instead of an absolute one which caused the application to have trouble resolving the paths. The change eliminates a bug by preventing people from doing something that was not intended to be supported. So it's not a "breaking" change necessarily in the sense that they are changing documented functionality. They are eliminating a way that people can misconfigure the application which may in some cases cause the application to break if someone successfully configured the application in this unintended way.

[-] irotsoma 5 points 3 days ago

Problem is that Apple has always been even more about lock-in and user tracking than Google, though Google has been catching up on that front quite a bit. But at least Android has some open source components to allow knowing what's tracking you. Problem is the manufacturers then add another layer of tracking and lock-in if you use phones from manufacturers like Samsung. So you may or may not be reducing the number of companies tracking you by moving from Samsung to Apple, but you're increasing the amount of data that can be captured and linked to you and preventing yourself from using privacy apps that might be able to block some of that since iOS has much more strict control over what the user can do with their device at the OS level and forces developers to use their tracking systems in a lot of cases for things like error handling. So overall, moving to Apple is increasing your exposure to tracking, even if reducing the number of companies who have the info for free, of course they all sell all that info, so that's not really an advantage.

A year ago I would have suggested getting a Pixel phone and installing GrapheneOS, but it looks like Google is moving to kill off alternative OSes on Pixels, so not sure what's the best bet at this point.

But Apple has always been of the mindset of controlling user experience and security over configurability and privacy which many prefer since they want it to "just work".

Remember, security, privacy, and usability always have to be balanced. For example, if you want a chat app that is both secure and private, then the app servers have no information to make things more usable, like how do you share your hardware address for communication to go to if there are no user IDs for privacy. You have to do that outside the app, thus less usable. So if you see an app that is very secure and usable, it likely is not very private. Signal is a good example on the chat application side since it uses a phone number which is then linked to lots of personal info, but it has very secure messages and is very easy to find your friends on it (usable).

Apple generally prioritizes user usability and user security with the detriment of user privacy and developer usability and privacy.

[-] irotsoma 11 points 3 days ago

It's only there because their ads want it and companies they sell your data to want it so they know what forced preferences society has told you to have and they can target you with those.

[-] irotsoma 1 points 3 days ago

Yeah iOS is weird about background processes and some versions are bad about killing parts of apps but not informing the app it was killed when restoring the state of the main process. One reason I personally don't develop my stuff for iOS. It requires a lot of extra code to deal with the disparate ways in various versions that coming back from being in the background requires. Since just restarting everything can be frustrating to users.

[-] irotsoma 3 points 3 days ago

It's a full release, not a point/patch release, the title just doesn't show the second .0. They use semantic versioning so it's major.minor.patch.

It's also a very minor change and only affects a single configuration property and only people who used relative paths in that property.

[-] irotsoma 8 points 4 days ago* (last edited 4 days ago)

I had a lot of trouble with keeping the connections stable and having to reatart services with both KDEConnect and Warpinator, but LocalSend has been perfect every time. I'm using a Fedora laptop with a Pixel 7 Pro running GrapheneOS.

[-] irotsoma 3 points 4 days ago

This is why I never used their images for any of my projects and do everything I can to use official charts made by the software vendor itself or create my own and put them in my personal git repo for automated deployments.

Any business that gives away middleware for free, likely does that in the hopes of monetizing that pretty directly and eventually will be pressured to increase monetization of those things by those investors or will be forced to stop developing those products due to lack of funding. Middleware really doesn't have many other good ways to monetize.

[-] irotsoma 8 points 4 days ago

The laws aren't about protecting children, though. Only legitimate sites will implement it, and legitimate sites generally aren't the most problematics sites.

The laws are actually designed to allow for the tracking of adults' activity and link them to that activity in a way that is provable in court. Anyone who wants to use the sites for nefarious purposes can just impersonate others and frame them for the use. So, there's no real value in any of it, just a way to get campaign funding. The real solutions would be too expensive to implement and require experts to design who are much more likely to be highly educated and thus unwilling to help a fascist state, so they'll never happen.

29
submitted 1 week ago by irotsoma to c/selfhosted@lemmy.world

I'm starting a project to make my home hosted services exposure to the internet a little easier to keep secure.

I have various web services such as Immich, JellyFin, and a few other services that either have high storage needs and this would be expensive in the cloud, or things that use more private data. Many of these are exposed to the internet. This network has a domain assigned and each service is assigned a subdomain. These are running in a K0s Kubernetes cluster on a separate VLAN from my home devoces on a couple of NUCs and a raspberry pi. And use Traefik reverse proxy and Keycloak OIDC.

I also have a few VPS's running things that need faster responses or don't store as much data. This has a separate domain.

Right now I have an OPNSense router that is the target of all the home domain's traffic using dynamic DNS and that forwards it to Traefik on the Kubernetes cluster.

I'd like to instead close off the home network a bit more so I don't have to devote so much to security and can just drop a lot of the malicious connections coming in regularly. I also have the problem that my ISP still only offers 6rd for IPv6 which is basically useless. So I was considering several tunneling technologies that would have the exit node on a VPS. But also need to be able to access the services while at home without the traffic exiting the network.

I've narrowed in on headscale/tailscale and pangolin. I really like that pangolin uses traefik because I'm already familiar with it and it's already in use in both my domains.

So I'm going to start working on setting up pangolin to see how it goes, but I haven't seen many examples and I haven't seen any that use Kubernetes on the internal network side. Sure I could set up a separate docker instance to host the services, but I really like that kubernetes is able to load balance so that one of my NUCs is almost always in low power mode during off hours when no maintenance tasks are running. So I don't want to put other non-kubernetes services on there nor do I want to have to set up a totally separate server if not necessary.

I haven't dug in too deep yet, so I was hoping to see if anyone else had any experience with setting up pangolin with kubernetes on the internal network side?

6
submitted 4 months ago by irotsoma to c/skincareaddiction@sh.itjust.works

I'm looking for some new face creams for combination skin and found something that didn't make sense to me. Anyone want to ELI5 why prebiotics are a positive thing for skin creams? I've seen several products advertising it. But doesn't prebiotic just mean it's something that bacteria likes to eat? So, in a skin cream that seems like it would promote bacterial growth, which I get why that combined with probiotics can be good for digestion, but can't get why it's a plus and not a minus for skin creams, especially in areas of the skin like the face that tend to gather a lot of bad bacteria.

Anyway, just trying to decide if it's just marketing nonsense, there's an actual benefit, or as it seems with my initial reaction, that it's actually a negative thing that would potentially promote acne/rosacea.

Also, feel free to interject any recommendations on good ingredients/products for aging, combination skin, but not the primary reason for the post.

view more: next ›

irotsoma

joined 6 months ago