Revv

OSes are for losers. Anyone who isn’t braindead runs a homebrew array of 555 chips running handwritten binary. Fuckin noobs.

Two clicks away via the linked article.

I have no doubt that China can and does buy data from data brokers. I think it’s unlikely, however that any of the major players are going to be willing to sell all their data on anyone- being able to target ads to individuals is their entire value proposition after all. On top of that, Facebook, Twitter, and Instagram have fallen pretty heavily out of favor with folks in their teens/early 20s (i.e. the demographic most ripe to be sources of bad OPSEC).

But even assuming that an adversary could buy all the data they could possibly want, doing so could tip off anyone who cared to be watching about the sorts of data they’re interested in. This is generally not something you want as it can reveal your own strategic concerns/intentions.

Having your own app that can collect whatever you want, where you can promote whatever information/view that you want is a pretty big advantage over buying data.

If the argument is about privacy, I think banning tik tok is complete bullshit. If it’s about limiting intelligence gathering and influence campaigns, I think it makes more sense.

Yes and no. Without endorsing them, the arguments for banning Tik Tok are subtler than Chinese = security risk. The fears, however reasonable you may find them, are largely that it presents a danger of foreign information gathering of detailed behavioral/location/interest/social network information on a huge swath of the U.S. population which can be used either for intelligence purposes or targeted influence/psyops campaigns within the U.S. When you look at the history of how even relatively benign data from sources not controlled by foreign adversaries has been used for intelligence gathering, e.g. Strava runs disclosing the locations of classified military installations, these fears make a certain amount of sense.

Temu, et al., on the other hand are shopping apps that don’t really lend themselves to influence campaigns in the same way (though, if they are sucking up data like all the other apps, I wouldn’t be surprised if folks in the U.S. security apparatus are concerned about those as well.

Ultimately, I think the argument fails because it assumes an obligation for Congress to solve every tangentially related ill all at once where no such obligation exists.

It’s worse than that. It’s arguing that her estate and surviving husband can’t sue because he had a trial subscription to Disney+. It’s fucking absurd.

Check out low end box. I found coupons for racknerd. I have one VPS that’s $10/yr, another that’s $18/yr. I’ve had zero downtime in the 18 months I’ve used them. No complaints from me. YMMV of course.

You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.

I’m not a docker expert- i tend to just run everything in an LXC. But, doesn’t docker typically run as root? It might be that you gave your lxc user UID proper permissions, but not the lxc root UID.

Alternatively, you are aware that LXC UID 1000 != Host UID 1000, yes?

FWIW, permissions in proxmox/LXC are really clear and predictable… once you understand the way the map in the config files.

Ah yes, tracingwoodgrains.com- everyone’s source for hard-hitting, unbiased news coverage. 🙄

This story got shot down for the whiny trash it is two days ago. What made you think people would forget?

Personally, I take comfort that the executive will be weakened as it looks more and more likely that we’re about to have a wannabe dictator coming to office.

Racknerd via the coupon @ Low end box.

The full price is like $24/yr, so even if it goes up, meh.

I’m a big fan of cheap (as in ~$10/yr vps) and reverse proxy over wireguard. My home ip isn’t exposed and I’m able to quickly spin new containers up by updating my reverse proxy config and adding a wireguard peer.

I keep two VPSs- one as reverse proxy for all my miscellaneous services and another solely for email. The latter port forwards raw traffic over wireguard to my email server container. That way, even if the VPS gets compromised, my personal data remains secure.

I end up paying ~ $30/yr (+ whatever I’m paying in electricity) for domain + VPS. It’s a bit more involved than tailscale, etc, but I’m willing to put in a little extra work to make sure I’m not at the mercy of some company getting up to some rent-seeking bullshit.

If only there had been another widespread, wasteful prior use of expensive and power hungry compute equipment that suddenly became less valuable/effective and could quickly be repurposed to run LLMs…

Is there a good reason I don’t know about to prefer this over Aegis?

The only option that fits your budget today I can think of would be picking up one of the old xeon combos off of AliExpress. I spent like $100 on a MB+CPU+64GB DDR4 combo with a 2880 v4 I think. 14c/28t at any rate. You can probably grab a case/power supply/video card used for under $50 on eBay.

Please note that I’m not saying that this is a good option; it took a lot of fiddling for me to get mine running smoothly. But if you’ve got more time and patience than money, it might work for you.

Since before it was the CIA. Open Source in this context isn’t about software licensing, it’s about gleaning everything you can about an adversary from publicly available information without infiltrating anything.

A non-intelligence example of this would speculating on what products a company is working on based on their job postings.

To bring it full circle, one can glean from this posting that the CIA is looking to hire someone to troll the internet for folks to target for further intelligence gathering. Business as usual.

I second this. I use a couple of dirt cheap VPSs from racknerd ($24/yr for 1 CPU/512Mb ram, but you can find coupons online to get them for $10/yr 1CPU/768mb ram) one does port forwarding over wireguard to my mail server so I can keep all my data in house, the other hosts an NGINX reverse proxy for all my web services. Works great. I use the reverse proxy for nextcloud and jellyfin for myself and 6 other users. Never had an issue. (Well, never had an issue I didn’t cause myself at any rate.)

It’s a little harder to set up than some of the other suggestions, but it’s cheap, fully transparent to users, and doesn’t expose your home network to the outside world.

Nope. It just maps a single user and group from the container to a regular user on the host. With the above config, root in the container has the “real” UID of 100000. It can’t make changes to anything any other unprivileged user can. A privileged container otoh runs root as root. It can do a lot of damage. By running privileged containers you’re kind of throwing out a good portion of LXC’s benefits.

The user and group mapping for lxc is easy(ish) once you understand it.

The above breaks out as follows: lxc.idmap: [user/group] [beginning host UID/GID] [number of sequential IDs to map]

lxc.idmap: u 0 100000 1000 [maps LXC UIDs 0-999 to host UIDs 100000-100999]

lxc.idmap: g 0 100000 1000 [maps LXC GIDs 0-999 to host GIDs 100000-100999]

lxc.idmap: u 1000 1000 1 [maps LXC UID 1000 to host UID 1000]

lxc.idmap: g 1000 1000 1 [maps LXC GID 1000 to host GID 1000]

lxc.idmap: u 1001 101001 64535 [maps LXC UIDs 1001-65535 to host UIDs 101001-165535]

lxc.idmap: g 1001 101001 64535 [maps LXC GIDs 1001-65535 to host GIDs 101001-165535]

The last two lines are needed because a running Linux system needs access to a minimum of 65336 UIDs/GIDs (zero-indexed).

You can basically think of LXC as running everything on the host system itself, but running it all as UID/GID 100000-65535 by default. In an unprivileged container, you have to remap these to give access to resources not owned by that range.

This is pretty much how I’m hosting a similar set of services to you. I have a couple of dirt cheap VPSs ($10/yr via racknerd) which serve as public access points. One provides a wireguard tunnel and port forwarding to a mailinabox instance serving mail for my various domains, the other runs a wireguard tunnel and nginx reverse proxy for all my public-facing services. A little fiddly to set up the port forwarding, but it’s been rock solid since I set it up.

Re: email, it’s not too hard, but it is unforgiving. Mailinabox makes it much, much easier to set up an email server that doesn’t automatically go to spam. Basically though, if you have your SPF, DKIM, DMARC and RDNS set up correctly, your golden. Mailinabox takes care of all of it except RDNS.