HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Dedime

no profile record

comments

Dedime
·3 bulan yang lalu·discuss
PREACH!

I run K8s at home. I used to do docker-compose - and I'd still recommend that to most people - but even for my 1 little NUC with 4vcpu / 16Gi Homelab, I still love deploying with K8s. It's genuinely simpler for me.

If anyone's looking for inspiration, my setup:

* ArgoCD pointed to my GitLab repos

* GitLab repos contain Helm charts

* Most of the Helm charts contain open-source charts as subcharts, with versions set like (e.g.) `version: ~0` - meaning I automatically receive updates for all major version until `1`

* Updating my apps usually consists of logging into the UI, reviewing the infrastructure and image tag updates, and manually clicking sync. I do this once every few months

My next little side project: Autoscaling into the cloud (via a secure WireGuard tunnel) when I want to expand past my current hardware limitations
Dedime
·3 bulan yang lalu·discuss
The brilliance of the implementation of cooldowns: For someone to go download and run it, automated or otherwise, they simply follow the standard installation process.

Users who want take the extra precaution of waiting an additional period of time must decide to manually configure this with their tooling.

This practice has been a thing in the sysadmin community for years and years - most sysadmins know that you never install Windows updates on the day they release.

Having a step before publication means that's it's essentially opt-in pre-release software, and that comes with baggage - I have zero doubts that many entities who download packages to scan for malware explicitly exclude pre-release software, or don't discover it at all until it's released through normal channels.
Dedime
·5 bulan yang lalu·discuss
Total meh from me, an end user. User of KeePass since at least 2015, I've written end-user guides, contributed to the main documentation, evangelize it to my family and friends when they have security questions.

I store every single important piece of info in my KeePass database. It stores ALL of my passwords, my SSN, credit cards, my health information, even some weird stuff like my vehicle maintainence records and whatnot. My KDBX file currently sits at 466K. Size is not a particularly compelling reason. Hate to be that guy, but if your database is much larger than that - you're probably doing it wrong.

Newer features like TOTP and passkeys are likewise not a concern for me. What did KeePassXC do when TOTP came around? They stored the relevant data in the attributes, and added a UI around it. It even works with my Steam TOTP, which is a nonstandard implementation. I haven't looked into it, but I imagine they did the same thing with passkeys. I don't see why this couldn't continue to be the paradigm they use. I don't use attributes at all - I haven't needed to, the notes section work great - but I do appreciate being able to look into the "raw data" of attributes quite easily, from within the UI.

If KeePass were being developed from scratch today, or if the developers of the various projects collectively really, really want to switch to a SQLite system of their own volition. Then sure, SQLite. I'm not going to ask them to do that now though.

---

On a separate note, an unfufilled niche that I have though, if anyone's looking for ideas. My secure password storage is a solved problem, KeePass is cross platform, easy to use, and very secure. What remains a problem is secure notes. I want to be able to write markdown (`.md`) documents, add photos and PDFs, then save it to a secure, encrypted folder somewhere. Doesn't need the same security posture as KeePass, but I don't want to leak metadata like file names.

Obsidian - my current notes app - is good from a usability standpoint, but it's not exactly secure. I could pair it up with Veracrypt, but that's a pain from a usability standpoint, and I don't trust my OS to keep the mounted Veracrypt volume contents a secret. Whatever the solution is, it must have a GPL license, or else I'm not going to trust it - from a long-term viability standpoint more than anything else.

If anyone has any suggestions here, would love to hear them.
Dedime
·5 bulan yang lalu·discuss
Hot take alert! As an avid self-hoster, I'd like to hear why.

Personally, I self host because the benefits I receive simply aren't available anywhere else at the level of quality I've come to expect - Jellyfin is a great media player, it's free, and I don't want to switch. Pihole provides ad protection and privacy for my whole home network. It's also free. Homeassistant is amazing, and free. Etc etc.
Dedime
·5 bulan yang lalu·discuss
Well, it's stored in an encrypted way - in the encrypted password database. Much like a password, everyone already knows not to share a passkey. But also like a password, as the owner, sometimes I want to look at it!
Dedime
·7 bulan yang lalu·discuss
My problem with NixOS is the second you try to go "outside the guardrails", the difficulty increases 100x
Dedime
·8 bulan yang lalu·discuss
Admittedly I didn't dive much into this to get the full context, but it's saddening to me that a legendary game designer had a GoFundMe. I was hoping achieving that level of status in a traditionally well-paid industry would leave one well off, financially.
Dedime
·8 bulan yang lalu·discuss
I wouldn't say it's perfect quite yet. I just installed Debian on my Framework, and my microphone isn't working. Debugging it for the last 30 minutes has gotten me nowhere, and half the answers on the internet don't apply to my distro. Until basic issues like this go away or have easy solutions, it's hard to recommend it to anyone.
Dedime
·10 bulan yang lalu·discuss
Maybe this is naive, but in a good crypto system, I would hope "when" is measured in millions or billions of years given current hardware capabilities.