mynacol

@mynacol@ipv6.social

🇬🇧 and 🇩🇪 posts about noteworthy stuff in my life. Mainly about #Linux, #IPv6, #networking as well as computer #security and #privacy.

Using #NixOS, #Arch Linux, #GrapheneOS, fan of #IPv6, #DNSSEC and #TLS.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mynacol, to PostgreSQL

Updated on my server from 14 to 16. I just did pg_dumpall and later restored the dump.

mynacol,

@pi_crew Yeah, that's one of the painful sides of Postresql. Major versions have no integrated upgrade mechanism. For simple instances the easiest method is to do a dump and restore it into the new version.
There is a pg_upgrade, which could be automated in , and replicated setups can upgrade one by one.

https://www.postgresql.org/docs/current/upgrading.html

kuketzblog, to pixel German
@kuketzblog@social.tchncs.de avatar

Der Akku vom Google Pixel 8 in Kombination mit GrapheneOS (ohne Play Services) hält eine »Ewigkeit«.

mynacol,

@tucholsky @kuketzblog Probiere mal, die Akkueinstellung von Signal auf uneingeschränkt zu setzten. Etwas unintuitiv kann das den Akku mehr schonen als "eingeschränkt".

csoriano, to random

Hi all, we have news regarding our plans for RHEL 10, Xorg server and Wayland we want to share with you. We wrote a blog post to that end. With this, we're looking forward to continue building with the community, and gained focus, the future of Linux.

https://www.redhat.com/en/blog/rhel-10-plans-wayland-and-xorg-server

mynacol,

@csoriano tl;dr: removes Xorg in 10 (coming out 2025), and continues supporting Wayland and XWayland.

ryanc, to random

I made a GitHub account with my work email address just so I can use code search on my work computer...

mynacol,

@ryanc I regularly open github projects I want to search through with github1s.com, which gibes you a web VSCode instance. Search without login \o/

element, to random
@element@mastodon.matrix.org avatar

📣⚠️📣 Announcing a new home and license (AGPLv3) for Synapse and friends: going forwards Element’s work on Synapse, Dendrite & related server-side projects is going to be released as AGPLv3 rather than Apache.

https://element.io/blog/element-to-adopt-agplv3/

mynacol,

@element AGPL: Great. CLA: Required to be able to relicense for specific customers, understandable. But allows you to "go closed source".

Not sure if it is possible to codify in legal terms that Element is indefinitely required to distribute a version of the software under the AGPL, maybe the one hosted at matrix.org? That would nerf the CLA by preventing you to fully go closed and in turn preserve trust in the community.

hhg, to NixOS

Anyone knows if it is possible to modify /etc/hosts temporarily on NixOS ? I mean similarly with how nix shell or nix run could be used to briefly have programs installed, without needing to rebuild the system and change the configuration.

mynacol,

@hhg You should be able to bind-mount another file over /etc/hosts and later unmount it again.

Out of my head sth like mount --bind [new file] /etc/hosts.

shaft, to random
@shaft@piaille.fr avatar

We have HTTP over (aka HTTP/3), over QUIC, there are some works for over QUIC and RTP over QUIC but it seems there is no over QUIC project yet :/

mynacol,

@shaft I have lost hope for such a migration. Just like implicit TLS for server-server communication was never really pursued.

cameron, to random

Two things that happened this week:

  • YouTube started banning the use of ad blockers
  • Google was found serving ads with malware
mynacol,

@loke @cameron Yeah, it depends on region and some random selection. Yesterday I also learned you have to be logged in (which I'm never).

danyork, to random
@danyork@mastodon.social avatar

I honestly had not heard the phrase “linear television” before, but it makes sense…

From: @tedium
https://social.tedium.co/@tedium/111099725279252053

mynacol,

@danyork @tedium That's a pretty common phrase here in Germany ("Lineares Fernsehen").

kuketzblog, to random German
@kuketzblog@social.tchncs.de avatar

Nach der Umfrage, ob ich meine Software-Einstellungen zur Verfügung stellen soll, habe ich damit begonnen. Veröffentlicht:

  • Brave (Android)
  • LibreWolf

Zu erreichen über: Neu hier? -> Einstellungen.

https://www.kuketz-blog.de/einstellungen/

mynacol,

@kuketzblog Vielen Dank.
Ich bin insbesondere auf die Thunderbird-Konfiguration gespannt. Just gestern habe ich ein paar unbekanntere Optionen notiert: https://blog.mynacol.xyz/en/mail-privacy/#thunderbird
Um Verbindungen nach thunderbird.net/mozilla.org vollständig zu eliminieren, war neben den Einstellungen vom Privacy-Handbuch die Umgebungsvariable MOZ_REMOTE_SETTINGS_DEVTOOLS=1 nötig. Bitte gerne erneut prüfen.

kuketzblog, to random German
@kuketzblog@social.tchncs.de avatar

Pi-hole: Fritz!Box als Upstream DNS-Server erzeugt häufig SERVFAIL-Replys

https://www.kuketz-blog.de/pi-hole-fritzbox-als-upstream-dns-server-erzeugt-haeufig-servfail-replys/

mynacol,

@kuketzblog Die Probleme mit DNSSEC Validierung verwirren mich.
Ich habe seit Jahren einen lokalen DNSSEC-validierenden Resolver (unbound) auf meinem Laptop am laufen. Schätzungsweise jedes zweite öffentliche WLAN liefert DNS Server aus, die bei den für DNSSEC relevanten RRs falsche Antworten liefern.

Neuere FritzBoxen und SpeedPorts sowie andere moderne Konsumentenrouter machen meiner Erfahrung nach keine Probleme. Es sind v.a. Geräte explizit für öffentliche WLANs verantwortlich dafür.

b0rk, to random
@b0rk@jvns.ca avatar

why is DNS still hard to learn? https://jvns.ca/blog/2023/07/28/why-is-dns-still-hard-to-learn/

mynacol,

@b0rk @dalias I'm looking forward to HTTPS RRs (and SVCB). Needed for direct (upgrade-less) HTTP/3 connections and for Encrypted ClientHello.

Using @njalla's DNS servers and currently missing this RR (but nginx and Firefox lack parts as well for now).

kuketzblog, to twitter German
@kuketzblog@social.tchncs.de avatar

Jetzt funktioniert nicht mal mehr Nitter, das ich genutzt habe, um dem Twitter-Account der Stadt Karlsruhe per RSS-Feed zu folgen. Und auch via Browser kommt man jetzt gar nicht mehr auf Profile oder Postings. Die Plattform ist nun vollständig in sich geschlossen. Selbst das Lesen funktioniert nun nur noch mit Twitter-Account.

mynacol,

@kuketzblog Die embed-Elemente funktionieren immer noch. @Dvikan hat basierend darauf einen schnellen Fix in rss-bridge eingebracht, seine Instanz ist bei https://rss-bridge.org/bridge01/ zu finden. Ein Hoch auf RSS!

kuketzblog, to security German
@kuketzblog@social.tchncs.de avatar

Das BSI Testwerkzeug zur Durchführung von TLS-Konformitätstests ist als »TLS Checklist Inspector« online verfügbar. (Hosting/Betrieb achelos) 👇

https://www.tls-check.de/de

#tls #ssl #security #sicherheit #bsi

mynacol,

@kuketzblog können sie auch nicht. IPv6-only Domains bzw. IPv6-Adressen sind scheinbar "ungültig."

kuketzblog, to android German
@kuketzblog@social.tchncs.de avatar

Wechsel zu neuem Gerät, System (GrapheneOS) bleibt gleich. Hat jemand schon mal Seedvault genutzt, um seine gesamten (App-)Daten inkl. Einstellungen auf das neue Gerät zu kopieren? Wenn ja, wäre ein kurzer Erfahrungsbericht interessant.

https://github.com/GrapheneOS/platform_external_seedvault

mynacol,

@kuketzblog Habe ich die Tage ebenso gemacht. Cool ist, dass alle Apps nach der Wiederherstellung schon installiert sind. Nicht cool ist, dass eine ganze Menge Apps das Systembackup verhindern, sodass man doch die Daten manuell rüberkopieren muss. Dabei hilfreich: Altes und neues Handy direkt mit USB-C zu USB-C Kabel verbinden und die Daten auf dem internen Speicher sowie Exporte der verschiedenen Apps einfach übertragen.

mynacol, to NixOS German

@pi_crew I've seen you working a bunch on the module.

The last days I researched a bit on HTTP . What do you think about adding pre-compressed versions ( and ) of static assets during the Nextcloud building phase? Is the rise in storage space reasonable? It would reduce CPU usage and transmission size.

Optionally we could use zopfli for gzip to achieve even greater compression (slower).

It seems e.g. mastodon does this already: https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/servers/mastodon/default.nix#L111

mynacol,

@sandro @pi_crew Cool! Are your changes/overlays somewhere public?
And do you intend to create a PR eventually?

mynacol,

@sandro @pi_crew I created a simple overlay myself. The relevant content:

 buildPhase = ''  
 # Create missing static gzip and brotli files  
 find apps/ core/ dist/ resources/ themes/ \  
 -type f -regextype posix-extended -iregex '.*\.(css|js|json|svg|ico|txt|md|xml|html|ttf|otf|eot)' \  
 -exec zopfli --gzip {} ';' \  
 -exec brotli --best --keep {} ';'  
 '';

Maybe I'll do a PR soon.

mynacol,

@sandro @pi_crew The mastodon packaging just creates gzip and brotli compressed files at build time.

I would prefer that for as well. Avoids adding another option.

raito, to random
@raito@nixos.paris avatar

Heads-up, Foundation seems to need help and community input on a developing NixOS cache S3 situation: https://discourse.nixos.org/t/the-nixos-foundations-call-to-action-s3-costs-require-community-support/28672

Please don't hesitate to bring new points and interesting things which could help steering the situation!

I already gave my (somewhat personal) view in the second post.

mynacol,

@raito When first trying I noticed you never set a (to a university close to you 😆), unlike "all other" Linux distros. Mirroring the most popular derivations would reduce traffic numbers, but is a solution to Fastly cancelling the CDN sponsorship.

This time it's more about data retention for infrequently needed derivations. Maybe looking into https://archive.org might be fruitful, at least Linux saves all binaries ever released there https://wiki.archlinux.org/title/Arch_Linux_Archive#Historical_Archive

nixCraft, (edited ) to linux
@nixCraft@mastodon.social avatar

Poll: The most common way I've seen for SSH access to or servers (please boost for reach. TIA):

mynacol,

@nixCraft SSH keypair, saved in a TPM where possible. I recommend https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md for setup instructions.

jwildeboer, to random
@jwildeboer@social.wildeboer.net avatar

The real question is the relation of facebooks revenue and the €1.2B fine by the DPC. And why it took so long. Is this amount causing real harm to Facebook or is it just cost of doing business to them? Will they retaliate and close their EU offices?

mynacol,

@jwildeboer The 1,2 billion $ is around 1% of the 2022 annual global revenue (according to statistia https://www.statista.com/statistics/268604/annual-revenue-of-facebook/ ). That's around 25% of the maximum fine of 4% of the annual worldwide revenue. A bit above the legally binding 20% of the maximum fine the EDPB set.

mynacol,

@jwildeboer This weakened fine and the long time to enforcement is due to the Irish DPA. As long as Facebooks only European company presence is in Ireland, that DPA is responsible for EU GDPR enforcement. Were Facebook to leave the EU, all member states could give fines.

nixCraft, to random
@nixCraft@mastodon.social avatar

This is why we used Docker or another container tech like LXD or FreeBSD jails. There is no need to break the whole thing because a newer version of Python or PHP is installed on your Unix or Linux server.

mynacol,

@nixCraft Or you can just use 😁

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • thenastyranch
  • magazineikmin
  • mdbf
  • GTA5RPClips
  • everett
  • rosin
  • Youngstown
  • tacticalgear
  • slotface
  • ngwrru68w68
  • kavyap
  • DreamBathrooms
  • khanakhh
  • megavids
  • tester
  • ethstaker
  • cubers
  • osvaldo12
  • cisconetworking
  • Durango
  • InstantRegret
  • normalnudes
  • Leos
  • modclub
  • anitta
  • provamag3
  • lostlight
  • All magazines
    •