glue_snorter

@glue_snorter@lemmy.sdfeu.org

This profile is from a federated server and may be incomplete. Browse more on the original instance.

glue_snorter,

Excellent - I’m about to install it for my aged mother, because windows keeps moving her cheese.

I want something that doesn’t change the workflows once she’s learned how to do a task, and that local techs can help her with, and that I can VNC to when I have to.

glue_snorter,

Second draw.io - I’ve done lots of diagrams with VSCode and the draw.io plugin

glue_snorter,

Think of the lexiconsequences

glue_snorter,

I’m a native English speaker. I can’t understand your comment. I sense that you have a useful perspective, could you rephrase it so it’s understandable?

glue_snorter,

I used a Sidewinder keyboard for years with programmable macros.

Yeah, I had my password as a macro.

Dick move on my part as the macro, I’m fairly sure, is stored in plaintext on the PC. But the convenience was great. I don’t do that any more.

glue_snorter,

You are correct, it’s a warm and helpful community… except for the people who like the smell of their own farts.

Lemmy is better. But reddit is lousy with ignorant twats saying bullshit like “Linux is just a superior philosophy”, but who have never written a line of C or C++ in their lives. They know nothing about system design or computing history. They make claims about windows that apply equally to linux, or vice versa. They use terminology in a nonsensical context. In short, smug fools. It’s not unwelcoming so much as unappealing.

The best thing about Windows is that no-one is smug about using it.

question about gitlab merge request (invent.kde.org)

Hello! Yesterday I submitted my first merge request to a KDE software! I forked the repo, applied the edits, committed them and pushed to my fork, and then from gitlab created a merge request. after a few hours, the author pushed something into the master, making my merge request 1 commit behind the master. On the merge request...

glue_snorter,

No! Bad dev! No biscuit!

Never merge master into a feature branch. It’s called a “wrong-way” merge and it makes the history fucking awful.

You shit in the face of project maintainers when you do this.

You may not care, in fact many don’t. Also people buy timeshares, read celebrity gossip magazines, and vote for scumbags. They are fucking idiots who don’t know what they are doing. So are people who leave wrong-way merges in shared history.

In fact, wrong-way mergers are worse, because you can’t just ignore them - git blame rubs your face in their shit, so they shit in your face forever.

Just don’t fucking do it, OK? Or I will hit you in the throat with a cricket bat soaked in wasps. As a first warning.

glue_snorter,

The bit about “secret” whatsapp messages is alarming.

when Steve Jobs built the first Apple computers in his garage

Just erase Wozniak from history huh

glue_snorter,

Shame I had to scroll this far to find PRQL

glue_snorter,

the translation step from binary (program) -> text (SQL) -> binary (server)

Your concern about this is misguided. Inter-process communication always has to cross a barrier, by definition.

I take it http also feels wrong to you?

Binary protocols do exist, e.g. gRPC, but they incur costs of their own.

Was Matt Gaetz's power move a smart one? (www.newsweek.com)

Representative Matt Gaetz pulled off one of the biggest power moves in modern U.S. politics when he successfully led the effort to oust Kevin McCarthy as Speaker of the House this week, and experts weighed in with Newsweek about whether (or not) they think it was a good idea....

glue_snorter,

If I were a democrat pol, I’d want to keep Gaetz, and Trump, and all the nut jobs.

They are loved by their base and horrible to work with in the houses, but they are electorally toxic.

Prediction for your next presidential election: Trump will still be on trial on federal charges, he will be the nominee anyway, and he will lose badly. DeSantis will bite chunks out of him. Bullish on popcorn.

Or Trump bites chunks out of whoever they do nominate. The party either gets moderate votes, or Trump votes, or DeSantis votes, but not all three.

glue_snorter,

Maybe not. But that was before he was president for four years - fuck, it’s still crazy to think that happened - and really forced people to acknowledge that yeah, he is a pathological liar who doesn’t give a shit about the country.

A lot of people still suck on the tit. But a lot of others recognise that the hot pain comes from getting burned.

You had all the tea party nutters for years - but none of them became president.

glue_snorter,

Ahhh, thanks! Please excuse my error - I am attempting to perform computation using a kilo of wet squidgy protein and fat.

glue_snorter,

Another Kagi fan here. I pay $10 a month.

I’m a reasonably heavy search user, but have never hit the quota.

It’s wonderful to have relevant results again.

The one thing it doesn’t work for is shopping. From time to time I use Google. I should probably switch that to Bing, as the lesser of two evils.

glue_snorter,

I think you were merely being pedantic, but there are some interesting points in there.

Is it a crime to generate fake “csam”?

Should it be a crime?

How can prosecutors get convictions against a defense of “no, your honour, that video is AI-generated”?

What we have now is still miles off general AI, but it’s going to take years for society to catch up. Interesting times.

glue_snorter,

My friend, you haven’t heard about Oracle.

Microsoft at least gave the world Powershell, to balance out their sins. I can also name other good things they have done. Oracle is pure and deliberate evil.

I believe that the human race will end in one of three ways:

  • asteroid strike
  • disease
  • Oracle
glue_snorter,

It’s not a uniform, it’s a dress code, and it long predates boomers.

glue_snorter,

Edgy shit like this is why anti-woke is a vote winner. It’s repulsive to normal people.

glue_snorter,

They are. If Trump stands, it’ll be a big victory for Biden, because Trump has made himself unelectable for swing voters.

Over here, the tories are heading for a wipeout. They’ve been telling us their shit smelled like roses, and it worked, up until it didn’t.

glue_snorter,

Fucking hell, way to perpetuate a society where women are valued only for their fuckability.

glue_snorter,

Substitute “member of an out-group” for the bonus point

glue_snorter,

Actually no, I’ve met some people who present themselves like slobs but are excellent human beings.

glue_snorter,

Peace On Earth is a book by Stanislaw Lem, the author of Solaris.

It is my all-time favourite sci-fi novel.

The premise is that mankind builds autonomous war robots and sends them to the moon to fight proxy wars instead of real wars on earth. But the robots evolve. For reasons unknown, contact with the moon is lost, so humanity sends a astronaut up to see what’s going on.

glue_snorter,

I’m getting started with i3, so I get your point now.

glue_snorter,

Implementation of VPN’d torrent client

This is how I torrent over Mullvad. I have no hesitation to recommend Mullvad - but I am not a crypto or security expert.

The main image fails closed - if the VPN goes down, transmission disconnects.

This setup also includes a SOCKS server that proxies your traffic over the same VPN. I use a separate browser (librewolf) and set the SOCKS proxy to :2020 including sending DNS over SOCKS. That’s because my country blocks piracy-related sites at the DNS level. If you don’t need this, you can delete the socks section of the docker-compose file.

On my ubuntu laptop, I install transmission-remote-gtk in order to click on a magnet link and have it added. Otherwise you have to browse to the container’s web interface, which gets tiresome.

I have this installed as a systemd service so it runs on boot. I use the systemd state and credential features as a safeguard against my own mistakes with permissions, but my long-term goal is to encrypt these files on disk. Linux can be pwned - I have read that around 35% of botnet nodes are linux (although these are presumably mostly weak IoT devices). The secondary benefit of the LoadCredential/CREDENTIALS_DIRECTORY mechanism is that it doesn’t expose secrets as environment variables.

The p2p.service file needs to be in that path, but you can put the other files wherever you want.

Known issues / todo list

  • The socks proxy sometimes falls over, I haven’t looked into why
  • The downloaded files will be owned by root, since that’s what the container runs as

File contents

/root/.secrets/mullvad:


<span style="color:#323232;">123456789
</span><span style="color:#323232;">""
</span>

For mullvad, there is no password, only an account number. I believe that the empty quotes are necessary. This file should be owned by root and chmod 600; containing dir should be 700. Replace the account number with your own account, obvs!

/etc/systemd/system/p2p.service:


<span style="color:#323232;">[Unit]
</span><span style="color:#323232;">Description=p2p
</span><span style="color:#323232;">Requires=docker.service multi-user.target
</span><span style="color:#323232;">After=docker.service network-online.target dhcpd.service
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Service]
</span><span style="color:#323232;">Restart=always
</span><span style="color:#323232;">RemainAfterExit=yes
</span><span style="color:#323232;">WorkingDirectory=/usr/local/bin/p2p
</span><span style="color:#323232;">ExecStart=docker compose up --remove-orphans
</span><span style="color:#323232;">ExecStop=docker compose down
</span><span style="color:#323232;">LoadCredential=mullvad:/root/.secrets/mullvad
</span><span style="color:#323232;">DynamicUser=yes
</span><span style="color:#323232;">SupplementaryGroups=docker
</span><span style="color:#323232;">StateDirectory=p2p
</span><span style="color:#323232;">StateDirectoryMode=700
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Install]
</span><span style="color:#323232;">WantedBy=multi-user.target
</span>

/usr/local/bin/p2p/docker-compose.yml:


<span style="color:#323232;">---
</span><span style="color:#63a35c;">version</span><span style="color:#323232;">: </span><span style="color:#183691;">"3.7"
</span><span style="color:#323232;">
</span><span style="color:#63a35c;">services</span><span style="color:#323232;">:
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">p2p</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">restart</span><span style="color:#323232;">: </span><span style="color:#183691;">always
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">container_name</span><span style="color:#323232;">: </span><span style="color:#183691;">p2p
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">image</span><span style="color:#323232;">: </span><span style="color:#183691;">haugene/transmission-openvpn   </span><span style="font-style:italic;color:#969896;"># see also: https://www.nickkjolsing.com/posts/dockermullvadvpn/
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">cap_add</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">NET_ADMIN
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">sysctls</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">"net.ipv6.conf.all.disable_ipv6=0"  </span><span style="font-style:italic;color:#969896;"># ipv6 must be enabled for Mullvad to work
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">volumes</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">${STATE_DIRECTORY:-./config/}:/config   </span><span style="font-style:italic;color:#969896;"># dir managed by systemd - but defaults to ./config if running interactively
</span><span style="color:#323232;">      - </span><span style="color:#183691;">${CREDENTIALS_DIRECTORY:-.}/mullvad:/config/openvpn-credentials.txt:ro  </span><span style="font-style:italic;color:#969896;"># var populated by LoadCredential - but defaults to ./mullvad if running interactively
</span><span style="color:#323232;">      - </span><span style="color:#183691;">transmission:/data
</span><span style="color:#323232;">      - </span><span style="color:#183691;">transmission_incomplete:/data/incomplete
</span><span style="color:#323232;">      - </span><span style="color:#183691;">/my/directory/Downloads:/data/completed
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">environment</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">OPENVPN_PROVIDER=MULLVAD
</span><span style="color:#323232;">      - </span><span style="color:#183691;">OPENVPN_CONFIG=se_all  </span><span style="font-style:italic;color:#969896;"># sweden
</span><span style="color:#323232;">      - </span><span style="color:#183691;">LOCAL_NETWORK=192.168.1.0/24    </span><span style="font-style:italic;color:#969896;"># put your own LAN network here - in most cases it should end in .0/24
</span><span style="color:#323232;">      - </span><span style="color:#183691;">TRANSMISSION_WEB_UI=flood-for-transmission  </span><span style="font-style:italic;color:#969896;"># optional
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">ports</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">9091:9091
</span><span style="color:#323232;">      - </span><span style="color:#183691;">80:9091
</span><span style="color:#323232;">      - </span><span style="color:#183691;">2020:2020
</span><span style="color:#323232;">
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">socks</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">restart</span><span style="color:#323232;">: </span><span style="color:#183691;">always
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">container_name</span><span style="color:#323232;">: </span><span style="color:#183691;">socks
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">image</span><span style="color:#323232;">: </span><span style="color:#183691;">lthn/dante
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">network_mode</span><span style="color:#323232;">: </span><span style="color:#183691;">"service:p2p"
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">volumes</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">./sockd.conf:/etc/sockd.conf
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">depends_on</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">p2p
</span><span style="color:#323232;">
</span><span style="color:#63a35c;">volumes</span><span style="color:#323232;">:
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">transmission</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">external</span><span style="color:#323232;">: </span><span style="color:#0086b3;">false
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">transmission_completed</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">external</span><span style="color:#323232;">: </span><span style="color:#0086b3;">false
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">transmission_incomplete</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">external</span><span style="color:#323232;">: </span><span style="color:#0086b3;">false
</span>

/usr/local/bin/p2p/sockd.conf:


<span style="color:#323232;">logoutput: stderr
</span><span style="color:#323232;"># debug: 2
</span><span style="color:#323232;">internal: 0.0.0.0 port = 2020
</span><span style="color:#323232;">external: tun0
</span><span style="color:#323232;">external.rotation: route
</span><span style="color:#323232;">
</span><span style="color:#323232;">clientmethod: none
</span><span style="color:#323232;">socksmethod: username none
</span><span style="color:#323232;">
</span><span style="color:#323232;">user.privileged: root
</span><span style="color:#323232;">user.notprivileged: nobody
</span><span style="color:#323232;">user.unprivileged: sockd
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Allow everyone to connect to this server.
</span><span style="color:#323232;">client pass {
</span><span style="color:#323232;">    from: 0.0.0.0/0 to: 0.0.0.0/0
</span><span style="color:#323232;">    log: connect error  # disconnect
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Allow all operations for connected clients on this server.
</span><span style="color:#323232;">socks pass {
</span><span style="color:#323232;">    from: 0.0.0.0/0 to: 0.0.0.0/0
</span><span style="color:#323232;">    command: bind connect udpassociate
</span><span style="color:#323232;">    log: error  # connect disconnect iooperation
</span><span style="color:#323232;">    #socksmethod: username
</span><span style="color:#323232;">}
</span><span style="color:#323232;"># Allow all inbound packets.
</span><span style="color:#323232;">socks pass {
</span><span style="color:#323232;">    from: 0.0.0.0/0 to: 0.0.0.0/0
</span><span style="color:#323232;">    command: bindreply udpreply
</span><span style="color:#323232;">    log: error  # connect disconnect iooperation
</span><span style="color:#323232;">}
</span>

Steps

  1. Install docker and docker-compose, e.g. with sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  2. Create the files with contents as above
  3. sudo systemctl enable p2p
  4. sudo systemctl start p2p
  5. Check what it’s doing: systemctl status p2p
  6. On first start, it will take a few minutes to pull the images
  7. To debug interactively while also passing the creds, use sudo systemd-run -P --wait -p LoadCredential=mullvad:/root/.secrets/mullvad docker compose up --remove-orphans
  8. Every so often, cd into /usr/local/bin/p2p and run docker compose pull to update the images.
  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •