• 0 Posts
  • 42 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle

  • LedgeDrop@lemm.eetoAsklemmy@lemmy.mlPassword Managers
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    2 days ago

    I’d used KeepassXC + Nextcloud to sync for ~4 years.

    Then I switched to Bitwarden client + self-hosted Bitwarden Server/Vaultwarden for ~2 years and I haven’t looked back.

    The problem you’ll face with KeepassXC + any syncing mechanism is that conflicts will happen. Meaning, you’ll make a change on your cellphone, your internet has a hiccup or stops working. Then you make a different change on you desktop. When everything is synced, you’ll be left with a KeePass conflict file that you need to fix. This might be fine if you immediately notice it, but if you stumble upon a conflict file from a month ago - good luck merging the differences.

    Bitwarden client + Vaultwarden has improved my password experience radically. I have phones, laptops, browsers, etc all talking to Vaultwarden. Any conflicts are handled automagically by the clients. Everything “just works” in offline mode (meaning I can add/update credentials while offline and it’ll update the server whenever it can - without needing to do any mental gymnastics).

    I can share passwords with friends and family without needing to share everything. Plus, as my instance is self-hosted, my family can get “emergency access” (would be a “premium feature”) to my passwords if something unfortunate happens to me. Plus, requesting emergency access is pretty easy to do, for non-tech people.

    edit: a word


  • +1 for this.

    Just be transparent and honest with your Team.

    Explain to them how the actual budget is out of your direct control. However, also explain what knobs you and your IC can influence (for example being more visible with your Team/IC’s accomplishments at an organizational level).

    Also many companies have a “flight risk” box, when calculating raises. Explain to your IC’s that you can hit this checkbox (if the IC wants), but it’s pretty much a onetime use button.

    Don’t be afraid to rock the organizational boat. They won’t hold it against you, as you’re just doing your job. Your goal, first and foremost, is to get the most you can out of your Team and money is a good motivator.

    If you need other “cheap” motivators:

    • have the Team take some time off (paid or unpaid) and watch/stream a movie, with the mic on. Encourage people to trash talk the movie. If you’re in I.T. Office Space is a classic.
    • for ~$40 / year, you can get a subscription to Boardgame Arena. Only one person needs a paid account (so they can create games and invite people). It’s all online and they have quiet a selection of games to choose from. King of Tokyo is one of our favorites.
    • Introduce “Fantastic Friday”: this is a bit controversial with upper management, but works great with my Teams in the past. Basically, reserve a Friday (bi-weekly/monthly) where your Team can explore whatever topics they want as long as they’ve already finished their current workload. Usually, that disclaimer isn’t necessary, as people will usually want to get their normal work done. The pitch for upper management (if they ask) is that Fantastic Friday is a tool (ie: a canary in the coalmine) to help the Team create accurate estimates and deliver with more reliability. If they over commit, then that Fantastic Friday can be repurposed as a day to “catch-up” (while the Team can understand/refocus on why they didn’t get a Fantastic Friday and pivot accordingly). Furthermore, Fantastic Friday was often used to explore more “outside the box” ideas that actually boosted the Team/companies productivity, but we would not have normally persuded because it was outside our current task’s scope.

    edit: added more about Fantastic Friday and fix grammar.


  • Whatever they’ve been doing the last decade hasn’t been right.

    That depends on which side of the wealth gap you’re on, right?

    The old guard has to die off or step aside first.

    I don’t think “dieing off” or “stepping aside” is going to be the catalyst for change.

    What will happen is that the old guards will groom the next generation in the playbook’s they’ve been (successfully) using and refining for the last decade. Those groomed players will then be their successors.

    The only way we’ll get the “change and improvement” is if we (as a society) say “this is enough, you’ve gone too far”. However, given the levels of apathy and the recent election outcome, I’d say the American People will need to suffer more, before they’re shaken out of their apathetic stupor.





  • It’s more than needing a reminder: Let’s Encrypt Certs are valid for a maximum of 90 days before they need to be reissued. Doing this 4 times (or more) a year, for years on end will be tedious and error prone.

    Most tools that request and install Let’s Encrypt Certs automatically do this without the need for human interaction (30 days prior to the expiration) . Actually, they work so well you don’t notice the “behind the scenes work” that’s happening.

    The problem is when this renewal process “stop working”. I’d been using Let’s Encrypt for years w/o problems, but eventually the client I was using wasn’t updating and it was using a deprecated Let’s Encrypt API. Ultimately, the cert stopped updating, but I got the email reminder from Let’s Encrypt and I was able to fix it w/o a disruption.

    Now, this was just a server for personal use. So if the SSL cert expired, it would not be the end of the world. Plus, I would have gotten a bunch of SSL errors the next time my client was trying to sync data, and I probably would have dropped everything to fix it. But the email reminder was a convenient feature, which allowed me to fix it whenever I had time.

    That said, if Let’s Encrypt wants to save some money for their free service, I’m certainly not going to complain (although I will miss it).


  • Fantastic! Thank you for sharing this.

    I have it installed, I’m curious how effective it will be.

    Lately, I’ve been reporting AI generated cruft as “spam” to duckduckgo. In fact, it’s not really spam - as there are some nuggets of useful information, but so sparse, I’d rather of skipped the article/website entirely. I hope these kind of Blocklists will evolve to include this kind of quasi-spam.


  • The thing that unites most of the “racist Nazis” is desperation.

    Especially, in the U.S. the erosion of the middle class is forcing families to be either upper or lower class.

    The lower class families are struggling and have been struggling for quite sometime. They experience day to day, the struggles of keeping their jobs, keeping food on the table, not to mention trying to fulfill the dream of having a holiday.

    These people see “illegal” immigrants working in the fields on their way to their minimum wage job. They hear on the news how “more jobs are being created”, yet they’re still stuck in their dead-end job and they’re the lucky ones. Their friend Pete’s been in between jobs for a few years now. Pete can’t get a job 'cause these immigrants work for pennies on the dollar and Pete’s got a family to feed.

    They’re all desperate, they’re cornered. Then they become hateful. They see anyone who is not in the same situation as them is “the enemy”. The people who are stealing a piece of their pie (ie the illegal immigrants) need to be stopped, but they aren’t because corporate greed is funding this.

    Then on the news, you hear about a messiah. He promises change, he understands the injustice you face on a daily basis. “The System” that claims “everything is fine and is only getting better” is fuming about the messiah. Your distrust of the System, combined with their knee-jerk reaction, makes you wonder “hmmm… maybe this is the change I need… any change would be better than the stagnation we’re currently facing”.

    So, they go and vote for a wannabe dictator.

    disclaimer: these are not my opinions, but merely my empathy (I know of these people) . This is also a similar sense of desperation that lead to World War 2.




  • If you do opt for OpenVPN, I believe UDP is generally better for performance. TCP support is mainly there for scenarios where UDP is blocked, or on dodgy connections where TCP’s more proactive handling of dropped packets can reduce the time before a lost packet gets retransmitted.

    It’s great that you brought up TCP vs UDP. And you are totally right about TCP being a bit slower, higher overhead, but it’s there for situations where UDP is blocked.

    I’ve used my VPN at all sorts of hotels, coffeeshops, etc. I’d say 1 in 10 places block UDP (or more likely don’t properly route UDP). If you’re using a SIM card, you won’t have any issues.

    However, it’s worth mentioning that WireGuard is UDP only. There are some hacks/workarounds to have it work over TCP, but then you’re going to need to find WireGuard clients that also supports these hacks (which is possible on computers, but harder on cellphones/tablets).

    If you want something that “just works” under all conditions, then you’re looking at OpenVPN. Bonus, if you want to marginally improve the chance that everything just works, even in the most restrictive places (like hotel wifi), have your VPN used port 443 for TCP and 53 for UDP. These are the most heavily used ports for web and DNS. Meaning you VPN traffic will just “blend in” with normal internet noise (disclaimer: yes, deep packet inspection exists, but rustic hotel wifi’s aren’t going to be using it ;)


  • Lemm.ee: It’s the Switzerland of the fediverse. ;)

    The Operations Team are a stand-up group. Their focus is on delivering stability.

    You’ll basically get access to all content (and all “features”, like up-vote and down-vote - I’m looking at you beehaw).

    What I’ve heard from other people is that they want automagic curated content… so you won’t find that a lemm.ee, but for me - I’m happy to find the content that’s meaningful to me.



  • I’ve got a similar set up and everything works. So, I can confirm that your assumptions are sound.

    My solution is kubernetes based, so I use cert-Manager to issue/create the Let’s Encrypt (using DNS as the verification mechanism), when gets fed into a Traefik Reverse Proxy. Traefik is running on a non-standard port, which I can access from the outside world.

    I’d suggest tearing your current system down and verify everything is configured correctly.

    For example :

    • Take a look at the SSL cert. Is it generated properly?
    • Look at the reverse proxy. Is it using the proper SSL cert and is it properly formatted? (I’ve found curl - -verbose - - insecure https://... to be helpful)
    • Maybe add a static file (ie: robots.txt) to nginx. This would allow you to see if the problem is between the outside world and nginx or between nginx and your service.
    • You can also use the “snake oil” cert, in a pinch. It’s an insecure SSL cert, but it would allow you to confirm that your nginx is properly configured and it would confirm that the issue is with the Lets Encrypt cert (or that process/payload).

    … and not to rob you of this experience, but you might want to look into Cloudflare Tunnels. It allows you to run services within your network, but are exposed/accessible directly from Cloudflare. It’s entirely secure (actually more so than your proposed system) and you don’t need to mess around with SSL.




  • So, to solve the problem of the left not voting them, they are moving further to the right.

    I humbly disagree. This seems to be an overly simplified view.

    The origins of “the far left” (as I understood it) was basically promoting heavy government involvement. For example, breaking up monopolies, many government subsidied programs for it’s people, which in turn needs higher taxes for it people (so the rich get taxed more, the poor get taxed less).

    The origins of “the far right” was the polar opposite. No government involvement. Companies will do “what’s right” in order to compete for profit, less tax on it people, as there are fewer government processes/programs (because people have more personal wealth and can afford the programs that are relevant for them).

    “the center” was in the middle of these two extremes. The understanding is that there needs to be some government involvement to prevent companies from going unchecked, not all people have equal chances in life resulting in some people needing more/less government assistance, ect. Yet, also acknowledging that the Stalin form of socialism fights against the basic human desire to “work to make their lives better” and companies (when left to their own devices) cannot be absolutely trusted to do “what’s right” for society.

    The problem with the DNC and the 2024 election is that the media has perverted what “the far left” aka Democrats and “the far right” aka Republicans (and this has been going on for years).

    Based on your line of “left vs right”, I’d argue that the Republican party is “close to” my definition of “the far right” (fascism aside). Yet, the Democratic Party is actually closer to “the far right” than they are “the far left”. I’d even go so far as to say, that the Democratic Party is far “right of center”.

    So, yeah, I totally support moving the DNC towards the center, because it’ll (finally) make the Democratic Party closer to their “far left” ideals.