Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)M

moonpiedumplings

@ moonpiedumplings @programming.dev

Posts
28
Comments
537
Joined
3 yr. ago

  • Ubuntu 26.04 LTS Officially Supporting Cloud-Based Authentication With Authd

    Jump

  • My one fear with this is offline authentication. I enjoy oauth/oidc a lot, but it doesn't have mechanisms for machines to continue to be able to authenticate while offline, like the way ldap/kerberos can do.

    Is this just for machines that will always be online? I can understand that usecase but :/

    EDIT: Okay, one comment, mentions himmelblau an alternative to authd, which seems to be more mature. Himmelblau has docs about offline usage. It looks like it has an emergency config that can use a cached password from the oidc provider,

    Single-factor authentication (SFA-only) users and Hello-PIN users already have offline sign-in capability

    Hmmm. Okay. Upon doing further reseach, it looks like offline authentication is exclusive to Microsoft Entra ID. :/

  • Note taking app that I can link between my laptop and phone ?

    Jump

  • Syncthing has encryption as well. You can have a device be "untrusted" so you put in an encryption password, and data sent to and stored on that device will be encrypted.

    Although this does encrypt file (and directory) names, the caveats about folder structure and modification time still apply.

  • Is legal the same as legitimate: AI reimplementation and the erosion of copyleft

    Jump

  • He fed only the API and the test suite to Claude and asked it to reimplement the library from scratch.

    What was the test suite licenced under? If it was in the same repo, then it was probably LGPL code as well.

    If the MIT rewrite uses the LGPL licensed test cases, including them in the repo, then it probably must be LGPL as well.

  • GitHub - sergi0g/cup: 🥤Docker container updates made easy

    Jump

  • I use fluxcd with helmrelease's which auto update the helm release. If the helm chart versions specify container versions, then updating the helm chart updates the containers in the deployments.

    But for raw deployments, I found this, but not much else.

  • Chance rule

    Jump

  • Keycloak or alternative?

    Jump

  • In addition to adding more worker instances, you can also increase the amount of threads each worker instance uses to vertically scale. It's about equivalent to adding a worker instance.

  • Keycloak or alternative?

    Jump

  • Authentik is definitely the best of all I've tried. It has the most features, supporting both ldap and oauth, and also has an official helm chart.

  • What sense is licensing operating system on BSD license?

    Jump

  • Openbsd is definitely more secure than secureblue. There is only so much you can do to handle the massive monolithic architecture of the Linux kernel. Further down the stack, many parts of Linux, like sudo, dbus, or systemd are regularly hit by zero days. The SELinux domain architecture that Secureblue is interesting, but SELinux is extremely complex and difficult to get right, compared to the much more simpler pledge and unveil sandboxing that openbsd offers.

    In addition to that, there are further issues like the problematic way that user namespaces interact with browsers. (And user namespaces are frustrating in general, secureblue actually has a short article on their problems). For maximum security, you want to sandbox tabs from eachother using user namespaces (only works on chromium btw, firefox can't do this so it doesn't matter) — BUT, if you run your browser in a sanbox created by user namespaces, then you can't nest them, disallowing you from using that powerful tool to isolate tabs. So you are forced to make a choice: You can either sandbox the browser itself, in exchange for weakening the isolation between tabs, or you can strengthen the isolation between tabs, in exchange for weaking the sandbox around the browser itself. Giving the browser access to user namespaces is questionable though, because see above, user namespaces have led to a lot of vulnerabilities.

    OpenBSD's pledge + unveil (but only on chromium again), does not really make such tradeoffs. It can sandbox tabs from eachother, while also sandboxing the browser itself. In addition to that, pledge + unveil do not present a massive kernel attack surface that people have had to restrict for having too many 0days. And this is just one of the many, many examples, where OpenBSD presents a better security posture than Linux.

    Qubes is technically Xen, a different kernel than Linux. The Xen kernel virtualizes Linux distros, from which you can manage Qubes/Xen, or do normal Linux app stuff. But nothing stops you from using a BSD virtualized by Xen for management or usage. Qubes talks about why they use Xen here — but the short version is that they did not consider the Linux kernel's kvm secure enough for their usecase.

  • How to access home network (eg, VPN) without port forwarding?

    Jump

  • Weird server requests

    Jump

  • What port was this sent to, and what webserver are you running (if it was sent to a webserver)?

    This reminds me of the string to strigger the really bad apache vulnerabilities that lead to being able to read from the whole filesystem (path traversal), or get a shell on your system (remote code execution). It's likelu that bots are spray and praying attempts across the internet. As long as you're up to date, you should be good.

  • EA is hiring a Senior Anti-Cheat Engineer to lead development of a native ARM64 driver for their Javelin kernel anti-cheat system and start laying groundwork for Linux/Proton support

    Jump

  • I've had similar experiences with this FPS game called krunker.io

    Krunker.io is a browser based game, and it had a pretty bad cheating problem, and since it was a browser based gamr, the devs could never implement an anticheat that worked for long.

    They implemented a deputization system, where certain respected members of the community would become "krunker police", and then you could call them from a lobby. They would then invisibly spectate, and record and ban cheaters. The system worked really well, actually. Cheaters were banned quickly, and the requirement collection of video evidence held those involved accountable.

    But krunker players had another interesting way of handling cheaters. You see, krunker has really bad netcode, bad enough that you would have to lead hitscan weapons a variable amount depending on how much ping you had. Krunker was also a movement shooter, where you could slidehop and go really, really fasy. The combination meant that you could dodge the shots of cheaters. As I got better, I just stopped calling krunker police, and started beating them. One of my fondest memories was this one lobby full of good players, and when a cheater joined we stomped them below all of us on the ranking, taunting them all the way down. At the end, they tried to sell their cheats and we all laughed. "Why would I buy these cheats? I'm better than them". Eventually they ragequit. Good times.

    But nooooo, nowadays modern game publishers need control over every part of the game. They demand control over the servers, refusing to let anybody host their own communities. They demand absolute control over the community, but refuse to actually moderate it and handle toxicity. And now, they're demanding control over the clients, forcing you to install rootkits on your computers so they can control those too.

  • What sense is licensing operating system on BSD license?

    Jump

  • FreeBSD, OpenBSD and NetBSD are behind Linux.

    Look, I dislike permissive licenses too, but you need a source to back this claim up.

    Right now, each BSD does something special, that Linux (distro's) can't trivially replace, even if the usecase is more niche. NetBSD Dev's make efforts to get it running on many devices as they can. OpenBSD (and it's subprojects) are highly secure, moreso than Linux. Who do you think makes our beloved OpenSSH? OpenSSH noted for having very few vulnerabilities over it's two decade long existence, and OpenBSD itself is similar, which is insane because there are products with multiple bad vulnerabilities every year (Linux being one of them...). This is due to a highly security minded architecture - one that Linux lacks.

    FreeBSD is like Linux before systemd. I like systemd, but systemd is really trying to be kubernetes on a single node. I like systemd because I like kubernetes, but I understand why someone wouldn't like it, and I question if "single node k8s" is the best architecture for a single server or personal desktop. The ports system results in freebsd packaging many server services that aren't packaged on Linux. Being able to manage those through the system package manager, and the conviniences that provides, is nice.

    Different, and not popular don't mean bad.

  • Adding "Log In With Mastodon" to Auth0 - Terence Eden’s Blog

    Jump

  • This reminds me of the way that forgejo lets you feed it an arbitrary openid url, so you can log in with any service you want, including your own server.

    Also, is this compatible with lemmy? The last time I tried fediverse (mastodon) login, it was with owncast, but it didn't work with lemmy.

  • How to Automate QEMU/KVM VM Deployments?

    Jump

  • Have you used ovirt? It's currently being maintained by Oracle after Red Hat gave it up.

    I've been meaning to try it, but the documentation is dense and hard to get through, and I unironically find the openstack install instructions more approachable in some ways...

  • How to Automate QEMU/KVM VM Deployments?

    Jump

  • My recommendation is to use an abstraction layer that runs qemu-kvm under the hood and automate that. Some people have mentioned libvirt, but Incus is another good option.

  • Twitch: "Hey, come back! This commercial break can't play while you're away."

    Jump

  • Owncast is the self hosted stream thing. It has some rudimentary federation capibilities, but nowhere near the ease discovery of twitch.

    I know some streamers that have an owncast, expired_popsicle uses debian Linux and has one. (It's tech/linux streamers because of course).

  • Linux @programming.dev
    moonpiedumplings @programming.dev

    Incus 6.22 has been released

    discuss.linuxcontainers.org /t/incus-6-22-has-been-released/26300

  • It's me again. My Kubernetes devolver has reached the astral plane.

    Jump

  • go run works by compiling the program to a temporary executable and then executing that.

    can you guarantee that runs everywhere

    It seems to depend on glibc versions, if that's what you are asking. You can force it to be more static by using a static musl python or via other tools. Of course, a binary for Linux only runs on Linux and the same for Windows and Mac. But yeah.

    Also it should be noted that go binaries that use C library dependencies are not truly standalone, often depending on glibc in similar ways. Of course, same as pyinstaller, you can use musl to make it more static.

  • It's me again. My Kubernetes devolver has reached the astral plane.

    Jump

  • You can create static binaries that bundle the python interpreter and dependencies.

    It's the onefile option in pyinstaller: https://pyinstaller.org/en/stable/usage.html#cmdoption-F

    You can also do it with C. Or Csharp. Or many other programming languages. It's not a feature unique to Go, it's just that Go can only create static binaries.

  • Programming @programming.dev
    moonpiedumplings @programming.dev

    Uiua — an extremely terse programming langauge

    www.uiua.org

  • Selfhosted, multiplayer, browser based games

    Jump

  • oh I have tested this game somewhat, although I've never actually played it. It is very impressive.

  • Selfhosted @lemmy.world
    moonpiedumplings @programming.dev

    Selfhosted, multiplayer, browser based games

  • Linux @programming.dev
    moonpiedumplings @programming.dev

    Bluetooth streaming from phone randomly stops

  • KDE @lemmy.kde.social
    moonpiedumplings @programming.dev

    Bluetooth streaming from phone randomly stops

  • Selfhosted @lemmy.world
    moonpiedumplings @programming.dev

    GitHub - spacebarchat/spacebarchat: 📬 Spacebar is a free open source selfhostable discord compatible communication platform

    github.com /spacebarchat/spacebarchat
  • Ask Lemmy @lemmy.world
    moonpiedumplings @programming.dev

    What's the minimum number of food items you can survive on exclusively and what are they?

  • Selfhosted @lemmy.world
    moonpiedumplings @programming.dev

    What's the laziest way to create a website that looks really nice and is maintainable?

  • Firefox @lemmy.world
    moonpiedumplings @programming.dev

    Profiles (old) vs Profiles (new) vs Containers

  • Programmer Humor @programming.dev
    moonpiedumplings @programming.dev

    Terraform plugin for the Dominos Pizza provider

    github.com /MNThomson/terraform-provider-dominos/
  • Wikipedia @lemmy.world
    moonpiedumplings @programming.dev

    Core War - Wikipedia

    en.wikipedia.org /wiki/Core_War
  • Nix / NixOS @programming.dev
    moonpiedumplings @programming.dev

    home-manager now has a built in option to wrap packages with NixGL, for non-nixos systems

    home-manager.dev /manual/unstable/index.xhtml
  • Linux @lemmy.world
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • Linux @lemmy.ml
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • Linux @programming.dev
    moonpiedumplings @programming.dev
    Solved but only for mpv

    Is there any way on KDE, I can "click through" a partially transparent window to interact with the window behind it instead?

  • Open Source @lemmy.ml
    moonpiedumplings @programming.dev

    GitHub - element-hq/ess-helm: Element Server Suite Community Edition

    github.com /element-hq/ess-helm/
  • Opensource @programming.dev
    moonpiedumplings @programming.dev

    GitHub - element-hq/ess-helm: Element Server Suite Community Edition

    github.com /element-hq/ess-helm/
  • Asklemmy @lemmy.ml
    moonpiedumplings @programming.dev

    Give me some of your hardest riddles? (with solutions in spoilers)

  • Linux @lemmy.ml
    moonpiedumplings @programming.dev

    There doesn't appear to be a limit to the maximum size the KDE cursor can get when you shake it.

  • Linux @programming.dev
    moonpiedumplings @programming.dev

    There doesn't appear to be a limit to the maximum size the KDE cursor can get when you shake it.