1. 1

    One thing I’d like seeing is an Among Us player discovery something (channel, subreddit, app, website…).

    I am fortunate enough to have multiple >10 friends groups to play the game with, but not everyone’s that lucky, there may be small groups of 3-4 or even lonely players that don’t get to enjoy the game at its best.

    I may not have the time to code that, but if someone does this reach me out for hosting.

    1. 6

      Very interesting, I think it deserves more attention. The title might not be the catchiest though. Very very interesting. Well written too.

      1. 3

        Maybe a title like “Publishing expired DKIM private keys would increase user security”

        1. 2

          I’d considered that, but I don’t want to steal the limelight from Ryan who already wrote a post that makes that point.

      1. 1

        Hetzner has the best web UI of all cloud/IaaS/etc. providers I’ve used.

        I wish they had more locations though, they would save me some DigitalOcean and AWS €.

        1. 11

          You know Catalan (language from the Catalonia region in Spain) in its own language is written “Català”, right?

          Reading this with sentences like “The Catala language is special because…” or “The Catala language should…” for catalan speakers is the equivalent of replacing “Catala” with “English”.

          Also, the fact that it derivates from French, which is a latin language very close to catalan, makes it even weirder.

          1. 7

            It’s as if a Catalan university released a programming language called “Français”, named after some guy named “Pere Français”. Quite absurd.

          1. 3

            Good advice; last time this advice came up on Lobste.rs, my approach got voted down, but it’s realistic and honest: if I’m going to paste anything from an untrusted source near a command interpreter, I hit alt-v (or esc-v) to invoke a text editor (edit-command-line widget in zsh, bound in my shell) and then "+p to paste from the clipboard/selection into the text editor, where I can look at it, make sure I haven’t mis-selected text, that nothing else was happening; adjust as appropriate, and then save, which drops the edited line back in the shell line-editor, waiting for me to hit return.

            It’s a tiny bit of obscure setup but having it a single keystroke away and the convenience of the other things I can do mean that it pays dividends, even if I’ve only … twice? seen something truly hinky in the results.

            zle -N edit-command-line
            bindkey '^[v' edit-command-line
            bindkey '^[OP' edit-command-line
            

            Bracketed paste mode in Zsh is not perfect but is a nice guard, and enabled by default these days, so if I do slip up and forget to hit esc-v first, there’s still some limited protection: belt and braces together.

            1. 2

              If anyone runs macOS I do something similar with macOS’ Spotlight.

              Spotlight is one Cmd+Space away, paste command there, edit, select all, copy, paste on terminal.

              Simple and comes installed out of the box.

              1. 2

                I suspect an even safer is to look at the bytes in the clipboard with something like: xsel -ob | od -c. That way, nothing pasted can accidentally become an escape character for something else, and you can easily see any non-printing or control characters.

              1. 5

                I really wanted to do install this but then running a Clickhouse DB + Postgres server dependencies didn’t make sense for my small static blog. I also explored Fathom which is a decent alternative but they do tracking via cookies for the free version but not for the paid version. Such kind of OSS projects just lose my interest, TBH. (Nothing bad, but I won’t personally like)

                I eventually found shynet which I’ve been running since a month and pretty happy with it. Does it’s job and just bare minimum tracking.

                1. 2

                  I was considering Fathom and Matomo for my sites’ analytics as of late, today I found Plausible through this post, and now I found shynet thanks to you, and I find myself agreeing with your points, so I’ll probably try shynet first.

                  There’s one thing about Fathom/Plausible/shynet that I find interesting, and that is that all 3 designs are very similar, all three show similarly-distributed dashboards, with the same metrics, etc. I’ve never used Google Analytics but, is this because GA pioneered that design and all these “alternatives” followed it?

                  1. 1

                    Creator of Shynet here! The monitoring tools you mention do all have similar aesthetics—speaking for Shynet, it was mostly inspired by Fathom (although I designed its CSS library myself, so there are still some key differences).

                    Happy to answer any questions you might have about Shynet, either here or on GitHub.

                    Note that unlike Plausible and Fathom, Shynet is not a SaaS—there is no way to use Shynet except to self host it. So the self-hosted experience is the full experience, not a half-baked FOSS version!

                    1. 1

                      That’s one of the main criticisms I had towards Fathom and their v1/v2 bs, but seems like Plausible is giving you the choice without taking out any features.

                1. 4

                  What about adding a “self” tag? Enforce one self’s content to be tagged if submitted, else ban/remove/etc.

                  1. 9

                    There is a “self” option in the submission page. Maybe the solution would be to display that somewhere in the ui so that it’s more obvious. As to enforcement, I think @pushcx has been really good at enforcing blatant and obvious self-promotion, and I think he catches on quickly to members of the community who are here solely for self promotion

                    1. 14

                      It’s already very obvious: “authored” vs “via”

                      1. 5

                        interesting and extremely non-visible. Some sort of UX fail. It should appear like a flag, then it’d have great visibility and allow filtering, to top it off.

                        1. 11

                          I thought it was quite obvious, especially with the colors (blue for author, green for fresh account, and black otherwise).

                          1. 4

                            I have to be honest, I didn’t even know what the colors were for (thought it was green for admins for some reason, I guess Reddit influence) before reading your comment.

                            1. 1

                              I totally missed it until it’s been pointed out.

                              1. 1

                                I had no idea that the colors meant anything. Is there a doc somewhere that explains all of these “obvious” UI indicators?

                                1. 1

                                  You kind of grok it from context.

                                  A green username’s profile will say “new user” or similar.

                                  A blue username is subtly echoed in the “Authored by” text at the top of a comment page.

                                  But yes, maybe this should be explicitly mentioned in the About page.

                            2. 1

                              I’m not sure it’s that obvious. I’ve been on lobsters for a while now and this is the first time I’m aware that there is a difference between “authored” and “via” and there is a distinct meaning to each of those.

                          2. 2

                            Maybe a good compromise.

                            1. 1

                              Does it even cause any visible difference?

                              I don’t think it does, or rather, I’ve never noticed it if so.

                              It would be a start to make this visible. Something to consider before taking the next step suggested by the OP.

                              1. 5

                                9 of the 25 entries in /newest are “authored by” as opposed to “via”.

                                It’s definitely something I note when looking at a submission.

                                1. 3

                                  You can filter out tags, if you don’t want “authored by” posts, filter it out.

                                  I don’t use filters myself, and I wouldn’t use this one as I think some of the coolest posts are authored by this community itself, but it gives OP and others the choice to stop getting that.

                                  1. 4

                                    I don’t think it’s possible to filter on the state “authored by/via”.

                                    I’m tentatively positive to supporting new functionality to do so, but it would have to be created as a pull request as it’s a new feature.

                                    1. 1

                                      That’s why I suggested a tag, even if it uses the “I authored this post” checkbox data.

                                      1. 1

                                        Ah ok, I missed that context!

                                    2. 3

                                      IMO filtering by “self” would be an anti-feature. Stories should be judged on their own merit, not by who submitted it.

                                      1. 1

                                        Fair enough, the thing is, flags are opt-in. It’s your choice to filter out self-posting.

                                        Edit: I actually agree, in fact, I’ve posted my own content here many times in the past, and I wouldn’t filter a “self” tag, just thinking of an easy solution for OPs problem, which I also understand.

                                1. 4

                                  What’s your plan to prevent people from creating sockpuppet account to keep posting their own content?

                                  1. 5

                                    I don’t think I need a plan, as there are already rules against sockpuppets, right?

                                    1. 3

                                      It’s worth noting that I don’t go looking for sockpuppets except based on user reports. Most of the time they point out (or I notice) that an account is posting vacuous compliments to an article posted by their inviter/invitee, or that low-quality self-submissions regularly show up on the homepage from someone who invited a half-dozen accounts in a day. It’s an infrequent problem that’s not so overwhelmingly compelling that I think it’s worth searching for effectively by site changes like indefinitely retaining logs, recording an IP/browser fingerprint with all user actions, or otherwise adopting other off-putting techniques and tools common in web advertising.

                                      1. 1

                                        Correct, also, it’s easy to link that, as Lobste.rs write-access is invite-only, and recorded.

                                        It’s trivial to see whether the sites an account is posting are the same as it’s “parent”.

                                    1. 16

                                      A blanket ban seems like a bad idea since there are certainly some people who post good stuff that is relevant, for example @ltratt’s latest submission.

                                      Drawing the line is really hard. Some accounts are just using the site to promote every little thing they write, regardless of how trivial it is, or they are submitting what are clearly unthought out code ideas with no real implementation behind them, possibly looking for feedback. I really don’t care for these submissions and I think they de-value the site.

                                      I really want to discourage the latter and I really want to see more of the former. I’m content with the system of raising concerns on IRC or to the mods and having a judgement call made that way rather than banning it. Maybe we can stress something on the submission page.

                                      1. 4

                                        I agree with your point more than others’. The issue IMO is not self-posting, it’s low-effort posting.

                                        Stuff like “OpenSSL 1.1.1x released” is worthless, I’m on the mailing list for that. Same goes if your own blog post if it was written in 30 minutes.

                                        On the other hand, I found @gthm’s latest post about backups to be great, and it sparked a very interesting discussion in comments. The post was submitted by @gthm him/herself.

                                        1. 3

                                          Stuff like “OpenSSL 1.1.1x released” is worthless, I’m on the mailing list for that. Same goes if your own blog post if it was written in 30 minutes.

                                          Yes, exactly. Low-effort blog posts are actually the thing I’m talking about and want to curtail, and my experience is that they’re pretty highly correlated to self-posts.

                                          1. 6

                                            A blanket ban on posting your own articles would be throwing out the baby with the bathwater, IMO. Besides, I don’t have the impression that people who post low-effort blog posts are especially concerned with following community rules/etiquette, so they’d probably get posted anyway.

                                            I think a discussion on how we can curtail low-effort self-promotion would be useful, but I’m not sure if anything further can be done about this outside of some drastic limitations which would limit the normal usage of the site too. I think this is one of those “it sucks, but it’s the best we’ve got” kind of things.

                                            1. 4

                                              and my experience is that they’re pretty highly correlated to self-posts.

                                              Do you have any sort of numbers, or is that merely a feeling? If it’s a feeling: mine is that it only correlates to self posts of a few notorious offenders (who get flagged or banned after a while anyway), most others are quite selective of what they share, and most likely it’s content that is not low-effort, even if it doesn’t interest me personally. A blog post every few weeks is certainly fine by me, and I’d consider it harmful to give those people the feeling they shouldn’t share what they do or think about. Don’t let a few bad apples spoil it for the rest of us. After all, there are other safe-guards in place (up-votes, flagging posts, etc…).

                                        1. 3

                                          Wow! And my homelab for the last 9 years has been an old beat up Lenovo laptop with the cheapest external usb-hard drive available..

                                          1. 2

                                            Old laptops are the best, they even have a built in battery backup that’s already tightly integrated with the OS!

                                            1. 1

                                              3 months ago I had a similar setup to yours, a ThinkPad X201 with a nice SSD and a USB3 HDD over a USB2 port.

                                              Yesterday I had one of the things I learnt with that laptop solve a 2-week partial outage at $WORK.

                                              Never underestimate what one can learn from hobbying. Keep it up!

                                            1. 4

                                              What’s your storage like?

                                              I believe we’re pursuing the same goal, I’ve been building cloud-like infrastructure at home for the last ~3 months and our setups are kind of similar.

                                              I run MetalLB on top of Kubernetes, Kubernetes on top of Proxmox VMs, and Proxmox on top on 3 NUCs. Storage is provided by a Ceph cluster that runs on those 3 NUCs and seamlessly connects to Proxmox and Kubernetes.

                                              It’ll be nice hearing how you run yours and sharing our findings.

                                              1. 2

                                                May I ask why you run Kubernetes on top of Proxmox instead of bare metal? Just curious

                                                1. 2

                                                  Great question! The answer of which is: flexibility.

                                                  Try running Wireguard on Kubernetes. Yeah, you can, but it’s an antipattern. Or if and when I want to get into Microsoft envs.

                                                  Some stuff can’t run on Kubernetes, and so I didn’t want to give up that flexibility. The overhead is minimal, Proxmox VE is just KVM with a clustering engine and a web interface.

                                                  1. 1

                                                    Thanks!

                                                2. 1

                                                  I’ve been looking into doing something similar to what you are describing here and I’m curious on the storage side as well. How much storage are you able to squeeze into the NUCs doing this?

                                                  1. 2

                                                    Right now you can probably store up to 4-5TiB of M.2+SATA into a single NUC without breaking the bank. Times 3 if you run 3 nodes. A 3-node Ceph cluster’s replication/erasure will reduce that by ~20-40%, depending on your params.

                                                    Right now, my 3 NUCs provide a Ceph cluster with 1TiB SATA SSD each, for a raw total of 3TiB. Usable storage must be around ~1.8TiB based on my configuration. I don’t need much more to be honest, and I can always add more nodes if it gets tight.

                                                    My setup goes against many of Ceph’s best practices, but I’m lacking the hardware to run a perfect cluster. My replication levels are lower than should be, my network is 1GbE, etc.

                                                    That said, I’m very happy with it. Haven’t had any trouble for months, it’s fast enough, provides some sort of high avail., and its interfaces connect natively to Proxmox VE and Kubernetes, among others.

                                                    If you want extra resources, Mastering Ceph is great, binged through it when setting up the cluster.

                                                    1. 1

                                                      Mind if I ask what you paid for that hardware in total? 3 NUCs would that be around $600? Plus another few hundred for storage? Or are you sourcing used gear at substantially cheaper than that?

                                                      1. 2

                                                        More like ~1400€ as I maxed out ram, and SSDs are Samsung EVOs. I use those nodes not only for storage but also virtualization.

                                                        :$

                                                        1. 1

                                                          Ah cool! Which hypervisor are you using? ~1.5 grand doesn’t feel unreasonable for a home lab with 3 physical nodes and a generous helping of storage and RAM.

                                                          1. 2

                                                            Proxmox VE cluster atop the 3 NUCs, 96GB RAM total, right now at ~50% saturation.

                                                            1. 1

                                                              I’m looking at options at the moment. If you were setting the lab up again today would you still use Proxmox VE? Good experience overall?

                                                              1. 1

                                                                If I had enough time, I would’ve loved to use OpenStack (haven’t used it yet, but is a skill I want to acquire) but it was blocking me for too long. Otherwise, I would use Proxmox VE again.

                                                                Its design is simple enough that I can run it atop a bunch of Debian servers while running other stuff (such as Ceph).

                                                                1. 1

                                                                  Otherwise, I would use Proxmox VE again

                                                                  Thanks for the rec!

                                                                  run it atop a bunch of Debian servers

                                                                  Am I reading wrong or are you saying Proxmox runs inside debian? I got the impression from the website it was its own distro.

                                                                  1. 1

                                                                    The distro they distribute is just Proxmox VE installed atop a pre-configured Debian.

                                                                    You can actually have Debian installed first, then install Proxmox on top of it: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster

                                                1. 6

                                                  This is a really neat write-up!

                                                  I’ll admit I’ve been rather avoiding Kubernetes and am just barely beginning to get cozy with things like docker-compose and the like, and this article is making me think I should reconsider that choice!

                                                  1. 6

                                                    I recommend looking into hashicorp’s nomad

                                                    1. 1

                                                      I adore Hashicorp software, but it would depend upon the goal of working with k8s, wouldn’t it?

                                                      If the goal is to deploy a technology as a learning experience because it’s becoming an industry standard, as awesome as I’m sure nomad is, it’s not going to fit the bill I’d think.

                                                      I’m still blown away all these years later by Terraform and Consul :) Those tools are just amazing. True infrastructure idempotence, the goal that so many systems have just given up on entirely.

                                                      1. 4

                                                        To be clear: if your goal is to learn k8s–which is fine; it’s a very marketable skill right now, and I’m 100% empathetic with wanting to learn it for that reason–then I think it makes sense. But for personal use, Nomad’s dramatically simpler architecture and clean integration with other HashiCorp projects is really hard to beat. I honestly even use it as a single-node instance on most of my boxes simply because it gives me a cross-platform cron/service worker that works identically on macOS, Windows, and Linux, so I don’t need to keep track of systemd v. launchd v. Services Manager.

                                                    2. 4

                                                      Don’t, just don’t… I am trying to avoid k8s in in homelab to reduce the overhead. Since I don’t have a cluster or any feature in k8s that’s missing in a simple docker (-compose) setup

                                                      1. 5

                                                        It depends on what you call your “lab”. A couple of years ago I realized that there’s only one way I master things: practice. If I don’t run something, I forget 90% about it in 6 months.

                                                        My take on the homelab is to use as much overhead as possible. I run a bunch of static sites, an S3-like server, dynamic DNS and not much else, yet I use more stuff/overhead to run it than obviously necessary.

                                                        The thing is, I’ve reached a point where more often than not, I’m using the knowledge from the lab at $WORK, even recycling some stuff such as Ansible roles or Kubernetes manifests.

                                                        1. 6

                                                          I believe this to be the differentiation between a homelab and “selfhosted services”. The purpose of a homelab is to learn how to do things. The purpose of selfhosted services is to host useful services outside of learning time. That is not to say that the two cannot intersect, but a homelab, in my opinion, is primarily for learning and breaking things when it doesn’t affect anything.

                                                          1. 2

                                                            Yup I think this is the key.

                                                            I’m already using docker-compose for my actual self hosted services because it’s simple and easy for me to reason about, back up the configuration of, etc etc.

                                                          2. 3

                                                            Agreed, it certainly comes with a rather large overhead. I use Kubernetes at work and rather enjoy it. So, it’s great having a lab environment to try things out in and learn, so that’s why I bother hosting my own cluster.

                                                          3. 3

                                                            I started with docker-compose as I began to learn containerized tech, but transitioned to Kubernetes because the company wanted to use it for prod infrastructure. I actually found that K8s is more consistent and easier to reason about. There are a lot of concepts to learn, but they hang together.

                                                            Except PersistentVolumeClaims.

                                                            1. 2

                                                              Thank you for reading. I’m glad you enjoyed it :)

                                                              I’ll say, picking up Kubernetes at home is a good choice if it’s something you want to learn. It’s really useful to have a lab environment to try things out and build your knowledge with projects.

                                                                1. 1

                                                                  It amuses me to see Emacs people going very far not to use any other tools but Emacs itself. Not that I don’t respect it, as someone who really tried to use Emacs for months, nothing but respect for those with the patience.

                                                                  Regarding Gantt charts, I love OmniPlan. Perhaps it’s on the expensive side, and unfortunately you’re limited to macOS, but I’ve found it’s the only decent Gantt chart tool for Mac.

                                                                  They just rolled out version 4, which hints a move towards subscription-based pseudo-ownership, but they kept the traditional buy-once model available, so there’s that.

                                                                  1. 1

                                                                    Speaking as an emacs user, its not so much that I will do anything to stay in emacs, but more the fact that emacs provides me an environment to integrate all these tools cohesively.

                                                                  1. 8

                                                                    I put those (reportedly useless) quotes in there for 1 reason myself: consistency. If I happen to need to quote one of the values because it contains a space, why aren’t all other values of the same nature quoted too?

                                                                    If all computer languages I know of use quotes to delimit the beginning and ending of string values, why should the space implicitly mark the ending of a string?

                                                                    Somewhat related: I use “useless” quotes in YAML too, for the same reason, why should the newline character mark the ending of a string when we’ve had quotes for decades?

                                                                    1. 0

                                                                      Right. Why should the newline character mark the ending of a statement when we’ve had parentheses for more than half a century?

                                                                    1. 1

                                                                      Seems like the two networks are connected with a VPN which tends to be not quite as reliable. But hey at least you don’t have to expose your VMs to the public internet

                                                                      1. 1

                                                                        Tailscale is a whole different beast of a VPN, I run a couple low-latency things accross the globe with it and it hasn’t turned on me once yet.

                                                                        1. 1

                                                                          What do you personally use it for?

                                                                          1. 1

                                                                            The “latency-sensitive” stuff I run, among other things, is:

                                                                            • Consul, not really latency-bound but with many nodes comes many traffic
                                                                            • Prometheus monitoring through Tailscale, this one’s probably the heaviest, metrics are scraped off of 50+ exporters from inside Tailscale every 10 seconds (lower scrape_interval in Prometheus exponentially increases exporter overhead in my experience, so that’s the lowest I can afford)

                                                                            Both things reach nodes in all continents without a hiccup.

                                                                      1. 3

                                                                        Isn’t this very very similar to what Tailscale does? Just at a lower scale?

                                                                        1. 3

                                                                          I’d say that Tailscale does way more than NAT traversal. It is a great service.

                                                                          The problem is, that tailscale is not open source. To achieve a similar service you have to build it on your own…

                                                                          1. 2

                                                                            At least parts of it are open source: https://github.com/tailscale

                                                                        1. 3

                                                                          I love prometheus but I wish there was a community resource to share rules and up-to-date dashboards. Grafana’s dashboard site could be a lot better.

                                                                          1. 4

                                                                            Rules, especially rules.

                                                                            Dashboarding is more of a “creative” task, but exporters’ could do a better job at offering its’ users safe parameters (or how to calculate them) for rules for each and every metric they export.

                                                                            1. 1

                                                                              I have failed a number of times to get realistic and useful throughput numbers. I understand the pain.

                                                                          1. 9

                                                                            Wow, that issue reporter is a dick. Responsible disclosure is a thing.

                                                                              1. 6

                                                                                I believe it gets the point across researchers’ that either you disclose serious vulnerabilities carefully or you don’t get the recognition from disclosing them.

                                                                                Granted, I still find it a little childish and might cause researchers who don’t care about responsible disclosure to leave memcached unpatched (I’m split on whether I’d rather have vulns disclosed irresponsibly or never disclosed at all), but I guess normando was on the heat of the incident and trying to get this fixed ASAP.

                                                                                1. 2

                                                                                  I’m totally OK with that minor slap back to be totally honest.

                                                                                2. 4

                                                                                  As someone who’s been in the information security industry for decades, I’m always amazed by two things:

                                                                                  1. Some people know about responsible disclosure but don’t practice it.
                                                                                  2. Some vendors demand responsible disclosure, never respond or fix the problem, and then get upset when the vuln is publicly disclosed 30-90 days later (I’ve been threatened with lawsuits before for that sort of thing).

                                                                                  I can forgive people who don’t know about responsible disclosure, but I’m still surprised by the people who doubt its merits.

                                                                                  1. 2

                                                                                    Completely agree.

                                                                                  2. 2

                                                                                    Unpopular opinion puffin meme: Full disclosure is the only form of “responsible” disclosure: https://git-01.md.hardenedbsd.org/shawn.webb/articles/src/branch/master/infosec/Vulnerabilities/2019-01-08_Disclosure/article.md

                                                                                    1. 2

                                                                                      Thank you for sharing this, I think it does make a strong argument for ‘full disclosure’ that I had never considered.

                                                                                    2. 1

                                                                                      Honestly I don’t find that helpful.

                                                                                      I personally think that responsible disclosure is preferrable to immediate disclosure. But looking at the bigger picture:Aany disclosure is better than no disclosure, yet people doing no disclosure never get that amount of criticism that people not following the procedures some people like get.