![User banner](https://feditown.com/pictrs/image/655a52f5-d6e0-4a97-9819-4d023e0edc61.webp)
According to the linked RFC it's due to the site's user generated content. I guess that's an understandable policy for Wikipedia.
Just a quick fyi for anyone using Intune to distribute firewall rules with the "Endpoint Protection > Windows Firewall" profile for the first time.
Any rules you set won't be visible in the wf.msc
GUI or using PowerShell's Get-NetFirewallRule
.
The only place you can see those rules is the registry under this key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm\FirewallRules
BTW, I did fix the error. Turns out I was in a public network and the rule only applied to domain networks.
Also these fucking rules don't show in the usual GUI, you have to look into the registry.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm\FirewallRules
Reddit post for rule source
![the background blur](https://feditown.com/pictrs/image/30171eba-710c-41ef-ac91-85b0e90528ce.webp?thumbnail=256&format=webp)
![](https://feditown.com/pictrs/image/30171eba-710c-41ef-ac91-85b0e90528ce.webp?thumbnail=1024&format=webp)
I know where Linux, but this was too good not to share. Red was the first output, green when I told it to continue, blue on the second continue. It really didn't want to talk about Microsoft.
Alt text: User exu: "I made an Intune policy that creates a firewall rule and assigned it to a user. Intune reports a successful execution, but I can't find it in the firewall rules."
Bot Judy response 1: "Ugh, typical Microsoft shit. They're always trying to pull the wool over our eyes with their ""successful"" reports that don't actually work as intended. Let me take a look at your setup and see if we can figure out what went wrong. It might just need some manual intervention."
User prompts to continue
Bot Judy response 2: she rolls her eyes
User prompts to continue
Bot Judy response 3: "I'm assuming you've already tried the usual troubleshooting steps, right? Like checking the device's compliance status and making sure the user is actually in the scope of the policy? If not, let's start there."
Theoretically cryptocurrencies are interesting, but Bitcoin just isn't usable.
Bitcoin and many other currencies have way too many and large fluctuations in value for daily use.
Bitcoin specifically is not practical for transactions in general due to cost and block size limits. Yes, lightning exists, but maybe your technology is shit if it needs a second overlay network to function.
Instead of fixing those issues, most other coins are just pump and dump schemes for a quick buck.
Only very few coins try to do something different and fix some of these issues.
Get a cheap VPS and set up a VPN of your choice.
I mean it sucks for him, but after having been away for three months with more leave time coming the company probably doesn't have any obligation to keep him hired.
At least that's the case here in Switzerland (if you worked for a company long enough) and I'd be surprised if the US had better protections.
Yggdrasil :)
Open UDP ports are pretty secure and rarely found by scanners. The basic issue with scanning for UDP is, that most services don't respond to random garbage you try to probe then with. Without getting a response back, the scanner has no way of knowing if there is something running on that port or not.
Wireguard in particular only responds if the correct key is given.
Also make sure your firewall DROPs (usually the default, but do check) disallowed connections instead of REJECT. This way any UDP probing, whether it's to an open port or closed one just times out with no way for the scanner to distinguish them.
I don't know of any project that already supports that AI processor. You'd still be using the CPU and GPU at the moment.
Yes, because he's using Linux for those parts
What happened in Gnome for them to merge so much stuff recently?
Is that a standard systemd configuration or something enabled by a distro?
I can really recommend XCP-ng. For me it strikes a pretty good balance of features and ease of use.
Usually you can get the kernel source for Qualcomm at least, MediaTek tho...
There are basically two different approaches to drivers. Windows will have some very basic drivers built-in, but most of them are downloaded and installed when a component that requires them is detected in current versions of Windows.
Linux on the other hand includes every driver it knows about out of the box. You won't ever need to install additional drivers if the hardware is supported. This makes Linux an excellent portable system, you can just take a drive out of one pc with an AMD CPU and Nvidia GPU and put it into one with an Intel CPU and AMD GPU without driver issues*.
*as long as you stick to the included drivers
Using whatever works better for the current project is doing Hybrid Cloud. Now your boss can brag about how modern the infrastructure is.
And 2d, who self host on a server/VPS they rented somewhere.
New stuff gets called AI until it is useful, then we call it something else.
It will be the workers, with their courage, resolution and self-sacrifice, who will be chiefly responsible for achieving victory. The petty bourgeoisie will hesitate as long as possible and remain fearful, irresolute and inactive; but when victory is certain it will claim it for itself and will call upon the workers to behave in an orderly fashion, and it will exclude the proletariat from the fruits of victory. ... the rule of the bourgeois democrats, from the very first, will carry within it the seeds of its own destruction, and its subsequent displacement by the proletariat will be made considerably easier..
/s
The community is more important than the product. — Pieter Hintjens Dear contributors to the Nix ecosystem, dear users, We recognize that the Nix community keeps growing and changing, and its governance has not been adapting accordingly. While the foundation board was never intended to lead the ...
![NixOS Foundation board: Giving power to the community](https://lemmy.blahaj.zone/pictrs/image/3a4f9b2e-8dbd-4290-b682-a7f472a4eb60.png?format=webp&thumbnail=256)
Cross posted from: https://feditown.com/post/328958
The community is more important than the product. — Pieter Hintjens Dear contributors to the Nix ecosystem, dear users, We recognize that the Nix community keeps growing and changing, and its governance has not been adapting accordingly. While the foundation board was never intended to lead the ...
![NixOS Foundation board: Giving power to the community](https://lemmy.ml/pictrs/image/1a0f3ff9-a1ea-420d-9226-967aebff7564.png?format=webp&thumbnail=256)
I’ve had my days with Siri and Google Assistant. While they have the ability to control your devices, they cannot be customized and inherently rely on cloud services. In hopes of learning something new and having something cool I could use in my life, I decided I want better. The premises are simple...
Valve has shown to occasionally not act on community feedback and bug reports. A story about a decade old bug.
![A decade long Steam issue, is everyone just too fast for Valve?](https://lemmy.ml/pictrs/image/78deeea8-8524-43be-9db5-61179fac6785.jpeg?format=webp&thumbnail=256)
Analysis of the No user logon
issue in Counter Strike 2, and older CS titles.
Windows Secure Time Seeding resets clocks months or years off the correct time.
![Windows feature that resets system clocks based on random data is wreaking havoc](https://lemmy.world/pictrs/image/57329241-ac8c-49ca-88a0-ca9ec5945122.jpeg?format=webp&thumbnail=256)
Windows Secure Time Seeding resets clocks months or years off the correct time.
![Windows feature that resets system clocks based on random data is wreaking havoc](https://lemmy.ml/pictrs/image/838c68b9-7440-46fa-8505-1236799aa75b.jpeg?format=webp&thumbnail=256)
About a decade ago, Tesla rigged the dashboard readouts in its electric cars to provide “rosy” projections of how far owners can drive before needing to recharge, a source told Reuters.
![Tesla’s secret team to suppress thousands of driving range complaints](https://lemmy.blahaj.zone/pictrs/image/9TPa6zmbLU.jpg?format=webp&thumbnail=256)
Really interesting article about airlines, independent safety inspectors ans Russia
This might be a stupid question, but hear me out.
I regularly document steps to install various software for myself on my wiki
More recently, I managed to use different custom text in the source markdown to prepend #
and $
automatically, so commands can be copied more easily while still clarifying if it should be run as a normal user or as root.
Run command as user
$ some cool command
Run command as root/superuser with sudo ```
some dangerous command
```
I usually remove and sudo
and use the # prefix. However, in some cases, the sudo
actually does something different that needs to be highlighted. For example, I might use it to execute a command as the user www-data
sudo -u www-data cp /var/www/html/html1 /var/www/html/html2
I often use $
as a prefix, but #
would also make sense.
How would you prefix that line?
If I report something on a remote community, where does the report go?
I know that as an instance admin, I'm getting a report. But do the moderators of the community and the server admins it is on also receive a report?
As I tend to do, I picked a topic to write about that is much larger in scope than I could manage in a reasonable amount of time. Did I learn? Apparently...
![NixOS and my Descent into Insanity](https://lemmy.blahaj.zone/pictrs/image/5oY4mSW2o9.png?format=webp&thumbnail=256)
I hope it's alright to post this question here. Please direct me to a more appropriate commuity if not. Anyways, my sister's looking for a new laptop and I decided to lend my expertise. I've got a list of various requirements, but maybe some of them are too strict or I'm missing something.
Usage
- Mostly office & webbrowser
- Some light gaming (Minecraft, SWTOR, Drakensang)
- Youtube playback in the background while gaming
Current laptop
Hard Requirements
Stuff that's absolutely required
- Budget 700€ - 900€
- 14" screen size
- <1.6 kG weight
- min. wifi 5 (802.11ac)
- \>250cd/m^2 display brightness
- all-day battery life (>8h)
- Windows 11 (I won't evangelize Linux to her)
Soft Requirements
Additional requirements I thought off, though I'm open to modifying those
- \>4 core CPU
- 16GB RAM (Most laptops still come with 8GB. Is that ok for current year multitasking on Windows?)
- \>480GB storage (I'll have to check her current usage with her, maybe 256GB is fine?)
- 2x USB-A ports
- USB-C charging
- HDMI/DP Port
- internal GPU only (the games run okish on the old laptop already, so anything newer should also be better)
Some options
These are some options I found. I'd like to hear some thoughts/opinions on those. (links are to the UK site for english language, for prices I'm looking at the german site variant)
- 700€ Lenovo IdeaPad 5 14ABA7 82SE007NGE
- Some IdeaPad 5 models have screens with pretty bad sRGB coverage source
- Only review I found of this lineup
- 750€ Lenovo ThinkBook 14 G4 IAP 21DH000QGE
- Review by Notebookcheck of the Ryzen model
- Review Laptopmedia
- Apparently bad battery life compared with the others
- 750€ Huawei MateBook D 14 (2022)
- 790€ HP EliteBook 640 G9 81M82AT
- Also review by Laptopmedia
- Much better sRGB coverage thatn the IdeaPad 5
Thoughts, comments, experiences?
Hello, I thought I'd share my own setup with Ansible. Two motivations that played a factor here. First, I wanted to use Podman instead of Docker and second, I already have an Nginx Proxy that I wanted to use it. Lastly, I like managing my containers through systemd, which is very easy to do with Podman. Tested on Debian 11, though it should work on most other distros as well. Do look over the playbook, there might be some decisions you don't agree with. For example, the different directories I'm creating for the various containers. (I'm creating multiple directories under /mnt) Other variables, mainly logins, are already modifyable using the Ansible vault file included here.
Requirements
- A Server
- SSH access to the server
- Ansible Inventory file
- Basic knowledge of Ansible
- Basic knowledge of Nginx
- SMTP server EDIT 2023-06-15
Setup
Vault file
I'll start with the vault file. Enter your values between the quotes. Explainations for most of them can be found in the lemmy.hjson
config file.
Filename: vault.yml
Content of vault.yml
```
postgres
var_postgres_user: "" var_postgres_password: ""
pictrs
var_pictrs_api_key: ""
smtp (lemmy config)
var_smtp_server: "" var_smtp_login: "" var_smtp_password: "" var_smtp_from: "" var_smtp_tls: ""
initial admin config
var_admin_username: "" var_admin_password: "" var_site_name: "" var_admin_email: ""
network settings
var_hostname: "" ```
Encrypt your file with this command.
$ ansible-vault encrypt vault.yml
You can also view or edit the file by replacing the encrypt
keyword with view
or edit
respectively.
Lemmy config
Here's the lemmy config I used. It is mostly copied from the default config example, though a lot of the values have been replaced by the variables you just filled in above.
(btw, federation still does work with tls_enabled: true
commented like this. As proof, I'm writing this post from my own instance set up this way)
Content of lemmy.hjson
``` {
settings related to the postgresql database
database: { # Username to connect to postgres user: "{{ var_postgres_user }}" # Password to connect to postgres password: "{{ var_postgres_password }}" # Host where postgres is running host: "lemmy-db" # Port where postgres can be accessed port: 5432 # Name of the postgres database for lemmy database: "lemmy" # Maximum number of active sql connections pool_size: 5 }
Settings related to activitypub federation
Pictrs image server configuration.
pictrs: { # Address where pictrs is available (for image hosting) url: "http://lemmy-pictrs:8080/" # Set a custom pictrs API key. ( Required for deleting images ) api_key: "{{ var_pictrs_api_key }}" }
Email sending configuration. All options except login/password are mandatory
email: { # Hostname and port of the smtp server smtp_server: "{{ var_smtp_server }}" # Login name for smtp server smtp_login: "{{ var_smtp_login }}" # Password to login to the smtp server smtp_password: "{{ var_smtp_password }}" # Address to send emails from, eg "noreply@your-instance.com" smtp_from_address: "{{ var_smtp_from }}" # Whether or not smtp connections should use tls. Can be none, tls, or starttls tls_type: "{{ var_smtp_tls }}" }
Parameters for automatic configuration of new instance (only used at first start)
setup: { # Username for the admin user admin_username: "{{ var_admin_username }}" # Password for the admin user. It must be at least 10 characters. admin_password: "{{ var_admin_password }}" # Name of the site (can be changed later) site_name: "{{ var_site_name }}" # Email for the admin user (optional, can be omitted and set later through the website) admin_email: "{{ var_admin_email }}" }
the domain name of your instance (mandatory)
hostname: "{{ var_hostname }}"
Address where lemmy should listen for incoming requests
bind: "0.0.0.0"
Port where lemmy should listen for incoming requests
port: 8536
Whether the site is available over TLS. Needs to be true for federation to work.
#tls_enabled: true } ```
Ansible Playbook
Now a quick overview of my playbook:
- Installs podman
- The systemd service for running the podman pod will be stopped. EDIT: The error will now be caught and continue
- Create various directories
- Copy the lemmy configuration
- Create a podman network
- Create a podman pod
- Port 1234 is for the Lemmy UI
- Port 8536 is the Lemmy backend
- Create all the containers
- Generate the systemd service for the pod
- Enable the systemd service
And here's the Ansible playbook file.
Content of playbook.yml
``` ---
- hosts: all
become: yes
become_method: sudo
vars:
var_lemmy_version: "0.17.4"
tasks:
-
name: Install podman ansible.builtin.package: name: - podman state: latest
-
name: Stop lemmy pod if necessary block:
- name: Stop systemd service ansible.builtin.systemd: name: pod-pod_lemmy state: stopped rescue:
- name: Skip stopping systemd service ansible.builtin.debug: msg: "First time setup. Ignore the error above"
-
name: Create database directory ansible.builtin.file: path: /mnt/lemmy-db state: directory owner: root group: root
-
name: Create lemmy directory ansible.builtin.file: path: /mnt/lemmy-app state: directory owner: root group: root
-
name: Create pictrs directory ansible.builtin.file: path: /mnt/lemmy-pictrs state: directory owner: 991 group: 991
-
name: Copy lemmy config file template: dest: /mnt/lemmy-app/lemmy.hjson src: ./lemmy.hjson
-
name: Create lemmy network containers.podman.podman_network: name: net_lemmy
-
name: Create lemmy pod containers.podman.podman_pod: name: pod_lemmy network: - net_lemmy publish: - "1234:1234" # lemmy-ui - "8536:8536" # lemmy-app
-
name: Create DB container containers.podman.podman_container: name: lemmy-db image: docker.io/postgres:15-alpine volume: - /mnt/lemmy-db:/var/lib/postgresql/data env: POSTGRES_USER: "{{ var_postgres_user }}" POSTGRES_PASSWORD: "{{ var_postgres_password }}" POSTGRES_DB: lemmy label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"
-
name: Create pictrs container containers.podman.podman_container: name: lemmy-pictrs image: docker.io/asonix/pictrs:0.3.1 #entrypoint: "/sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"
flags: https://git.asonix.dog/asonix/pict-rs/src/tag/v0.3.1
command: "/usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp" user: 991:991 volume: - /mnt/lemmy-pictrs:/mnt env: PICTRS__API_KEY: "{{ var_pictrs_api_key }}" label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"
-
name: Create lemmy container containers.podman.podman_container: name: lemmy-app image: docker.io/dessalines/lemmy:{{ var_lemmy_version }} volume: - /mnt/lemmy-app/lemmy.hjson:/config/config.hjson interactive: true tty: true env: RUST_LOG: "warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info" #requires:
- lemmy-db
- lemmy-pictrs
label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"
-
name: Create lemmy-ui container containers.podman.podman_container: name: lemmy-ui image: docker.io/dessalines/lemmy-ui:{{ var_lemmy_version }} env: # this needs to match the hostname defined in the lemmy service LEMMY_UI_LEMMY_INTERNAL_HOST: "lemmy-app:8536" # set the outside hostname here #LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ var_hostname }}" LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ ansible_default_ipv4.address }}:1234" #LEMMY_HTTPS: true #requires:
- lemmy-app
label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"
-
name: Create systemd service containers.podman.podman_generate_systemd: name: pod_lemmy new: true dest: /etc/systemd/system/
-
name: Enable lemmy pod ansible.builtin.systemd: daemon_reload: true name: pod-pod_lemmy enabled: true state: started ```
-
Run the playbook with this command.
$ ansible-playbook -i inventory.yml -e @vault.yml --ask-vault-pass playbook.yml -K
You will be prompted for the sudo password and the password you set for your encrypted vault.
If you authenticate to ssh using a password, add -k
to the above command and you'll be prompted for that as well.
There's a character limit on posts, so I'll put the rest as a comment below.