I recently moved my internal network to a public domain. [random letters].top was $1.60 at porkbun, and now I can do DNSSEC and letsencrypt. I added a pre-hook to LE’s renew that briefly opens the firewall for their challenges, but now I’m going to have to look at the DNS challenge.
Almost everything I do references just hostname, with dns-search supplied by dhcp, so there was surprisingly little configuration to change when I switched domains.
I’d tried that…this has been going on for five days, and I can not describe my level of frustration. But I solved it, literally just now.
Despite systemctl status apparmor.service claiming it was inactive, it was secretly active. audit.log was so full of sudo that I failed to see all of the
apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/dnssec-keys/K[zone].+013+16035.l6WOJd" pid=152161 comm="isc-net-0002" requested_mask="c" denied_mask="c" fsuid=124 ouid=124FSUID="bind" OUID="bind"
That made me realize, when I thought I fixed the apparmor rule, I’d used /etc/bind/dnskey/ rw instead of /etc/bind/dnskey/** rw
The bind manual claims that you don’t need to manually create keys or manually include them in your zone file, if you use dnssec-policy default or presumably any other policy with inline-signing. Claims that bind will generate its own keys, write them, and even manage timed rotation or migration to a new policy. I can’t confirm or deny that, because it definitely found the keys I had manually created (one of which was $INCLUDEd in the zone file, and one not) and used them. It also edited them and created .state files.
I feel like I should take the rest of the day off and celebrate.
Back in the day, I’d go through HDDs faster than systems-always needed to add storage before I could replace the CPU. I didn’t start disassembling them until they got up to the 500 _M_B range, but you’d often get 3 platters back then. OP must be harvesting from a whole workgroup - I’ve only got a 3cm stack and 7 drives waiting for the screwdriver.
No idea, honestly, what the popular perception of N100 platform is. It only came to my mind because I’d watched https://www.youtube.com/watch?v=hekzpSH25lk a couple days ago. His perspective was basically the opposite of yours, i.e.: Is a Pi-5 good enough to replace an N100?
Pi5+ just because I’d originally written Pi5+PS/case/SD.
And you’re right that everything has gotten more expensive, but $35 in 2016 (Pi-3) is only $45 today (and you can still get a 3B for $35). The older Pis hit, for me, a sweet spot of functionality, ease, and price. Price-wise, they were more comparable to an Arduino board than a PC. They had GPIOs like a microcontroller. They could run a full operating system, so easy to access, configure, and program, without having to deal with the added overhead of cross-compiling or directly programing a microcontroller. That generation of Pi was vastly overpowered for replacing an Arduino, so naturally people started running other services on them.
Pi 3 was barely functional as a desktop, and the Pi Foundation pushed them as a cheap platform to provide desktop computing and programming experience for poor populations. Pi4, and especially Pi5, dramatically improved desktop functionality at the cost of marginal price increases, at the same time as Intel was expanding its inexpensive, low-power options. So now, a high-end Pi5 is almost as good as a low-end x86, but also almost as expensive. It’s no longer attractive to people who mostly want an easy path to embedded computing, and (I think) in developed countries, that was what drove Pi hype.
Pi Zero, at $15, is more attractive to those people who want a familiar interface to sensors and controllers, but they aren’t powerful enough to run NAS, libreelec, pihole, and the like. Where “Rasperry Pi” used to be a melting pot for people making cool gadgets and cheap computing, they’ve now segmented their customer base into Pi-Zero for gadgets and Pi-400/Pi-5 for cheap computing.
My guess is Firefox. I’m using Kodi - OSMC/libreelec - and it coasts along at 1080p, with plenty of spare CPU to run pihole and some environmental monitors. Haven’t tried anything 4k, but supposedly Pi4 offloads that to hardware decoding and handles it just fine. (as long as the codec is supported).
https://www.acepcs.com/products/mini-pc-intel-n100-ultra is only $140, and it looks to me like Pi5+ is $160 with PS/case/microSD.
Pi 4’s were hard to get there for a while. Pi 5’s are expensive. Lot of other SBCs are also expensive, as in not all that much cheaper than a 2-3 generations old low-end x86. That makes them less attractive for special purpose computing, especially among people who have a lot of old hardware lying around.
Any desktop from the last decade can easily host multiple single-household computer services, and it’s easier to maintain just one box than a half dozen SBCs, with a half dozen power supplies, a half dozen network connections, etc. Selfhosters often have a ‘real’ computer running 24/7 for video transcoding or something, so hosting a bunch of minimal-use services on it doesn’t even increase the electric bill.
For me, the most interesting aspect of those SBCs was GPIO and access to raw sensor data. In the last few years, ‘smart home’ technology seems to have really exploded, to where many of the sensors I was interested in 10 years ago are now available with zigbee, bluetooth or even wifi connectivity, so you don’t need that GPIO anymore. There are still some specific control applications where, for me, Pi’s make sense, but I’m more likely to migrate towards Pi-0 than Pi-5.
SBCs were also an attractive solution for media/home theater displays, as clients for plex/jellyfin/mythtv servers, but modern smart-TVs seem mostly to have built-in clients for most of those. Personally, I’m still happy with kodi running on a pi-4 and a 15 year old dumb TV.
In a federated system, users on Alice can see and post into communities hosted on Bob, eg alice/c/funplace@bob. When Meta tries to join, Alice chooses not to federate - avoid giving meta free content, protect its users from ‘bad’ meta communities, preemptively block toxic meta users, whatever - but Bob does federate. Alice users can’t see meta/c/advertising, there’s no way to subscribe to Alice/c/advertising@meta. Both Alice and Meta users can see Bob/c/funplace, and so alice users can see anything that meta users post there and meta ‘gets’ any content that alice users contribute. Bob effectively acts like a tunnel between alice and meta users.
if I can communicate with them from my Mastodon account, I would like to have that option.
That’s the Embrace part, and it is mutually beneficial. Later on, Threads may give your Mastodon account a special color to mark you as one of the crazy socialists, and let their own users exchange unique awards, super-boosts, or other neat Extended features. Then connection between Threads and Mastodon-at-large becomes unreliable due to technical differences in protocol or just volume of content. Threads users see a handful of their friends drop off for no apparent reason, but ‘classic’ Mastodon users lose almost everyone and the platform is effectively Extinguished.
In the grand scheme, though, no one uses either mastodon or lemmy. I’m sure, to the devs and people who joined before 2021, that a couple million users seems like an enormous victory (and it is), but relative to a half billion twitters, the 1.5 billion instagrammers, or even the 5+M that signed up for Threads on the first day, it’s nothing.
Those Threads users aren’t part of Lemmy or Mastodon, they’re part of Threads. They don’t have to know what Lemmy or Mastodon are, even as they benefit from content created there. Once Threads is big enough, they either DOS non-corporate instances with mountains of data, disable those instances with protocol-breaking customizations, or just ignore them because all the biggest communities and content are hosted at Threads.
When mozilla & google started working together, Firefox was the majority browser and chrome a ridiculous upstart trying to squeeze into a domain dominated by IE and FF. The fediverse does not have mozilla’s power in that analogy. I mean, fediverse may survive after that, but the commercial players will absolutely siphon off anyone who cares more about the user experience and content than about privacy on a public forum, which probably means the user base of July 2022, not July 2023.
Haven’t noticed any issues, but I’m not intentionally using mDNS. dhcpd tells all the clients where the nameserver is and issues ddns updates to bind, so I haven’t needed any of the zero-config stuff. I did disable avahi on a linux server, but that was more because it was too chatty than caused any actual problems. I wouldn’t think there would be any more issues between mDNS and a fake domain than between mDNS and a real, big-boy domain on the same network.