• 2 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle
  • The easiest way to disable unnecessary services is to uninstall them with aptitude, or whichever package manager you like. Try terminating services one by one, and see if anything bad happens. If nothing bad happens, you can probably uninstall it. On the other hand, if the system does get wonky a reboot should fix it. Or, you can research the services by name and decide whether to uninstall them. (avahi-daemon for example is a good idea to uninstall.)

    To make the GUI not run, uninstall your display manager (gdm, xdm, nodm, or whatever) and uninstall your xorg server or wayland server. There may be GUI programs remaining after that, but they will only be consuming disk space, not RAM or CPU.

    If the battery is old and holds little charge, you may save a few watts by removing it and throwing it away, instead of letting the system keep it topped off.

    Get a power meter, such as a Kill-a-watt device. Then, experiment with different settings. If it’s consuming less than 30 watts, you’re probably fine. If you live in the US, one watt-year is about one US dollar (or a little more), so for every watt it consumes, that’s about how much you will pay per year for its electricity.





  • Yeah, it’s definitely a problem, and genetic information could end up getting linked. Even if a person thinks they might not have DNA in any existing database, whether criminal, medical, or otherwise, there’s no telling what might happen in the future. I can think of a few different ways a person might involuntarily, through no fault of theirs, get their DNA forcibly taken with no legal recourse.

    Every path here will have some tradeoffs. But the odds of getting linked are probably much lower outside your home country.



  • My best recommendation would be to go to a testing lab and provide a fake name. It should work. I’ve never been ID’d at any doctor’s office, and one time did even receive healthcare under a fake name with no trouble. Of course, that means your insurance won’t cover anything, but that’s the unfortunate reality of US healthcare. Also, they probably won’t delete your data. HIPAA includes no right to be forgotten, and in some cases, may even mandate retention for several years.

    Sorry I don’t have a better solution. I think your best bet is to distance this genetic data as much as possible from your real identity.

    Alternately, you could try going somewhere outside the US.

    I completely agree that HIPAA is dead. One time when I went to a new doctor’s office, totally unaffiliated with any doctor I’d ever seen before, the doctor instantly pulled all my medical records from several other places. They didn’t even get my verbal permission; they just did it. If that’s the level of security on these databases, and doctors are allowed to access them on old unsupported Windows computers, then it’s almost certain that the databases have tons of undetected data breaches. They’ve probably been scraped completely by multiple attackers.





  • I cannot recommend any USB-connected drive for long-term use. (Only for portable devices that get plugged in for a little while at a time.) In the long term, any USB drive will randomly reset during periods of heavy use – including heavy writes, meaning some data will get lost.

    USB enclosures tend to just crap out completely after a year or two, if used continuously on a server. I know because I twice used 1TB external drives with OpenWRT (home router) devices. The data will be safe on the drive, but you’ll have to replace the enclosure.

    1. My first recommendation would be to look very carefully at the chassis and see if there’s any way at all to fit another SSD inside it. 2.5" SSD’s are usually thinner than 2.5" hard drives, so it may be possible, and most motherboards have more SATA ports than they need.

    Is there possibly an NVMe slot on the motherboard? Or an open PCIe slot where you could put an NVMe adapter?

    1. My second recommendation would be using a 2.5" hard drive. Newegg has a 5TB one for $135, but unfortunately that’s as large as they seem to go. It will be a bit slower than an SSD, but still probably around 150MB/s for sequential access.

    2. My third recommendation, if money is really tight, would be an additional server, with a large 3.5" hard drive. This will be a lot cheaper than an 8TB SSD, but adds complexity, electricity use, space use, and possibly fan noise.


  • This is false. X is not less secure than Wayland. It does have a different security model, which can become insecure if you misuse it. I don’t think people really care about situations where multiple user accounts access the same display.

    In my opinion, the benefits of xdotool far outweigh any benefits gained by Wayland’s security model. It’s impossible to make xdotool in Wayland, because of its security model.


  • Limonene@lemmy.worldtoMildly Infuriating@lemmy.worldMFA
    link
    fedilink
    English
    arrow-up
    74
    arrow-down
    14
    ·
    7 months ago

    I agree with this sentiment. Steam notably falls into the third category, while otherwise being pretty good.

    But I’m quite disgusted now seeing an image of a Yubikey for the first time. I’ve heard so many good things about them that it’s a major disappointment to see now that they use that awful noncomplaint shape of USB plug.

    There are two very important reasons for the metal shield around USB plugs: 1. For ESD protection, and 2. to hold the receptacle’s tongue in place and prevent it from bending away and losing contact. Every USB device I’ve owned that was a flat plug (like this Yubikey image in this post) has within a month deformed the USB receptacle it’s plugged into to the point that the device no longer works in that port. Compliant USB devices still work in that port’s deformed receptacle, because they have a correct metal shield that bends the tongue back into the correct position.


  • I never got Proton working on my main distro (Debian), so I probably fall into this category. I did use Wine, but Wine is a lot harder to set up, and never ran games as well as Proton did.

    Here is my major gaming history, since I started on Linux in 2007. Yes, I really could focus on a single game for years back then.

    • 2007: Starcraft, in Wine
    • 2007: Nethack, native
    • 2011: Morrowind and Oblivion in Wine
    • 2012: Minecraft, native
    • 2014: sgt-puzzles, native
    • 2016: Steam, got hundreds of native Linux games.
    • 2017: Briefly got Steam and Path of Exile working inside a Wine instance.
    • 2022: Steam deck, with the specific purpose of being able to run Proton on it.
    • 2023: New Ubuntu installation, and Proton finally worked on my PC.

    Today, I still prefer native Linux games. I mostly only use Proton when peer pressure for a multiplayer game required it. But I never use Wine any more.



  • A couple months ago, I made a Palworld server box out of a spare motherboard assembly (mobo, processor, ram) from a computer I had recently upgraded.

    I didn’t have any spare drives lying around, so I plugged in 7 USB flash drives and made them into a RAID array. Not a true RAID array, but a BTRFS filesystem with volumes spread onto each flash drive, with the data redundancy set to raid1, and the metadata redundancy set to raid1c3.

    It worked… in the sense that I never lost any data. It certainly didn’t work in the sense of having good uptime.

    The first problem was getting it to boot right. The boot line in GRUB had “root=UUID=…” instead of a specific drive named. That is normal. However, in BTRFS multi-volume filesystems, all the volumes have the same UUID. So the initrd was only waiting for a single drive matching that UUID, then trying to mount it as the root filesystem. This failed, because the kernel had not yet set up the other 6 USB drives, and this BTRFS filesystem needs all 7 volumes present. Maybe 6, if you used the “degraded” mount option.

    The workaround was to wait for this boot process to fail, at which point you get dropped into an initrd shell. Then, you look at all the drives and make sure they’re all there. And then… I don’t exactly remember what happened next. I think it was some black magic that erases your mind in the process. I somehow got it booted from the initrd shell.

    Installing Steam and the Palworld server worked ok, and it even ran for a few hours before crashing overnight.

    The next morning, I tried rebooting it. Unfortunately, the USB drives weren’t all appearing. Turns out the motherboard had some bad USB ports, some sometimes-bad USB ports, and a maybe-bad PCIe bus, because the PCIe USB expansion card I plugged in had weird problem that it had never had before.

    I found the most reliable ports and plugged the drives in there. But you can’t just replug them in the initrd. It doesn’t have USB hotplug support. So each time it tried to boot with not all the drives there, I restarted it again until one time I finally had all the drives.

    I changed the GRUB boot line to “root=/dev/sdg1” . This made it wait for all the drives to load, in any order, and whichever one was last would be mounted as the root filesystem (but the kernel would automatically include all the others too, since they were successfully initialized).

    The bad USB ports kept bringing down the server every day or two. I bought a cheap NVMe drive and added it to the BTRFS filesystem, and then removed all the USB drives except the largest. That fixed the reliability. It’s been like that since.

    Now, to boot the server, all I have to do is change the GRUB boot line to “root=/dev/sdb1” . Since the NVMe drive is much faster than the USB drive, it always initializes first. If the initrd waits for sdb2, then it will always have both drives initialized when it tries to mount the root filesystem.

    I could add that to the grub.cfg, or come up with some other more permanent solution, but I’m not planning on rebooting this server ever again. My friends fell off Palworld, and I gave a shutdown date that’s about a week away. And the electricity is pretty reliable here.


  • Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.

    My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.

    My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.



  • So are you able to view content, but pay to download? If that’s the case, I could probably write a scraper for the site.

    If you have to pay to even see the content, then you may have a bigger problem. Try pooling resources with some of your fellow students, to have one person download all the content, and then make it available to everyone else.

    Another option is to expose your instructors. There’s a high probability that they are getting kickbacks, especially if this is at college level. Maybe in the form of 10% of each dollar spent by one of their students. Or, they might be getting free equipment or content from Docsity, in exchange for forcing students to use it, and offloading the costs to students.

    When I was in college, one of my instructors used these “clickers” that cost students $40 per semester to rent. They used radio to allow submitting realtime quiz answers during class. Students were scored on how many questions they answered, not whether they were correct. If you didn’t pay the clicker fee, you lost that 10% of your final grade.

    I was suspicious, so I looked into it. It wasn’t hard. The clicker manufacturer advertised kickbacks on their own website.


  • Cloudflare seems to incorrectly classify my Internet connection, which is a residential Internet connection going to my house, as a datacenter connection or VPN or something.

    Many websites that use Cloudflare give me endless captcha forms. As soon as I solve one, it demands another, and never lets me access the website.

    Sometimes I solve one captcha, and then it says I’m blocked forever for sending automated queries, even though I filled it out correctly. The error message is: “You are blocked.”

    Sometimes it lets me in after one captcha, but I still resent having to enable Javascript for these assholes just to access a site that doesn’t otherwise require Javascript.

    Sometimes Cloudflare adds extra security to certain pages, just for me. The developers of the website didn’t program it to handle this extra security, so the site fails for just me, and the site developers don’t believe me, telling me I have a browser problem (in three different browsers, which I can fix by using a proxy). For example, when the site’s javascript has my browser to do a CORS operation, the first step is the browser sending an OPTIONS request. However, the extra security of the proxy introduced by Cloudflare responds slightly differently from the actual website, so the site breaks.

    Cloudflare uses a holistic approach to deciding whether you are a legitimate user or a bot. In other words, they use every single possible piece of data they can get on you, including tracking your visits across other Cloudflare sites. They do discriminate against certain user-agent strings.

    Cloudflare completely blocks many Tor users, even from having read-only access to a site.

    When you ask Cloudflare why your IP address is blocked, they falsely claim that it’s a setting created by the website admins. I strongly suspect that this setting is something like “use Cloudflare™ Adaptive Security™” and probably doesn’t explain to the site admin that they’re blocking large quantities of innocent users.

    Cloudflare has previously used Google Recaptcha, which has a ton of problems (tracking, accessibility, training AIs that will make my life worse).