I’m not sure I understand. First off I’m not the same person as GP. Second, the admins are proposing an AI tag, which I’m supportive of. I’m just saying that I am OK with AI-assisted projects being posted to this community (with the AI tag of course)
- 1 Post
- 84 Comments
Fine, but others including myself want that slop as far away from here as possible
And there are people like me who are fine with moderate AI use and would rather judge the project themselves rather than have them rejected outright.
Maybe there should be a community poll
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Tested: Microsoft just debloated Windows 11 Search without Bing, and it's crazy fastEnglish
1·4 days agoWhat I’m saying is that if you type “cat videos” in the search bar, it will immediately search the KDE Discover app store for relevant results, by default. It’s not searching the entire web but it’s still sending a request to the internet, one that can be tracked and shared (for example if you have Flathub enabled in KDE Discover, and Flathub happens to use Google analytics on their servers, then Google would know about everything you type in the search bar)
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Valve describes just how brutal RAM negotiations are in 2026English
17·9 days agoinsert veggie tales meme about the future being AI generated
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Tested: Microsoft just debloated Windows 11 Search without Bing, and it's crazy fastEnglish
10·9 days agoLinux does this too. GNOME and KDE both do web searches from the search menu by default (to be more precise they search the app store, which is on the web)
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Valve describes just how brutal RAM negotiations are in 2026English
153·9 days agoFrom 12:48 of the video:
Gamers Nexus: “Were you able to lock in contracts for memory with the suppliers directly or did you have to jump through a bunch of hoops or…”
Rep from Valve: “Look there’s no contract, there’s nothing. Those guys…they are…they give us a price every month, and they say ‘you can buy that many’, and it’s yes or no, and if we say no then they never talk to us again”.
Gamers Nexus also links another video they made specifically about the DRAM cartel.
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Valve describes just how brutal RAM negotiations are in 2026English
19·9 days agofruit videos? is there a recent trend I missed?
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Safely exposing services to the InternetEnglish
3·9 days agoIf I have a bare metal dedicated server, which has only access to IPs contained in my whitelist on a dedicated opnsense, I have less to wory about.
Sure, someone could still find a openbsd/opnsense exploit and get me, but my point is: complex systems break in complex ways, the more complex systems you use, the more attack surface u have, need to know and understand to control and mitigate it.
The way I would frame it is: using complex systems that you are unfamiliar with is risky. In your case, you are familiar with OPNsense and firewalls. So that may be the more secure option for you. But for somebody who isn’t familiar with firewalls, there are a lot of ways to mess up. For example, IP and mac spoofing is very easy. OPNsense and firewalls often don’t have very good defense against IP spoofing, especially if the malware is already inside your LAN (for example, a malicious app running on a smartphone).
Using proxmox and other virtualization platforms has one big advantage: you can experiment and play around and learn, without much risk. With a physical server, if you mess up and get infected, you may have to throw away the whole server. You can’t just re-install the OS, because the malware could have installed a rootkit or infected the bios or other firmware. But with a VM, if the VM gets infected you can just delete the VM and create a new one. One of the main goals of a hypervisor is to sandbox the VM, so that malware is contained.
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Safely exposing services to the InternetEnglish
3·9 days ago“best” is of course subjective. Bare metal could be better, but imo the marginally smaller attack surface isn’t worth it. If the Qubes project trusts that a hypervisor is secure enough, then I trust it as well.
I run 10+ VMs all the time, no way am I going to buy 10 bare metal servers. The ability to create new secure environments on-demand is unbeatable.
And bare metal does have security disadvantages too. It has a physical attack surface that a VM does not. For example, defending against usb attacks. Of course for a VM, the hypervisor/host can be attacked physically, but you only need to worry about securing that one. Securing 10 physical servers is a lot more work than securing just one, so you’re more likely to get lazy, slip up, etc.
The screenshot earlier in the thread clearly said “Evolution is potentially unsafe”, so if the user continues to install it then that’s a risk they took on themselves
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Remote Tech Support services?English
1·11 days agoMoonlight/sunshine can be used for remote desktop, and doesn’t have many controversies that I can remember, far less than Rustdesk at least. You just don’t get the free relay servers, which some might call a plus.
Don’t get me wrong, I personally still consider Rustdesk a viable alternative, I just think the controversies are recent enough and concerning enough that they should be brought up for consideration.
As for the forgive/forget bit, don’t mind it that was just me poking at Lemmy’s hypocrisy a bit
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Remote Tech Support services?English
31·13 days agoRustdesk did have some massive controversies in the past, like:
- installing root certificates without fully understanding the implications
- ignoring AGPL for their proprietary bits
- and other questionable decisions
Which raises doubts as to how trustworthy the development team is.
And while some other people say “it’s ok that was in the past they fixed it”, keep in mind that most of Brave Browser’s controversies were in the past, and yet lemmy still hasn’t forgiven them yet…so I’d like to know how long it takes for lemmy to forgive past mistakes
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Remote Tech Support services?English
1·13 days agodeleted by creator
Just check the permissions of an app before installing. Bazaar has a gauge for how “safe” an app is based on permissions. If it doesn’t request internet, filesystem access, and other powerful permissions, it’ll be marked as the safest.
Really it’s the same as docker. It’s secure most of the time, but don’t come crying about getting hacked if you give all your containers access to /dev, host networking, etc
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Could somebody share a working Arr stack in docker with me?English
2·13 days agoYou’re not wrong but when you use somebody else’s config you use somebody else’s…configuration. Like if they use ProtonVPN, you’ll need to use ProtonVPN as well. If they use Usenet instead of torrents, that’s what you’ll get as well. If somebody uses Podman instead of Docker, etc etc. So this is why it can be more difficult than just ripping configs from strangers.
This is the classic problem where the more flexibility a program has, the more fragmentation comes out of it. The *arr stack is complicated for this reason. It’s a million different pieces that can be configured in a million different ways. Something like Nextcloud is much more plug-and-play. I’ve been doing self-hosting for years now and even I find *arr a chore to deal with.
Though nothing wrong with referencing other people’s configs to get a sense of what it’s supposed to look like. Start simple, look for somebody who has a radarr + qbittorrent + gluetun stack working, and go from there.
hirihit640@sh.itjust.worksto
Technology@lemmy.world•After unveiling ridiculously expensive AR glasses, Snap's stock takes a diveEnglish
22·13 days agoThe idea is sound. Give it 10 years to mature further. The public cares about privacy less than you think, just look at the past 20 years.
hirihit640@sh.itjust.worksto
linuxmemes@lemmy.world•Who could have seen it coming?English
1·14 days agoOther package managers (npm pypi) don’t need namespaces to avoid these issues
hirihit640@sh.itjust.worksto
Technology@lemmy.world•Nvidia CEO: Everybody should use AI. Society has no choice but to change. I used to play in the streets. When cars came along, you obviously can’t play in the streets nowEnglish
2·14 days agoidk maybe there were roads for carriages before cars were invented? I’m not old enough to know
hirihit640@sh.itjust.worksto
Selfhosted@lemmy.world•Safely exposing services to the InternetEnglish
2·14 days agoNobody believes virtualization is perfect, it’s just the best we got because:
- smaller attack surface
- security is the priority over adding new features (the opposite of most other development cycles)
- in practice we have seen how secure it is relative to other systems like the kernel
And anyways, even a separate physical computer can be hacked. If it has networking, there could be a vulnerability in the networking stack. Just making an outbound tcp connection can be enough to be pwned.
I think the closest thing we have to an “invincible” system is seL4, but I rarely hear about amybody using them
Instead of caddy -> auth OIDC -> services, can you do auth OIDC -> caddy -> services? That way you can put the auth OIDC in the DMZ VM, while putting caddy in the other VM with all the services? Alternatively maybe caddy (DMZ) -> auth OIDC (DMZ) -> caddy (LAN) -> services (LAN)
If you can’t, you can always use firewalls on the services VM to prevent services from talking to each other. Preventing them from talking to the internet can be achieved by putting them in an “internal” network (if using docker compose, set “internal: true” when defining the network)