I could compromise over that, but teams and zoom is a big no

you all have someone to talk to about your projects?

last commit: 7 months ago

firewall rules? who cares about firewall rules if the switch still forwards packets to the printer?

firewall rules only work on end devices, and routers when the destination is in a different subnet and broadcast domain.

why not codeberg? kind of lightweight on JS, but especially compared to gitlab.

@Nundrum@yall.theatl.social

that would probably work. I think the IP does not need to be static, but there can be problems if your IP changes often, and it’s not updated quickly in DNS.

the only hard requirement for a local headscale (for usage over the internet) is that you are not behind a CG-NAT, and you can forward a port to your server in your router

but for the love of god and your own benefit, put a name constraint directly on the root cert

you don’t strictly need a VPS, what you need is a (mostly?) static IP address, that is especially not behind CG-NAT. if your ISP won’t give that to you, you get a VPS, because one of the most important jobs of headscale is NAT hole punching and patching your devices in

the first paragraph is not like in the post. did they rephrase it because of the “as it does” part?

this is the current version:

Tailscale recently announced our Series C fundraise. We were grateful for all the community support, but the Internet also raised a few of its collective eyebrows, wondering whether this meant the dreaded “enshittification” was coming next.

the internet archive does not show your version either: https://web.archive.org/web/20250702140430/https://tailscale.com/blog/evitability-of-enshittification

where did you get that quote from?

as I heard that’s pretty common at oracle, but it’s good to spread the word

what I know though is that the device manufacturers are obligated by license to give you the kernel source code for the device on request, because linux is gpl.

but they are not obligated to provide you hardware drivers and device trees that are not included in the kernel. you may still ask in case they care, but it’s probably rare they provide that. sometimes it’s hard even to get their kernel source code.

I don’t know. Haven’t done this myself. I would look at the git history of devices currently supported. how they started out, what kind of changes they made, how did the maintainer obtain a file or figure out a config change, things like that. then maybe also contact the maintainer ofir that device, or the lineage mailing lists (or a more modern platform if they have one, but the more experienced folks are likely only reading the mailing lists)

the config and databases or the media, you mean?

if so, the former, but I mount the meadia with a read only docker volume just to be sure, because chances are I would never notice it

well if they find the drivers, and make the necessary changes from another tablet or phone that’s similar and suported, yeah

you must have lots of LoTs

wpa2, but password limited to 10 characters. letters and numbers only, trying anything else crashes it, and you have to figure this out yourself

ok, a backdoor then. can they overwrite any file with it?

with properly limited access the breach is much, much less likely, and an update bringing down an important service at the bad moment does not need to be a thing

it’ll still cause downtime, and they’ll probably have a hard time restoring from backup for the first few times it happens, if not for other reason then stress. especially when it updates the wrong moment, or wrong day.

they will leave vulnerable, un-updated containers exposed to the web

that’s the point. Services shouldn’t be exposed to the web, unless the person really knows what they are doing, took the precautions, and applies updates soon after release.

exposing it to the VPN and to tge LAN should be plenty for most. there’s still a risk, but much lower

“backups with Syncthing”

Consider warning the reader that it will not be obvious if backups have stopped, or if a sync folder on the backup pc is in an inconsistent state because of it, as errors are only shown on the web interface or third party tools

that’s horrible and funny at the same time.

I will assume they fixed that vuln later