🅸 🅰🅼 🆃🅷🅴 🅻🅰🆆.
𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍 𝖋𝖊𝖆𝖙𝖍𝖊𝖗𝖘𝖙𝖔𝖓𝖊𝖍𝖆𝖚𝖌𝖍
Hmmm. You’re right; it’s a mechanism I’ve never used because it’s more work and it is slower, and I forget about it. All you need to do is be able to prove you own the domain, and control over the DNS record is certainly viable.
Is that what Porkbun does? Because Caddy can automate the http method, but not the DNS challenge method, because both require a handshake and that’s updating the DNS record.
I’ve never heard of Porkbun, but it doesn’t sound like a caddy issue. Let’s Encrypt requires being able to resolve the DNS name you’re requesting a cert for, and to be able to connect to your web service and fetch a secret to prove you own the domain. If porkbun does something like punch a hole in your LAN firewall and let in http traffic, then porkbun is the problem. Not Caddy.
Shit, that’s way more expensive. If only you knew someone in the US who would buy a few boxes and ship them to you…
But, seriously, yeah, that basically eliminates it as an option.
Just out of curiosity, is the product on Amazon, and is it that same price?
This is more expensive in your country?
That’s a little over $11 USD per 100 GB disk. Is it just more expensive where you live, or is it shipping?
I’d be really surprised if these weren’t manufactured in Asia somewhere.
It’d be more space efficient to store a COW2 of Linux with a minimum desktop and basically only DarkTable on it. The VM format hasn’t changed in decades.
Shoot. A bootable disc containing Linux and the software you need to access the images, and on a separate track, a COW2 image of the same, and on a third, just DarkTable. Best case, you pop in the drive & run DarkTable. Or, you fire up a VM with the images. Worst case, boot into linux. This may be the way I go, although - again - the source images are the important part.
I’d be careful with using SSDs for long term, offline storage.
What I meant was, keep the master sidecar on SSD for regular use, and back it up occasionally to a RW disc. Probably with a simply cp -r to a directory with a date. This works for me because my sources don’t change, except to add data, which is usually stored in date directories anyway.
You’re also wanting to archive the exported files, and sometimes those change? Surely, this is much less data? Of you’re like me, I’ll shoot 128xB and end up using a tiny fraction of the shots. I’m not sure what I’d do for that - probably BD-RW. The longevity isn’t great, but it’s by definition mutable data, and in any case the most recent version can be easily enough regenerated as long as I have the sidecar and source image secured.
Burning the sidecar to disk is less about storage and more about backup, because that is mutable. I suppose an append backup snapshot to M-Disc periodically would be boots and suspenders, and frankly the sidecar data is so tiny I could probably append such snapshots to a single disc for years before it all gets used. Although… sidecar data would compress well. Probably simply tgz, then, since it’s always existed, and always will, even if gzip has been superseded by better algorithms.
BTW, I just learned about the b3 hashing algorithm (about which I’m chagrined, because I thought I kept an eye out on the topic of compression and hashing). It’s astonishingly fast - for the verification part, is what I’m suggesting.
The densities I’m seeing on M-Discs - 100GB, $5 per, a couple years ago - seemed acceptable to me. $50 for a TB? How big is your archive? Mine still fits in a 2TB disk.
Copying files directly would work, but my library is real big and that sounds tedious.
I mean, putting it in an archive isn’t going to make it any smaller. Compression on even lossless compressed images doesn’t often help.
And we’re talking about 100GB discs. Is squeezing that last 10MB out of the disk by splitting an image across two disks worth it?
The metadata is a different matter. I’d have to think about how to handle the sidecar data… but that you could almost keep on a DVD-RW, because there’s no way that’s going to be anywhere near as large as the photos themselves. Is your photo editor DB bigger than 4GB?
I never change the originals. When I tag and edit, that information is kept separate from the source images - so I never have multiple versions of pictures, unless I export them for printing, or something, and those are ephemeral and can be re-exported by the editor with the original and the sidecar. Music, and photos, I always keep the originals isolated from the application.
This is good, though; it’s helping me clarify how I want to archive this stuff. Right now mine is just backed up on multiple disks and once in B2, but I’ve been thinking about how to archive for long term storage.
I think in going to go the M-Disc route, with sidecar data on SSD and backed up to BluRay RW. The trick will be letting DarkTable know that the source images are on different media, but I’m pretty sure I saw an option for that. For sure, we’re not the first people to approach this problem.
The whole static binary thing - I’m going that route with an encrypted share for financial and account info, in case I die, but that’s another topic.
This is an interesting problem for the same use case which I’ve been thinking about lately.
Are you using standard BluRay, or M-Discs?
My plan was to simply copy files. These are photos, and IME they don’t benefit from compression (I stopped taking raw format pictures when I switched to Fujifilm, and the jpgs coming from the camera were better than anything I could produce from raw in Darktable). Without compression, putting then in tarballs then only adds another level of indirection, and I can just checksum images directly after write, and access them directly when I need to. I was going to use the smallest M-Disc for an index and just copy and modify it when it changed, and version that.
I tend to not change photos after they’ve been processed through my workflow, so in my case I’m not as concerned with the “most recent version” of the image. In any case, the index would reflect which disc the latest version of an image lived, if something did change.
For the years I did shoot raw, I’m archiving those as DNG.
For the sensitive photos, I have a Rube Goldberg plan that will hopefully result in anyone with the passkey being able to mount that image. There aren’t many of those, and that set hasn’t been added to in years, so it’ll go on one disc with the software necessary to mount it.
My main objective is accessibility after I’m gone, so having a few tools in the way makes trump over other concerns. I see no value in creating tarballs - attach the device, pop in the index (if necessary), find the disc with the file, pop that in, and view the image.
Key to this is
The problem is the design is Matrix itself. As soon as a single user joins a large room, the server clones all of the history it can.
I mean, there are basically two fundamental design options, here: either base the protocol over always querying the room host for data and cache as little as possible, or cache as much as possible and minimize network traffic. Matrix went for minimizing network traffic, and trying to circumvent that - while possible with cache tuning - is going to have adverse client behaviors.
XMPP had a lot of problems, too, though. Although I’ve been told some (all?) of these have been addressed, when I left the Jabberverse there was no history synchronization and support for multiple clients was poor - IIRC, messages got delivered to exactly one client. I lost my address book multiple times, encryption was poorly supported, and XMPP is such a chatty protocol, and wasteful of network bandwidth. V/VOIP support was terrible, it had a sparse feature set, in terms of editing history, reactions, and so on. Group chat support was poor. It was little better than SMS, as I remember.
It was better than a lot of other options when it was created, but it really was not very good; there are reasons why alternative chat clients were popular, and XMPP faded into the background.
A lot of memory, and a lot of disk space.
Synapse is the reference platform, and even if they don’t, it feels as if the Matrix team make changes to Synapse and then update the spec later. This makes it hard for third-party servers (and clients!) to stay compliant, which is why they rise and fall. The spec management of Matrix is awful.
So, while suggestions may be to run something other than Synapse - which I sympathize with, because it’s a PITA and expensive to run - if you go with something else just be prepared to always be trailing. Migrating server software is essentially impossible, too, so you’ll be stuck with what you pick.
Matrix is one of the worst-managed best projects to come out in decades.
Yeah, the Matrix protocol is poorly managed.
Synapse is the reference platform, and it’s incredibly annoying.
I think you’re probably looking a step more “enterprise” than I am. I’m doing nightly backups to B2; if one of my servers dies, my recovery is to spend a couple minutes re-installing Arch and then couple hours restoring from backup. My services are predominantly in containers, so it really is just a matter of install, restore, reboot. There are things I inevitably miss, like turning on systemd’s persistent user services; my recovery times is on the order of hours, not including the fact I’m not actively monitoring for downtime and it could take a few hours for me to even notice something is down.
Like I said: totally not enterprise level, but then, if I have a day’s outage, it’s an annoyance, not a catastrophe.
Yeah, wow, I was surprised and a bit concerned with OP’s post. Except for never answering customer support tickets, they’ve been great, and the price increases have been both rare and low. I’d hate to have to migrate off.
I’ve been really happy with them.
Lots of good ideas.
I’m a fan of stow-like tools, but there are advantages to using something like Salt (or similar) if you’re dealing with VPSes that share don’t common configs like firewalls. There’s a lot to learn with things like salt/chef/puppet/attune/ansible, whereas something like yas-bdsm, which is what I’m currently using, is literally just:
The config file formats are irrelevant; there’s no transformation logic to learn. Its greatest feature is its simplicity.
But the way you described it sounded more nefarious
Oh. Yeah, I don’t think they’re being malicious; I just get frustrated with that sort of behavior. The primary DNS servers for usps.com, neakasa.com, and vitacost.com all block DNS queries from Mullvad’s DNS servers, and one of them blocks all traffic from at least some of Mullvad’s exit nodes. It means I have to waste time working around these blocks, because I’ll be damned if I’m going to take down the house VPN just to visit their stupid sites. So, I hard-code DNS entries for them, and route traffic to the one through one of my VPSes. It’s annoying, a waste of my time, and I’m just generally offended by the whiff of surveillance state about it, even when that’s not the reason why they’re doing it.
Really, it boils down to the fact that I’m offended by the presumption that their (not OP, but VPN-hostile companies in general) anti-spam or whatever they’re trying to accomplish takes priority over my right to privacy. So, yeah; I generally have a bone to pick with any site that’s hostile to VPNs.
Maybe that’s just my perception.
I have no doubt at all that you’re right. And, they have no obligation to accommodate me (which I think is not true for companies I’m trying to do business with).
I’m just uppity about the topic, is all.
I enjoy these discussions. I sometimes gain some new knowledge out of them.
I’ll happily have a cordial disagreement with anyone arguing in good faith. It’s echo-ey enough, and these are good conversations.
Hold on a tick.
Specifically blacklisting a group of users because of the technology they use is, by definition, “targeting”, right? I mean, if not, what qualifies as “targeting” for you?
And, yeah. Posting a sign saying “No Nazi symbolism is allowed in this establishment” is - I would claim - targeting Nazis. Same as posting a sign, “no blacks allowed” - you’re saying that’s not targeting?
I know we’re arguing definitions and have strayed from the original topic, but I think this is an important point to clarify, since you took specific objection to my use of it in that context; and because I’m being pedantic about it.
No.
Use S/MIME or PGP and directly encrypt emails to your recipient. This is the only E2E encryption available to email.
The best metaphor for email I’ve found is that you’re writing your message on a postcard and handing it to your neighbor closest to the destination, who hands it to her neighbor, and so on, until it gets there. There are usually fewer hops, but also your email is broken into packets which could go through god knows how many routers, each of which can read your email.
E2E requires setting up a private key; RFC 821 provided no such mechanism. Your only option is out-of-band negotiation, like PGP.
There is a good proposal out there that sets mail headed announcing that you accept encrypted emails, and includes information about your ID, which clients could parse and verify against public key servers; it hadn’t really gained a lot of traction, as it causes issues for data harvesters but also at the end user side. Like, how is notmuch and mairix supposed to handle these? They’d need permanent access to your private key to decrypt and index the emails, and then now your index is unencrypted.
There’s been a fair amount of debate about this, and it’s a lot of work that would need coordinating between teams of volunteers… it hasn’t made much progress because of the complexity, but it’s a nice solution.
I know that none of them use a VPN for general-purpose browsing.
Interesting. The most common setup I encounter is when the VPN is implemented in the home router - that’s the way it is in my house. If you’re connected to my WiFi, you’re going through my VPN.
I have a second VPN, which is how my private servers are connected; that’s a bespoke peer-to-peer subnet set up in each machine, but it handles almost no outbound traffic.
My phone detects when it isn’t connected to my home WiFi and automatically turns on the VPN service for all phone data; that’s probably less common. I used to just leave it on all the time, but VPN over VPN seemed a little excessive.
It sounds like you were a victim of a DOS attack - not distributed, though. It could have just been done directly; what about it being through a VPN made it worse?
Because they were wondering if it was a Caddy issue, and I’ll bet real money it isn’t.
Being able to exclude components from being a possible source of the issue is critical to problem solving.