Companies attacking security researchers always goes so well for them.

The right is ramping up attacks on Wikipedia for “partisan bias” right now. If you think Wikipedia has partisan bias, it’s a really good indicator that your beliefs are out of line with reality.

Second Forgejo. Easiest deploy I’ve ever done.

Well yeah, they can’t keep training their models if all the available data is slop from their models.

A future is coming where it can just be your job to let an LLM observe your life 24/7… And that might be the only job available.

I mean, I didn’t bother reading the OpenAI ToS or privacy policy.

I just assumed they were recording everything I did and would probably sell it given the opportunity.

systemd’s networkd has a built-in DHCP server; check option ‘DHCPServer’ and section ‘DHCPServer’ for that (same man page as above).

Is that true in Debian? If so, cool. I did not know that.

I’m happy to answer specific questions as you dig into it. :) Good luck.

This is extremely possible and I have done a lot of stuff like it (I set up my first home built Linux firewall over 20 years ago). You do want to get some kind of multiport network card (or multiple network cards… usb -> ethernet adapters can do OK filling in in a pinch). It also gives you a lot of power if you want to do specific stuff with specific connections (sub netting, isolation of specific hosts, etc).

There’s a lot of ways to do it, but the one I’m most familiar with is just to use IP tables.

The very first thing you want to do is open up /proc/sys/net/ipv4/ip_forward and change the 0 to a 1 to turn on network forwarding.

You want to install bridge-utils and isc-dhcp-server (or some other DHCP server). Google or get help from an LLM to configure them, because they’re powerful and there’s a lot of configs. Ditto if you want it to handle DNS. But basically what you’re going to do (why you need bridge-utils) is you’re going to set up a virtual bridge interface and then add all the various NICs you want on your LAN side into it (or you can make multiple bridges or whatever… lots of possibilities).

Your basic iptables rule is going to be something like

iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE, but again there’s lots of possible IP tables rules so read up on those.

What we’re seeing in US states with these kinds of stupid laws, is massive increases in traffic to porn sites based overseas that have no obligation to follow the age verification law, and the state has no mechanism to compel them to do so. So all they’re doing is hurting American companies AND increasing the probability that residents of their state (including teens) will visit sketchy ass sites with sketchy ass content, sketchy ass viruses and the ability to chat with sketchy ass creepballs.

We’ve also seen massive increases in VPN and Tor usage, as well as a massive increase in searches for information about VPN technology. I actually consider that a huge positive. Knock yourselves out Republicans.

Of course, these laws aren’t about effectively accomplishing anything other than virtue signaling to Christofacists. At least in the US. IDK what’s going on in the UK.

I’m working with a team where my business partner and I are external consultants, but they also have internal developers (who are mostly very junior and need hand holding with things like using git).

Anyway, the CEO (without talking to us first) hired a pure vibe coder with no software engineering experience to build the user interface. Super nice guy, super easy to work worth, super eager to learn but OH MY GOD THIS CODE.

A lot of my work is / has been in cybersecurity (mostly for the space industry / NASA adjacent projects, but also less recently for start ups and fortune 500 companies). This app is the worst I’ve ever seen. The AI writes things SO weirdly. 30k lines of typescript to do something we could have done in 6k. Reams of dead code. Procedural code to do repeatable tasks instead of functions / classes (10 different ways of doing the same thing). API keys / data base credentials committed to git. API Keys stored in .env but then ALSO just hardcoded into the actual API calls.

AND no. At the end of the day, it wasn’t cheaper or faster than it would have been to hire us to do it right. And the tech debt now accumulated to secure / maintain this thing? Security is a long term requirement, we’re bringing a buddy of mine in to pentest this thing next week, I expect him to find like 10-12 critical vulns. Wow.

tl;dr: If a project requires security, stability, auditability, or the need to quickly understand how something works / why something happens, DON’T vibe code it. You won’t save money OR time in the long run. If you’re project DOESN’T need any of those things (and never will), then by all means I guess, knock yourself out.

Driving wider adoption of alternative social media and privacy tools.

Although I expect them to try to come for us and our tools at some point.

Saved me a click.

We tried to build systems that perform a kind of basic, rudimentary, extremely power intensive and inefficient mimicry of how (we think maybe) brain cells work.

Then that system lies to us, makes epic bumbling mistakes, expresses itself with extreme, overconfidence, and constantly creatively misinterprets simple instructions. It recognizes patterns that aren’t there, and regurgitates garbage information that it picks up on the internet.

Hmmm… Actually, maybe we’re doing a pretty good job of making systems that work similarly to the way brain cells work…

Many of my self hosted solutions are just DIY cludges. I was talking to a friend of a friend on Saturday about media streaming and he told me all about his Jellyfin setup and then asked about mine and I was just like “I just store MP4s on an SSHFS drive and play them in VLC on my TV (which runs Linux Mint).” When the survey asked about the various types of software I was like “No… I don’t use anything like that… wait… yes I do! I just don’t use a prebuilt solution!”

Enshitification commencing in 10… 9…

In fact, my wife and I already have a self hosted LubeLogger.

I’ve set up Lemmy, Forgejo, Nextcloud and Mastodon. Forgejo is unbelievably easy, Mastodon and Lemmy both are complex but if you follow the instructions you get there pretty quickly.

Matrix is like “Follow a book of documentation, then when it doesn’t work anyway, spend hours of your life troubleshooting a bunch of stuff that’s NOT in the documentation. Why is this so hard?”

It’s so much easier to set up and install than Matrix.

There’s a learning curve, but if you’re familiar with WAF’s it’s not hard.

If you want to DIY something, I have a bash script that builds OpenResty with NAXSI from source. Most of the web apps I write anymore are actually in Lua, for OpenResty, maybe with an API written in something else. But I also help other members of my team deploy their Node and Python apps and stuff, and I always just park those behind OpenResty with NAXSI, just doing a standard nginx reverse proxy.