It depends. I’ve ran small websites and other services on a old laptop at home. It can be done. But you need to realize the risks that come with it. If the thing I’m running for fun goes down. someone might be slightly annoyed that the thing isn’t accessible all the time, but it doesn’t harm anyones business. And if someones livelihood is depending on the thing then the stakes are a lot higher and you need to take suitable precautions.

You could of course offload the whole hardware side to amazon/hetzner/microsoft/whoever and run your services on leased hardware which simplifies things a lot, but you still run into a problem where you need to meet more or less arbitary specs for an email server so that Microsoft or Google even accept what you’re sending, you need to have monitoring and staff available to keep things running all the time, plan for backups and other disaster recovery and so on. So it’s “a bit” more than just ‘apt install dovecot postfix apache2’ on a Debian box.

Others have already mentioned about the challenges on the software/management side, but you also need to take into consideration hardware failures, power outages, network outages, acceptable downtime and so on. So, even if you could technically shoehorn all of that into a raspberry pi and run it on a windowsill, and I suppose it would run pretty well, you’ll risk losing all of the data if someone spills some coffee on the thing.

So, if you really insist doing this on your own hardware and maintenance (and want to do it properly), you’d be looking (at least):

• 2 servers for reundancy, preferably 3rd one laying around for a quick swap
• Pretty decent UPS setup, again multiple units for reundancy
• Routers, network hardware, internet uplinks and everything at least duplicated and configured correctly to keep things running
• A separate backup solution, on at least two different physical locations, so a few more servers and their network, power and other stuff taken care of
• Monitoring, alerting system in case of failures, someone being on-call for 24/7

And likely a ton of other stuff I can’t think of right now. So, 10k for hardware, two physical locations and maintenance personnel available all the time. Or you can buy a website hosting (VPS even if you like) for few bucks a month and email service for a 10/month (give or take) and have the services running, backed up and taken care of for far longer than your own hardware lifetime is for a lot cheaper than that hardware alone.

Tuohan se on yksi ratkaisumalli mitä tähän on tarjottu, tosin ilman varsinaista tekoälyä. Eli että joka härvelissä olisi tietokanta, missä olisi ‘tunnistetiedot’ osapuilleen kaikesta lapsipornosta mitä on ikinä viranomaisten toimesta nähty. Ei tietenkään niitä varsinaisia kuvia, vaan jonkinlainen “sarjanumero”, mitä sitten verrataan ihan kaikkeen mitä kapulastasi tuuttaat ulos.

Noh, kuten tiedetään, niin koneiden kuvientunnistus on vähän niin ja näin (mm. tyyliin reCaptcha haluaa että merkkaat liikennevaloista varoittavan liikennemerkin etkä niitä varsinaisia valoja), jolloin johonkin virastoon pärähtää hälytys että nyt keletappi postaa laitonta materiaalia, vaikka todellisuudessa kuvassa olikin karvaton kissanpentu. Tämä syö resursseja ihan oikeasti toimivalta työltä ja pahimmillaan saat kaivella keskustelulogeja puhelimesta siinäkohtaa kun karhuryhmä on tullut saranapuolelta sisään keskellä yötä.

Ja sitten se toinen ongelma, joka on mielestäni ihan hemmetin paljon isompi: Jos kuvatunkaltainen ennakkosensuuri (tekoälyllä tai ilman) otetaan käyttöön, niin rikolliset kaivelevat sitten sen tunnistusmekaniikan laitteista ulos ja testaavat omat kuva-arkistonsa sitä vastaan, jolloin “turvattomat” kuvat saadaan helposti seulottua ja järjestelmän tunnistamatta jättämät kuvat voi laittaa darknettiin myyntiin. Tämän jälkeen järjestelmän tuntemat kuvat syötetään jollekin toiselle tekoälylle, joka muokkaa kuvia niin pitkään että käyttötarkoitus säilyy, mutta tunnistusjärjestelmän lippu ei enää heilu.

Ja lopputuloksena tavan sukankuluttajien tietoturvaa on heikennetty, viranomaisresursseja tuhlataan siihen että katselevat kuvia possuista, pienikokoisista aikuisista ja tiessunmistä ja noista jonkinlainen osa aiheuttaa kevyesti sanottuna harmaita hiuksia joillekin onnekkaille, jotka päätyvät ihmisseulasta huolimatta tiukempiin tutkimuksiin. Samalla ne oikeat rikolliset osaavat piiloutua entistä paremmin, käyttää parempia salausmekanismeja ja saavat ihan kirjaimellisesti työkalut valvonnan parempaan välttämiseen.

Kaupan päälle tietysti vielä vähän kalteva pinta, joka sanoo että jos lapsipornoa voidaan ennakkosensuroida niin olemassaolevaa järjestelmää on helpompi laajentaa muihinkin epämukavuuksiin kuin luoda isovelijärjestelmä tyhjästä.

I live in Europe. No unpaid overtime here and productivity requirements are reasonable, so no way to blame for my tools on that. And even if my laptop OS broke itself completely then I’m productive at reinstallation, as keeping my tools in a running shape is also on my job description. So, as long as I’m not just scratching my balls and scrolling instagram reels all day long that’s not a concern.

I’m currently more of an generic sysadmin than linux admin, as I do both. But the ‘other stuff’ at work runs around teams, office, outlook and things like that, so I’m running a win11 with WSL and it’s good enough for what I need from a workstation. There’s technically a policy in place that only windows workstations are supported, but I suppose I could run linux (and I have separate laptop for linux-only stuff). At the current environment it’s just not worth the hassle, spesifically since I need to maintain windows servers too.

So, I have my terminals, firefox and whatever I need and I also have the mandated office-suite, malware protection/IDR/IDS by the book and in my mindset I’m using company tools for company jobs. If they take longer, could be more efficient or whatever, it’s not my problem. I’ll just browse my (personal) cellphone while the throbber spins on the screen and I get paid to do that.

If I switched to linux I’d need to personally take care of my system to meet specs and I wouldn’t have any kind of helpdesk available should I ever need one. So it’s just simpler to stick with what the company provides and if it’s slow then it’s not my headache and I’ve accepted that mindset.

Mastodon ei tarvitse kirjautumisia, että viestejä pääsee lukemaan. EU komission instanssi löytyy https://ec.social-network.europa.eu

Filtering incoming spam, while not 100% correct, is a pretty straightforward thing to do. Use DNSBL and other lists from spamhaus and it takes care of 90+% of the problem. Incoming spam has not been a huge issue for me, but when people try to send mail to someone in M365 cloud or to Gsuite and they just decide that your server isn’t important enough they just block you out and that’s it. Trying to circumvent that takes a ton of time and effort and while it can be done it’s a huge pain in the rear. And trying to fight your way trough the 1st tier support to someone who actually understands the problem and attempts to fix that while you customers are complaining that “problem with email” is actually affecting on their income is the part I’ll happily leave behind.

I’ll set up a couple of new VPS servers to host my personal and friends emails, but if they complain that the service I’m paying from my personal pocket isn’t what they’re after then they’re free to switch into whatever they like. And as infrastructure for that is something like 100€/year I’ll happily pay it by myself so that no one has an option to say ‘I paid for this so you need to fix it’ anymore. On commercial case that’s obviously not an option and I’ve had my share of running a business in a very hostile environment.

Also if you’re running an email server for others, it takes very little from single individual, like a small webshop newsletter, which enough people manually marks as junk and you’re on a block list again. Latest one with microsoft took several days to clear, even if all of their tools and 1st tier support claimed that my IP isn’t on a black list.

I’ve jumped all the hoops and done everything by the book, but that still doesn’t mean that any of the big players won’t just screw you up because some of their automaton happens to decide so. That’s why I’m shutting my small ISP business down, there’s no more money to make on that and a ton of customers have moved to the cloud anyways, mostly to microsoft due to their office-suite pricing. It was kind of fun while it lasted, but that ship has sailed.

Amount of lithium in a single drone battery is minuscle. Quickly googled answer says that there’s about 7% from weight lithium in a battery, so your average drone cell might have something like 10-20 grams of lithium in it (altough that 7% is for Li-Ion and drones tend to use LiFePo, so that number might be wrong). In a single electric car there’s tens of kilograms of lithium inside. So a single car fire anywhere in the world “wastes” more lithium than hundreds and hundreds of drones in Ukraine.

Sure, it would be nice to recover that small amount too, but in practise we need a better material than lithium for our batteries. Also there’s things like single-use vape-pens which use perfectly fine li-ion cell but it was manufactured without any means to charge it, a handful of those discarded on a nearest trash can (or more likely to the street next to it) is comparable to a single drone battery and people throw those away without concern every day.

It’s and SMD led on a main board of the drone (at least on DJI ones) and the whole board is quite a complex computer with a ton of RF tech, power limitations and whatever is included to make those things both safe and fun for your average consumer. For a skilled operator it’s not a problem to pull out the led and wire it to a transistor, but you need to pull the whole drone apart, somewhat sophisticated tools to solder wires to the led contact points, reassemble the whole thing excactly as it were and then connect that to the external harness.

Or, you can just bend the frame out of chicken wire, twist wires together and secure them with a tape or hot glue, zip-tie that to a drone and you’re good to go. I think in Ukraine they use a ton of 3d-printed stuff which makes it more reliable and even easier to assemble. That way you don’t risk breaking the drone and you can prefab pretty much the whole thing and just send them out to the field where practically anyone can assemble it even on standing in a mud puddle and have successful results within minutes from pulling a new drone out of a box.

While you are of course correct on this, the amount of waste and environmental damage Russia is causing by blowing up dams and pretty much leaving a trail of garbage where ever they go combined with the pollution and wasted resources on burning fuel (both in engines and otherwise), destroying buildings and everything else going on, the couple truckloads of small LiFePo batteries on drones aren’t even a rounding error in the equation.

I’m not an expert on what residual materials come from burning batteries, but I’m willing to bet that plastic from pretty much everything on the field has a bigger environmental affect, even the drones themselves are mostly just a plastic shell with very little of anything else in them.

It’s not even electrical output. They mount harness to the drone carrying payload with a 9V battery (or whatever) with a light sensitive resistor positioned over the auxiliary light. When the light turns on the payload is released with a motor/solenoid/something running from that battery on the harness and it doesn’t require any modification to the drone itself.

Tuollahan tuo jutussa erikseen mainitaan:

Onko näin, että tähän asti tutkinnassa olevien tapausten taustalta ei ole ilmennyt valtiollista toimijaa?

– Aika moni näistä selvittelyistä ja tutkinnoista on kesken. Sitä taustaa vasten ei kannata vielä tehdä johtopäätöksiä.

– Selvitettyjen tapausten tiimoilta ei ole tiedossa [että taustalla olisi valtiollinen toimija]. Siellä on voinut olla esimerkiksi liikkuvaa rikollisuutta.

Ja toisekseen ei poliisilla taida olla intressejä, tai syytä sen puoleen, kertoa tutkimuksistaan kovin tarkkaan. Ja eipä siellä nyt aina tarvitse valtiollisen toimijan olla takana, ihan perus kuparivarkaat ja muut pienemmät koijaritkin varmasti ovat keksineet että droneilla on näppärä käydä tutkimassa paikkoja ilman että tarvitsee itse mennä kameroiden ulottuville.

Hakkeriuutisia en ole lukenut, mutta kommentoin saman uutisen ketjuun [email protected]:n puolella ja siellä on ainakin äänekäs vähemmistö, jos ei jopa enemmistö, sitä mieltä että nyt ihan syyttä suotta tehdään kiusaa viattomille venäläiskoodareille, tai ainakin jos sanktioita jaellaan niin sitten pitäisi sulkea ulos myös jenkit, saksalaiset, palestiina ja/tai israel ja läjä muita.

Kommunikointi taas tämän päätöksen takana on vähän niin ja näin, mutta Torvalds nyt ei muutenkaan ole tunnettu siitä että keskustelu olisi aina viimeisen päälle sliipattua ja asiallista. Jos joku muu olisi tehnyt ihan kylmän asiallisen lehdistötiedotteen tapaisen että sanktioista yms johtuen homma menee nyt näin niin lieskat ei olisi varmaankaan aivan yhtä isot.

Phobia, by definition, is uncontrollable, irrational, and lasting fear for something. In the current geopolitics situation I’d say that it’s not uncontrollable and very much not irrational. Fear, as a fellow Finn, might be a bit strong word, but it’s a definetly a concern.

When I first read that I thought that the response is a bit harsh, as Russian (and Soviet Union) individuals have traditionally been a big part of open source community and their achievements on computing are pretty significant, but when you dig a bit deeper on that, a majority of Soviet era things are actually built by Ukrainians in Kyiv (obviously Ukraine as a country wasn’t a thing back then).

Also, based on my very limited sight on the matter, Russians are not banned from contributing, but this is more of an statement that anyone working for the government in Russia can’t be a part of kernel development team. There’s of course legal reasons for that, very much including the trade bans against Russia, but also the moral part of it, which Linus seems to take a stand on.

Personally I’ve seen individuals at Russia to do quite amazing feats with both hardware and software, but as none of us are in a void without any external infcluence nor affect, I think that, while harsh, the “sanctions” (for a lack of better word) aren’t overshooting anything, but they’re instead leveling the playing field. Any Joe Anynymous could write a code which compromises the kernel as a whole, but should that Joe live in Russia, it might bring a government backed team which can hide their tracks on a quite a bit different level with their resources than any individual could ever even dream about.

So, while that decision might slow down some implementations and it might include some of the most capable of developers, the fear that one of them might corrupt the whole project isn’t unreasonable and, with ongoing sanctions in place (and legal requirements that follow) the core dev team might not even have a choice on this.

In current global environment we’re living in, I’d rather have a bit too careful management than one which doesn’t take things seriously enough. We already have Canonical and others to break stuff way too often, we don’t need malicious government to expand on that with nefarious purposes which could compromise a shit on of stuff on a very fundamental level if left unattended.

NAS stands for ‘Network Attached Storage’ and there’s dedicated hardware for that task from multiple brands. It’s a somewhat spesific thing and from what I understand you have a multi-purpose server running on your network. For discussion it’s better to use the established terminology to avoid confusion on what’s what. Your generic server can of course act like a NAS, but a 100€ Synlogy NAS can’t (for the most part) act as a generic server.

Similarly there’s a dedicated hardware for routers and they are not the same than generic servers which can run whatever. Dedicated routers do some things way better/faster than generic server, and there’s pretty much always a trade-off between the two. You can of course install hardware to your server to be as good as or even better than any consumer grade router and run a pfsense on virtual machine on top of it, but that’s going to be at least more expensive than dedicated hardware.

So, your server is running pihole in a container on the same network address/hardware than the rest of your server, and I suppose you already gathered from other messages that the firewall component on it treats traffic coming from outside the server itself differently than traffic originating from the server itself. For this spesific case I’d say it’s just simpler to configure the server to use DNS server as localhost:1053 than trying to work out firewall forwarding rules for it, if possible. If not, and you absolutely insist that your pihole runs on a unprivileged port and that your server also has to use pihole as DNS sever, then you need to dig out a firewall config for outgoing traffic which redirects the destination port. Or you could set up a dns proxy on the server which uses pihole as upstream and serves addresses to localhost only or one of the other multiple ways to achieve what you’re after, but each of those have some kind of trade-off and there’s too many to go trough in a single post.

If the firewall was running on a router then you’d need to DNAT back to the same network from which they originated and that is (in general) quite a PITA to get running properly. My understanding is that the firewall doing port forwarding is running on the NAS. And we don’t have much information on what that ‘NAS’ even is, I tend to think devices like qnap or synology when talking on NAS-boxes, but that might as well be a full linux-system just running CIFS/NFS/whatever.

OP could obviously use his router as a DNS server for the network and set upstream DNS server for the router to pihole, but that’s a whole different scenario.

As it’s only single device I’d suggest configuring DNS server for that to <ip-of-nas>:1053. Port forwarding rule on the nas firewall most likely applies only to ‘incoming’ traffic to the nas and as locally generated DNS request isn’t ‘incoming’ (you can think it as ‘incoming’ traffic is everything coming via ethernet cable into the nas) then the port redirection doesn’t trigger as you’re expecting.

Erittäin hyvä ajatus. Suomi.fi:hin mastodon pyörimään ja kaikki kansanedustajat, mepit ja vaikka kuntapoliitikotkin sinne twitterin ja tiktokin sijaan niin tiedonkulku tulee varmistettua eikä tarvitse pitää arpajaisia että mitä Musk ja/tai kiinalaiset tänään sattuu sensuroimaan (tosin tiktokissa tuo ei tieten ole ollut niin iso ongelma, alusta on muuten vain hieman kyseenalainen).

Ja ei toki sillä, että Metan ja kumppaneiden tuotteet olisi yhtään sen parempia, twitteristä lähtö olisi ihan pirun hyvä ensimmäinen askel.

It takes Two (co-op puzzle)

Unravel 2 is a bit similar co-op puzzle game.