Melmi

.i la lojban cu mutce lo ka smuske tinsa .i ku’i ly. na logji prane pe’i .i loi jbopre cu piso’iroi da’asnu lo ka prane nitcu .i ru’a lo klamburi cu na’e lojbo ka’u .i jy. xebni lo malgli .iseju lo nu lojbo klamburi zbasu cu nandu ba’a jeku’i cumki

Lojban is very semantically rigid, but not perfectly logical IMO. Lojbanists often argue about the necessity of logical perfection. I suspect that puns might not be seen as culturally Lojbanic. Lojbanists hate Anglicisms or bits of English leaking into the way they speak Lojban. Regardless, making Lojbanic puns might be difficult but it’s possible.

That’s configurable since Git 2.28. You can change init.defaultBranch to main or trunk or whatever you want.

Editing the systemd services seems a neat solution here. Rather than editing the package-provided service files directly, you can create overrides using systemctl edit.

Another more hacky option would be to use the PostUp directive but account for the case there’s no tailscale0 device yet. Write a simple shell script or something.

If you think this is annoying to play, try simulating 4D chess by lining up four of these 3D chess sets

Classic

Hey smorty, we’ve never talked before but I wanna say I love your posts and your writing style. Always makes me happy to see you when I’m browsing local. I hope you don’t change too much for the lemmy worlders, they’re exaggerating their discomfort when they say they’re “having strokes” or whatever. I hope you do whatever makes you happiest!

IRS Direct File was just a free government-run alternative to the tax filing programs like TurboTax.

You can still do your taxes by hand without the help of any software for free, but they’ve killed the website that fills out the forms automatically and the manual process is significantly more complicated.

Tailscale is just a bunch of extra fancy stuff on top of Wireguard. If you don’t need the fancy stuff, using raw Wireguard can be more lightweight, but might require more networking knowledge.

The biggest thing Tailscale brings you the table is NAT traversal. On top of that it uses direct Wireguard tunnels as necessary instead of creating a mesh like you usually would if you were using raw Wireguard. It also offers convenient bits of sugar like internal DNS, and it handles key exchanges for you so it’s just generally easier to configure. When you do raw Wireguard you’re doing all the config yourself, which could be a pro or a con depending on your needs—and you’ll be editing config files, unlike Tailscale which has a GUI for most things. It also supports some more detailed security options like ACLs and I think SSO, while Wireguard is reliant on your existing firewall for that.

Here’s what Tailscale has to say about it: https://tailscale.com/compare/wireguard

I’ve messed around with Tailscale myself, but ultimately settled on running Wireguard. The reason I do that though is because I trust my LAN, and I only run Wireguard at the edge. Tailscale really wants to be run on every node, which in turn is something that raw Wireguard theoretically can do but would be onerous to maintain. If I didn’t trust my LAN, I’d probably switch to Tailscale.

A lot of people have suggested Tailscale and it’s basically the perfect solution to all your requirements.

You keep saying you need ProtonVPN which means you can’t use Tailscale, but Tailscale actually supports setting up an exit node which is what you need. Put Protonvpn on the Raspberry Pi, then set it up as an exit node for your tailnet. There’s a lot of people talking about how they did this online. It looks like they even have native support for bypassing the manual setup if you use Mullvad.

As long as every client has the ability to use Tailscale (I.e. no weird TVs or anything) this seems like it checks all your boxes. And since everything is E2EE from Tailscale, TLS is redundant and you can just use HTTP.

What’s up with Star Trek communities and doomerism? Seems like missing the point of the shows

The brigading wasn’t from the same person who made the pull request, and happened three years later. The thread isn’t even that toxic as far as GitHub threads can get.

It’s not a great example of what you’re talking about.

I don’t think the relevance of the TLD matters. It’s worth being aware of whether you’re using a ccTLD, especially in the case of countries like Afghanistan, but you also used .io as an example which is overwhelmingly used by non-British Indian Ocean Territory sites and is proven reliable. It’s even managed by an American company.

Then .app isn’t a part of the original TLDs, but actually a part of the new wave of modern gTLDs. And if you’re considering .app, there’s no reason not to consider the thousands of other generic TLDs out there.

Like with the ccTLDs, the only thing you have to consider is the trustworthiness of the managing org.

Yes, but only if your firewall is set to reject instead of drop. The documentation you linked mentions this; that’s why open ports are listed as open|filtered because any port that’s “open” might actually be being filtered (dropped).

On a modern firewall, an nmap scan will show every port as open|filtered, regardless of whether it’s open or not.

Edit: Here’s the relevant bit from the documentation:

The most curious element of this table may be the open|filtered state. It is a symptom of the biggest challenges with UDP scanning: open ports rarely respond to empty probes. Those ports for which Nmap has a protocol-specific payload are more likely to get a response and be marked open, but for the rest, the target TCP/IP stack simply passes the empty packet up to a listening application, which usually discards it immediately as invalid. If ports in all other states would respond, then open ports could all be deduced by elimination. Unfortunately, firewalls and filtering devices are also known to drop packets without responding. So when Nmap receives no response after several attempts, it cannot determine whether the port is open or filtered. When Nmap was released, filtering devices were rare enough that Nmap could (and did) simply assume that the port was open. The Internet is better guarded now, so Nmap changed in 2004 (version 3.70) to report non-responsive UDP ports as open|filtered instead.

WG uses UDP, so as long as your firewall is configured correctly it should be impossible to scan the open port. Any packet hitting the open port that isn’t valid or doesn’t have a valid key is just dropped, same as any ports that are closed.

Most modern firewalls default to dropping packets, so you won’t be showing up in scans even with an open WG port.

Tbf, I don’t often talk to children about work, and I don’t think most adults would want me to talk to them like a child.

Plus, talking to children doesn’t come naturally to everyone. It’s certainly not fair to describe it as “very easy”.

The “make a fork” thing is part of the issue, I think. In general there’s this culture in the open source community that if you want a feature, you should implement it yourself and not expect the maintainers to implement it for you. And that’s good advice to some extent, it’s great to encourage more people to volunteer and it’s great to discourage entitlement.

But on the other hand, this is toxic because not everyone can contribute. Telling non-technical users to “make it yourself” is essentially telling them to fuck off. To use the house metaphor, people don’t usually need to design and renovate their houses on their own, because that’s not their skillset, and it’s unreasonable to expect that anyone who wants a house should become an architect.

Even among technical users, there are reasons they can’t contribute. Not everyone has time to contribute to FOSS, and that’s especially notable for non-programmers who would have to get comfortable with writing code and contributing in the first place.

Just because you can work with one monitor doesn’t mean multiple monitors isn’t more comfortable though. You can have multiple windows open at once, at full size, and glance between them freely. No need for them to share the limited real estate of a single monitor.

I run Sway on my laptop because it lets me take full advantage of my single monitor, but on my multi monitor desktop setup I use a regular floating DE.

Systemd does a lot of things that could probably be separate projects, but run0 is an example of something that benefits from being a part of systemd. It ties directly into the existing service manager to spawn new processes.

It definitely encrypts the traffic, the problem is that it encrypts the traffic in a recognizable way that DPI can recognize. It’s easy for someone snooping on your traffic to tell that you’re using Wireguard, but because it’s encrypted they can’t tell the content of the message.

This works because block devices like /dev/sdX are just files. If you cp a file onto another file, it overwrites the data of the destination with the source. A block device represents the device itself, not the filesystem; if you wanted to put the ISO inside the filesystem, you’d have to mount it first.