overview for tuhriel

Hubble’s panoramic view of the Andromeda Galaxy (annotated) in c/space@beehaw.org

[–] tuhriel@infosec.pub 3 points 1 month ago (1 children)

From the article:

Andromeda is seen almost edge-on, tilted by 77 degrees relative to Earth’s view

'Piracy Shield' Fails to Convert Pirates to Paying Subscribers, Data Suggest * TorrentFreak in c/piracy@lemmy.dbzer0.com

[–] tuhriel@infosec.pub 9 points 1 month ago (2 children)

But, but the corporations are telling us that they loose so much money from all those people who are pirating and therefore not 'buying' their stuff.

I mean the numbers they showed where huge! Hmm, maybe they forgot to carry the one or swapped some +/- diring their calculations.

4

Need help: python venv for script execution (infosec.pub)

submitted 1 month ago by tuhriel@infosec.pub to c/nixos@infosec.pub

1 comments fedilink

Hi everyone I'm currently in the process to move one of my RPI4s from RaspberryOS to NixOS and I'm struggling to setup one of the services.

On the RPI I have a python script that is creating offsite backups via a Wireguard tunnel:

Open the wg tunnel
mount and encrypt the external disk on the offsite RPI
mount the source from my nas
start the restic-rest server container offsite
trigger the restic command to backup to the restic repo

allthough it's a bit overkill it works quite well for a few years now. Since most of the tasks are actually outsourced to systemd units those where quite easy to setup in nixOS. What I'm struggling is, how can I create a virtual python env to run the python script. All the guides I found for managing python dependencies are usually for development and use nix shell

My current workaround is, that I copy the script and requirements.txt from my script repo and create the venv manually. This does work, but I feel there is a better way, maybe the whole setup is already on the wrong pat as I tried to solve each hurdle separately?

Here's my current implementation of the remotebackup module (the wireguard and mount units are in different modules):

{inputs, config, pkgs, lib, ... }:

let configpath = builtins.toString inputs.infra-configs;
in
{
systemd.tmpfiles.settings = {
  "remotebackup" = {
    "/var/lib/remotebackup" = {

      d = {
        group = "root";
        user = "root";
        mode = "755";
      };
    };
    "/var/lib/remotebackup/assets" = {

      d = {
        group = "root";
        user = "root";
        mode = "755";
        };
      };

    };
  };

sops.secrets = {
  "restic/remotebackup/rest" = {};
  "restic/remotebackup/restic" = {};
};

sops.templates."remotebackup" = {
  content = ''
  {
    "rest" : "${config.sops.placeholder."restic/remotebackup/rest"}",
    "restic": "${config.sops.placeholder."restic/remotebackup/restic"}",
  }
  '';
  path = "/var/lib/remotebackup/assets/restic.cred";
  };


system.activationScripts.addPythonScript = lib.stringAfter ["var"] ''
    cp ${configpath}/scripts/remotebackup/script/restic_remotebackup.py /var/lib/remotebackup/restic_remotebackup.py
    cp ${configpath}/scripts/remotebackup/script/requirements.txt /var/lib/remotebackup/requirements.txt
    chmod 733 /var/lib/remotebackup/restic_remotebackup.py
    cp ${configpath}/scripts/remotebackup/script/assets/backup_paths.txt /var/lib/remotebackup/assets/backup_paths.txt
    '';

}

Also, on the RPI I'm triggering the script with cron, according to the wiki cron should be replaced by systemd.timers. Would you also suggest moving to systemd.timers

P.S.: If at all possible, I'd like to keep the script within my script repo...

Lenovo is removing the iconic Trackpoint with its new ThinkPad X9 in c/technology@beehaw.org

[–] tuhriel@infosec.pub 2 points 1 month ago

I still love the trackpoint and use it almost exclusively if the notebook is not connected on the docking station.

It is just awesome if you can control the mouse while still keeping the hands on the middle of the keyboard.
It's so much faster than to kove up and down and also more ergonomic, especially in the train when the laptop sits on my lap.
The middle button enables easy scrolling on webpages (although the vim browser extention makes it even easier ther) or documents...

Nothing else I used was able to beat this setup. And I used a lot of different devices over the tome

How to host vaultwarden internally in c/selfhosted@lemmy.world

[–] tuhriel@infosec.pub 1 points 1 month ago (1 children)

Interesting, for me the apps required to have a valid tls cert.

Technologist: 'Fining Big Tech isn't working, make them give away illegally trained LLMs as public domain' in c/technology@beehaw.org

[–] tuhriel@infosec.pub 8 points 2 months ago

Yes the fines are not high enough. IMHO there should be two payments: a return of all earnings which are related to the violation PLUS a hefty fine and/or jail for the executives

That's the only way it isn't cost efficient for the big companies to ignore the laws. Also, make sure the fines are actually paid in full and in a reasonable amount of time

Opinion: if something is delisted from digital stores, then it should be legally allowed to be pirated in c/piracy@lemmy.dbzer0.com

[–] tuhriel@infosec.pub 8 points 2 months ago (4 children)

I really like the idea, Im currently struggling with the implementation. There are so many issues to cover:

who enforces the law? It needs to be worldwide (at least for some products)
how are mergers handled?
what to do if the company goes bancrupt or is closed otherwises? Who will outsource the code where? And who will be accountable
does that also count for private people? (e.g.: if I take a picture, I own the copyright for it, do I lose my copyright if I don't sell the picture? Or does it only count if I sold it once? What if I sold it exclusively to someone?)
probably more

There are so many loopholes which corps will use to get out of it :-(

Electric Cars Could Last Much Longer Than You Think - Rather than having a shorter lifespan than internal combustion engines, EV batteries are lasting way longer than expected in c/technology@beehaw.org

[–] tuhriel@infosec.pub 8 points 2 months ago (2 children)

Probably something to do with the MTBF (Mean Time Between Failure) based on that you can calculate how long your stuff lasts and how you should schedule repairs, or in that case, how long you can provide warranty. I'd be intetested in the numbers for the jump from 8 -> 15, too

VPS provider to host a cheap WireGuard relay for torrenting in c/piracy@lemmy.dbzer0.com

[–] tuhriel@infosec.pub 6 points 2 months ago (1 children)

Just a heads up about switzerland:

downloading movies and music is not illegal, but
uploading is
also download and upload of copyrighted software is illegal

What do you host for your finances and why! in c/selfhosted@lemmy.world

[–] tuhriel@infosec.pub 4 points 2 months ago

Since most budgeting tools I found didn't satisfy my need (no cloud, automatic categorization of transactions etc.) I tried to create my own tool to categorize my transactions using camt.053 and csv files which I downloaded from my banks. Got bugged down with the presentation via bokeh, so it was pretty crude.

I recently found beancount in combination with fava, which solved most of my problems I had with my own tool. And the good thing: I was able to re-use most of my 'auto-categorization' code with only small changes. Not sure how universal my importer is, but with a bit of python know-how it should be quite easy to create an importer for your specific bank export.

From my experience, the csvs I got from my bank was insufficient for automatic mapping, which is why I'm using camt.053 where possible. As the camt.053 is not very common in many countries you could go for OFX files.

Your favorite lesser known docker container? in c/selfhosted@lemmy.world

[–] tuhriel@infosec.pub 3 points 2 months ago

PlantUML-Server: Github / Docker Hub I do use some plantuml graphics in my Obsidian notes to document my network setup. And it's really nice to have a self hosted renderer where all my devices can access it.

UnifiBrowser Github / Docker Docker Image to access the Unifi API, helped a lot to debug the integration of Unifi data into other tools (e.g. Munin)

Wanderer Github - Platform to save and upload gps tracks. I do misuse it as a platform for my motorbike tour 'library' for easy choice which tour I want to do

Unlock the full potential of Bitwarden: five essential password manager features tips for users in c/bitwarden@discuss.tchncs.de

[–] tuhriel@infosec.pub 5 points 3 months ago

They have both, one history where you see all created passwords and within each entry you can see the previous passwords for this specific entry

So yeah, I don't see the reason for a manual tracking of the date...except if you maybe change something else (name, login etc.)

I tried my brother's disney plus... in c/piracy@lemmy.dbzer0.com

[–] tuhriel@infosec.pub 39 points 4 months ago

The app is intentional, with browsers they can't control which extensions you run, and therefore can't force their ads on you. With the app they can control the environment and you are legally not allowed to modify their app because trademark....