tags/foss/atom.xml (view raw)
1<?xml version="1.0" encoding="UTF-8"?>
2<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
3 <title>BiRabittoh - foss</title>
4 <subtitle>Tech and privacy ramblings from a random italian dude.</subtitle>
5 <link rel="self" type="application/atom+xml" href="https://birabittoh.github.io/tags/foss/atom.xml"/>
6 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/"/>
7 <generator uri="https://www.getzola.org/">Zola</generator>
8 <updated>2023-07-16T00:00:00+00:00</updated>
9 <id>https://birabittoh.github.io/tags/foss/atom.xml</id>
10 <entry xml:lang="en">
11 <title>Self-hosting Extravaganza</title>
12 <published>2023-07-16T00:00:00+00:00</published>
13 <updated>2023-07-16T00:00:00+00:00</updated>
14
15 <author>
16 <name>
17
18 BiRabittoh
19
20 </name>
21 </author>
22
23 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/self-host/"/>
24 <id>https://birabittoh.github.io/blog/self-host/</id>
25
26 <content type="html" xml:base="https://birabittoh.github.io/blog/self-host/"><p>Lately, more and more companies are putting their services behind paywalls, usage limits and closed APIs. Some examples are <a rel="noopener" target="_blank" href="https://nitter.it/elonmusk/status/1675187969420828672">Twitter</a> limiting the number of tweets a non-paying user can read, <a rel="noopener" target="_blank" href="https://www.redditinc.com/blog/2023apiupdates">Reddit</a> increasing their API price to an extent that’s unbearable for any normal individual and <a rel="noopener" target="_blank" href="https://libreddit.kavin.rocks/r/youtube/comments/14kmd07/youtube_cracking_down_on_if_youre_not_paying_them/">YouTube</a> starting to block their service towards anyone using an adblock extension.</p>
27<h2 id="there-must-be-a-better-way">There must be a better way</h2>
28<p>Luckily, I’ve been interested in <a rel="noopener" target="_blank" href="https://github.com/mendel5/alternative-front-ends">alternative front-ends</a> for a while. These services allow you to get the same (or better) functionality as their corporate counterpart without giving away any of your information in return. Some of these even offer their own free APIs.</p>
29<p>Here’s my favorite instances with respect to the service they provide:</p>
30<table><thead><tr><th>Service</th><th>PC</th><th>Mobile</th></tr></thead><tbody>
31<tr><td>YouTube</td><td><a rel="noopener" target="_blank" href="https://y.com.sb/">Invidious</a></td><td><a rel="noopener" target="_blank" href="https://apt.izzysoft.de/fdroid/index/apk/org.polymorphicshade.newpipe">NewPipe</a></td></tr>
32<tr><td>Twitter</td><td><a rel="noopener" target="_blank" href="https://nitter.it">Nitter</a></td><td><a rel="noopener" target="_blank" href="https://apt.izzysoft.de/fdroid/index/apk/org.ca.squawker">Squawker</a></td></tr>
33<tr><td>Reddit</td><td><a rel="noopener" target="_blank" href="https://libreddit.kavin.rocks">LibReddit</a></td><td><a rel="noopener" target="_blank" href="https://libreddit.kavin.rocks">LibReddit</a></td></tr>
34<tr><td>Medium</td><td><a rel="noopener" target="_blank" href="https://scribe.rip">Scribe</a></td><td><a rel="noopener" target="_blank" href="https://scribe.rip/">Scribe</a></td></tr>
35</tbody></table>
36<h2 id="drawbacks">Drawbacks</h2>
37<p>Of course, this is not a perfect solution. There are a lot of problems to be discussed.</p>
38<h3 id="privacy">Privacy</h3>
39<p>First and foremost, these instances do not make any profit. This is not a problem until you really think about it. Can you really trust a random developer offering a (paid) service for thousands of users out of their own kindness?
40The answer is “probably yes”, but are you willing to take this risk?</p>
41<p>Instance admins could easily edit the upstream source code to make it so they can track their users indefinetly and sell usage data without them even realizing.
42This is a given if you use any “normal” (not self-hosted) service, but the difference is big companies are <em>required</em> by GDPR to protect collected user data in a certain way and keep them for a maximum set amount of time.</p>
43<p>The same cannot be assured for individuals who apparently don’t even make a profit for what they’re doing.</p>
44<h3 id="scaling">Scaling</h3>
45<p>This buzzword has become a meme in the programming world, but it’s been shown how important it is to consider when dealing with large userbases that can grow exponentially without any warning.</p>
46<p>Think about the amount of users who migrated to Mastodon immediately after Elon Musk acquired Twitter. Instance admins were used to having a couple hundred users, so hundred of thousands of new signups made a lot of popular instances slow down or even temporarily shut down while they migrated to new (and more expensive) hardware.</p>
47<p>Anything public you use can be subject to this phenomenon, leading to poor user experience, as you’ll be one of the many people wondering why your feed takes one minute to load.</p>
48<h2 id="fine-i-ll-do-it-myself">Fine, I’ll do it myself</h2>
49<p>Since joining the world of minimalism, I had always considered Docker as a bloated way to run multiple virtual machines. I read about people complaining that even simple Python scripts were providing <code>Dockerfile</code> and <code>docker-compose.yml</code> files and I started seeing it as a bloaty way to achieve the same result.</p>
50<p>Whenever I wanted to host anything by myself, I used to SSH into my VPS with password authentication (!!!) and expose a public port for each service (!!!).
51I used my public IP address to log into my services, so I had to resort to sending cleartext passwords through HTTP (!!!) since TLS was not an option.</p>
52<p>Of course, this is possibly the most insecure way to host services on a public server, but I felt that was “secure enough” and nobody would ever be interested in hacking me (!!! × ∞).</p>
53<p>Nonetheless, I used to <code>cat /var/log/auth.log</code> to see all the failed login attempts, and pray that nobody actually got my password right.
54Nowadays, I look back and laugh at my previous config; at least I’m (almost) sure that nobody actually managed to get in.</p>
55<h2 id="the-right-way">The right way</h2>
56<p>Since I started my new job, I also began experimenting with Docker and found out it’s not as bad as I thought it’d be. I will now let my previous config serve as the perfect example of how NOT to secure your VPS correctly for any self-hosting configuration.</p>
57<h3 id="ditch-password-authentication">Ditch password authentication</h3>
58<p>First of all, password authentication. You’ll be a lot safer as soon as you disable it.</p>
59<p>Having it enabled means you’re vulnerable to dictionary and bruteforce attacks. Also, if some new vulnerability is published, the password field is one more way the attacker could send a malicious string to get inside (see <a rel="noopener" target="_blank" href="https://scribe.rip/geekculture/the-log4j-incident-explained-ed0ce6d36df2">the log4j incident</a>).</p>
60<p>A better way of logging into your VPS is through public key authentication.</p>
61<p>First, generate a key on your own PC:</p>
62<pre><code>ssh-keygen -t ed25519 -a 100
63</code></pre>
64<p>This will create two files: <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code></p>
65<p>Now, use the following command to copy your key over to the VPS:</p>
66<pre><code>ssh-copy-id -i ~&#x2F;.ssh&#x2F;id_ed25519 &lt;user&gt;@&lt;host&gt;
67</code></pre>
68<p>At this point, if everything went correctly, just add or change the following line in <code>/etc/ssh/sshd_config</code>:</p>
69<pre><code>PasswordAuthentication no
70</code></pre>
71<p>At this point, you should be able to log into your VPS without the need to input your password, which is more secure as well as more convenient.</p>
72<p>I keep the content of my public and private ssh key files saved as secure notes in my BitWarden account, so I can take them to any PC I want to access my VPS from.
73People say this is bad practice (you should only have a key for each host), but I personally feel like it’s not that big of a deal compared to the security mess I had going on before.</p>
74<h3 id="containerize-your-applications">Containerize your applications</h3>
75<p>Now that you have a safe way to SSH into your machine, you can start hosting your own services.</p>
76<p>First, some terminology:</p>
77<ul>
78<li><code>Dockerfile</code> files are like a list of ingredients. They contain every dependency needed to build a minimal operating system dedicated to running a program. They’re used to build images.</li>
79<li><code>Images</code> are like recipes. You can create some yourself from a Dockerfile or download them from an external repository. They can be instantiated as containers.</li>
80<li><code>Containers</code> are like courses. You can instantiate multiple equal courses from the same image and you can actually eat (use) them! They can be managed through <code>docker-compose</code>.</li>
81<li><code>docker-compose.yml</code> files are like menus. They’re a convenient way to instantiate and deinstantiate multiple containers in a specific and reproducible configuration. If you’re not a developer, you’ll be mainly working on these files.</li>
82</ul>
83<p>To get started with Docker, install <code>docker</code> and <code>docker-compose</code> via your package manager of choice. If you want an easy start, you can follow <a rel="noopener" target="_blank" href="https://docs.invidious.io/installation/#docker-compose-method-production">this guide</a> to host our own Invidious instance.</p>
84<p>It’s not that hard, but you might need to read the official <a rel="noopener" target="_blank" href="https://docs.docker.com/compose/">Docker Compose documentation</a> if something doesn’t go as planned.</p>
85<p>My advice is to generate an <code>hmac_key</code> using <code>pwgen 20 1</code> or <code>openssl rand -hex 20</code> and insert it in the correct spot inside <code>docker-compose.yml</code>.</p>
86<p>Also, remove the <code>127.0.0.1:</code> part in the <code>ports</code> section since we don’t have a reverse proxy set up (yet).</p>
87<p>After you’re done configuring, you can type <code>docker-compose up -d</code> to pull all required images and instantiate your containers, and <code>docker-compose down</code> if you want to stop and remove everything.</p>
88<h3 id="use-a-reverse-proxy">Use a reverse proxy</h3>
89<p>If you’ve followed that guide correctly, you should now have two containers that communicate through a network. You can find out their names by running <code>docker ps -a</code>. Take note of the name of your main invidious container, which will be referred as <code>invidious</code> for the rest of this guide.</p>
90<p>Problem is, you’re still using an IP address and communicating in cleartext through HTTP! This means your ISP can read every single detail in every single request you make.</p>
91<p>Luckily, there is a way to get a cool domain name for free that also happens to include free and auto-generated TLS certificates.</p>
92<p>First, create an account on <a rel="noopener" target="_blank" href="https://www.duckdns.org/">DuckDNS</a> and set up a free domain.</p>
93<p>Just make a new directory near the one you used for Invidious and create a new <code>docker-compose.yml</code>:</p>
94<pre><code>mkdir swag
95cd swag
96nano docker-compose.yml
97</code></pre>
98<p>You can paste and edit accordingly the lines in <a rel="noopener" target="_blank" href="https://docs.linuxserver.io/general/swag#creating-a-swag-container">this guide</a>.</p>
99<p>For example, instead of <code>DNSPLUGIN=cloudflare</code> you should have <code>DNSPLUGIN=duckdns</code>.</p>
100<p>When you’re done, start your container with <code>docker-compose up -d</code>. This will create the config folder in <code>/etc/config/swag</code> as well as a new network called <code>swag_default</code>.</p>
101<p>Now we need to create a custom subdomain for Invidious. You can do it by creating the following file: <code>/etc/config/swag/nginx/proxy-confs/invidious.subdomain.conf</code> with this content:</p>
102<pre><code>server {
103 listen 443 ssl http2;
104 listen [::]:443 ssl http2;
105
106 server_name y.*;
107
108 include &#x2F;config&#x2F;nginx&#x2F;ssl.conf;
109
110 client_max_body_size 0;
111
112 location &#x2F; {
113 include &#x2F;config&#x2F;nginx&#x2F;proxy.conf;
114 include &#x2F;config&#x2F;nginx&#x2F;resolver.conf;
115 set $upstream_app invidious;
116 set $upstream_port 3000;
117 set $upstream_proto http;
118 proxy_pass $upstream_proto:&#x2F;&#x2F;$upstream_app:$upstream_port;
119 }
120}
121</code></pre>
122<p>Where:</p>
123<ul>
124<li><code>server_name yt.*</code>: <code>yt</code> is the subdomain of choice;</li>
125<li><code>set $upstream_app invidious;</code>: <code>invidious</code> is the name of the main Invidious container;</li>
126<li><code>set $upstream_port 3000;</code>: <code>3000</code> is the Invidious port.</li>
127</ul>
128<p>There’s one last step remaining. Invidious and Swag are two separate containers, so they cannot communicate unless they’re connected to the same network. You can connect Invidious to Swag’s network with the following command, where <code>invidious</code> is the name of your main Invidious container.</p>
129<pre><code>docker network connect swag_default invidious
130</code></pre>
131<p>Finally, you can visit https://yt.&lt;your-domain&gt;.duckdns.org/ and check if you can access Invidious through HTTPS.</p>
132<p>Note: now that you have a reverse proxy set up, you can remove your <code>ports:</code> section entirely from Invidious’ <code>docker-compose.yml</code>.
133You can do this because the containers are communicating internally to the <code>swag_default</code> network, without the need to expose any ports to the outside.
134After you’re done, remember to reload your configuration by running <code>docker-compose restart</code> in your Invidious folder.</p>
135<p>Ideally, the only container with exposed ports in your VPS should be Swag exposing ports 80 (HTTP) and 443 (HTTPS).</p>
136<h2 id="conclusion">Conclusion</h2>
137<p>Self-hosting is not easy. It’s been my <a rel="noopener" target="_blank" href="https://wiki.froth.zone/wiki/Camino_de_Santiago">Camino de Santiago</a>: a long path of redemption for the sins I have committed in my young age.
138Even if I made a lot of mistakes, in the end I’ve learned a lot about dev-ops and cybersecurity, as well as precious skills that proved themselves useful for my engineering job.</p>
139<p>You can find a full list of self-hostable services <a rel="noopener" target="_blank" href="https://github.com/awesome-selfhosted/awesome-selfhosted">here</a>!</p>
140</content>
141
142 </entry>
143 <entry xml:lang="en">
144 <title>Modernizing XFCE</title>
145 <published>2023-02-05T00:00:00+00:00</published>
146 <updated>2023-02-05T00:00:00+00:00</updated>
147
148 <author>
149 <name>
150
151 BiRabittoh
152
153 </name>
154 </author>
155
156 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/void-xfce/"/>
157 <id>https://birabittoh.github.io/blog/void-xfce/</id>
158
159 <content type="html" xml:base="https://birabittoh.github.io/blog/void-xfce/"><p>This article is more of a memo for myself. Since I often re-install Linux systems, I spend a lot of time doing repetitive tasks and often forget some steps, which leads me to waste even more time figuring out what’s wrong.</p>
160<p>These instructions allow you to get a fully functional and modern-looking XFCE desktop on a fresh install of <a rel="noopener" target="_blank" href="https://voidlinux.org/">Void Linux</a> (even though they can be adapted to work in any distro).</p>
161<h2 id="initial-system-update">Initial system update</h2>
162<p>First thing I tried was to update the system, but the ISO was quite old. I had to update <code>xbps</code> before anything else:</p>
163<pre><code>sudo xbps-install -Su xbps
164sudo xbps-install -Su
165</code></pre>
166<h2 id="avoid-session-saving">Avoid session saving</h2>
167<p>One thing I hate about XFCE is its fixation to save sessions. A lot of times I get my session saved and restored even with all settings turned off.</p>
168<p>A quick and easy solution to disable session saving entirely is just to create an empty file in place of the <code>sessions</code> directory.</p>
169<pre><code>rm ~&#x2F;.cache&#x2F;sessions -rf
170touch ~&#x2F;.cache&#x2F;sessions
171</code></pre>
172<p>This way, even with everything turned on, XFCE fails create a folder with that name and everything works (or doesn’t, in this case) like a charm.</p>
173<h2 id="change-that-shell">Change that shell</h2>
174<p>Your shell is the main tool you use to communicate with your system, so it makes sense to replace <code>bash</code> with something more modern and feature-rich.</p>
175<pre><code>sudo xbps-install -S zsh zsh-completions curl
176chsh -s &#x2F;bin&#x2F;zsh
177zsh
178curl -fsSL https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;zimfw&#x2F;install&#x2F;master&#x2F;install.zsh | zsh
179</code></pre>
180<h2 id="get-some-good-sound-quality">Get some good sound quality</h2>
181<p>I don’t like <code>pulseaudio</code>. Let’s replace it with <code>pipewire</code> and <code>wireplumber</code>.</p>
182<pre><code>su
183xbps-install pipewire wireplumber
184mkdir -p &#x2F;etc&#x2F;pipewire&#x2F;pipewire.conf.d
185sed &#x27;&#x2F;path.*=.*pipewire-media-session&#x2F;s&#x2F;{&#x2F;#{&#x2F;&#x27; \
186&#x2F;usr&#x2F;share&#x2F;pipewire&#x2F;pipewire.conf &gt; &#x2F;etc&#x2F;pipewire&#x2F;pipewire.conf
187echo &#x27;context.exec = [ { path = &quot;&#x2F;usr&#x2F;bin&#x2F;wireplumber&quot; args = &quot;&quot; } ]&#x27; \
188&gt; &#x2F;etc&#x2F;pipewire&#x2F;pipewire.conf.d&#x2F;10-wireplumber.conf
189ln -s &#x2F;usr&#x2F;share&#x2F;applications&#x2F;pipewire* &#x2F;etc&#x2F;xdg&#x2F;autostart
190xbps-remove pulseaudio alsa-plugins-pulseaudio
191reboot
192</code></pre>
193<h2 id="make-firefox-more-secure">Make Firefox more secure</h2>
194<p>I like Firefox as a browser, but it doesn’t come with sane defaults as far as privacy’s concerned.</p>
195<p>First, visit <a rel="noopener" target="_blank" href="https://ffprofile.com/">Firefox Profilemaker</a> and create a customized <code>profile.zip</code>.</p>
196<p>Then, extract your zip file to the correct destination:</p>
197<pre><code>sudo xbps-install zip unzip p7zip xarchiver thunar-archive-plugin
198unzip -o ~&#x2F;Downloads&#x2F;profile.zip -d ~&#x2F;.mozilla&#x2F;firefox&#x2F;xxxx.default-default&#x2F;
199</code></pre>
200<p>Some useful extensions I always install are:</p>
201<ul>
202<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager">Bitwarden</a>, a password manager;</li>
203<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/decentraleyes">Decentraleyes</a>, to serve common JS libraries locally;</li>
204<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/istilldontcareaboutcookies">I still don’t care about cookies</a>, to hide and auto-reject cookie warnings;</li>
205<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/libredirect">LibRedirect</a>, a redirector for <a rel="noopener" target="_blank" href="https://github.com/mendel5/alternative-front-ends">alternative front-ends</a>;</li>
206<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/sponsorblock">SponsorBlock</a>, to skip YouTube sponsorships automagically;</li>
207<li><a rel="noopener" target="_blank" href="https://addons.mozilla.org/en-US/firefox/addon/ublock-origin">uBlock Origin</a>, the best ad-blocker.</li>
208</ul>
209<h2 id="customize-your-de">Customize your DE</h2>
210<p>Install the last required packages for desktop usability:</p>
211<pre><code>sudo xbps-install -S vpm xfce4-whiskermenu-plugin xfce4-clipman-plugin \
212xfce4-pulseaudio-plugin xfce4-screenshooter xclip micro neovim mpv yt-dlp
213</code></pre>
214<p>Remove orphaned and cached packages:</p>
215<pre><code>sudo xbps-remove -Oo
216</code></pre>
217<p>Now, open XFCE’s Settings Manager and set the following options:</p>
218<ul>
219<li>Appearance → Style → Choose “Adwaita-dark”</li>
220<li>Desktop → Background → <em>&lt;Choose your favorite wallpaper&gt;</em></li>
221<li>Desktop → Icons → Set “Icon type” to “None”</li>
222<li>Panel → <em>&lt;Customize your panels&gt;</em></li>
223<li>Screensaver → Disable “Enable Screensaver”</li>
224<li>Text Editor Settings → Enable:
225<ul>
226<li>“Show line numbers”,</li>
227<li>“Highlight matching brackets”,</li>
228<li>“Wrap long lines”</li>
229</ul>
230</li>
231<li>Window Manager → Style → Button layout → Remove “Shade” button from title bar</li>
232<li>Window Manager → Advanced → Windows snapping → Enable “To other windows”</li>
233<li>Window Manager → Advanced → Wrap workspaces when reaching the screen edge → Disable “With a dragged window”</li>
234<li>Window Manager Tweaks → Cycling → Enable:
235<ul>
236<li>“Cycle through minimized windows in most recently used order”,</li>
237<li>“Cycle through windows on all workspaces”,</li>
238<li>“Raise windows while cycling”</li>
239</ul>
240</li>
241<li>Window Manager Tweaks → Accessibility → Disable:
242<ul>
243<li>“Raise windows when any mouse button is pressed”,</li>
244<li>“Use mouse wheel on title bar to roll up the window”</li>
245</ul>
246</li>
247<li>Window Manager Tweaks → Accessibility → Enable “Notify of urgency by making window’s decoration blink”</li>
248<li>Window Manager Tweaks → Compositor → Enable “Show shadows under popup windows”</li>
249<li>Xfce Terminal Settings → General → Scrolling → Set “Scrollbar is” to “Disabled”</li>
250<li>Xfce Terminal Settings → Appearance →
251<ul>
252<li>enable “Use system font”,</li>
253<li>set “Background” to “Transparent background”,</li>
254<li>set Opacity to 0.80;</li>
255</ul>
256</li>
257<li>Xfce Terminal Settings → Colors → Presets → Choose “Tango”</li>
258<li>Keyboard → Behavior → Enable “Restore num lock state on startup”</li>
259</ul>
260<h2 id="shortcuts">Shortcuts</h2>
261<p>Finally, set the following shortcuts:</p>
262<ul>
263<li>Keyboard → Application Shortcuts</li>
264</ul>
265<table><thead><tr><th>Command</th><th>Shortcut</th></tr></thead><tbody>
266<tr><td><code>exo-open --launch TerminalEmulator</code></td><td><code>Super</code> + <code>Return</code></td></tr>
267<tr><td><code>xfce4-popup-whiskermenu</code></td><td><code>Super</code></td></tr>
268<tr><td><code>xfce4-screenshooter --clipboard --region</code></td><td><code>Shift</code> + <code>Super</code> + <code>S</code></td></tr>
269<tr><td><code>xfce4-screenshooter --clipboard --window</code></td><td><code>Super</code> + <code>S</code></td></tr>
270<tr><td><code>xfce4-screenshooter --clipboard --fullscreen</code></td><td><code>Print</code></td></tr>
271<tr><td><code>sh -c 'xclip -selection clipboard -t image/png -o &gt; "$HOME/Pictures/$(date +%Y-%m-%d_%T).png"'</code></td><td><code>Shift</code> + <code>Super</code> + <code>V</code></td></tr>
272<tr><td><code>xflock4</code></td><td><code>Super</code> + <code>L</code></td></tr>
273<tr><td><code>loginctl suspend</code></td><td><code>Shift</code> + <code>Super</code> + <code>L</code></td></tr>
274</tbody></table>
275</content>
276
277 </entry>
278 <entry xml:lang="en">
279 <title>Update your mirrors!</title>
280 <published>2023-01-29T00:00:00+00:00</published>
281 <updated>2023-01-29T00:00:00+00:00</updated>
282
283 <author>
284 <name>
285
286 BiRabittoh
287
288 </name>
289 </author>
290
291 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/reflector/"/>
292 <id>https://birabittoh.github.io/blog/reflector/</id>
293
294 <content type="html" xml:base="https://birabittoh.github.io/blog/reflector/"><p>Nah, I’m not talking about <a rel="noopener" target="_blank" href="https://www.bathshack.com/blog/bluetooth-mirrors-everything-you-need-to-know-before-you-buy/">bluetooth mirrors</a>. Mirrors are what powers all distros: they’re a (de)centralized solution for downloading pre-compiled binaries and scripts for your operating system.</p>
295<h2 id="suspicion">Suspicion</h2>
296<p>I like always having the most current version of packages, so I usually update my system several times a day. When, after a day, I ran <code>sudo pacman -Syu</code> and it reported the system being up to date, I was pretty weirded out.</p>
297<p>Another day passed, and the system was still up to date. It was not a connection problem, I was connecting to my mirrors and they were reporting absolutely zero updates for my system.</p>
298<h2 id="problem">Problem</h2>
299<p>At the third day of stagnation, I was sure something was up. I looked up the <a rel="noopener" target="_blank" href="https://archlinux.org/mirrors/status/">Mirror Status</a> page on ArchLinux’s website and saw that loads of mirrors were out of sync.</p>
300<p>I had never touched my mirrorlist before, it was just generated by the <a rel="noopener" target="_blank" href="https://github.com/archlinux/archinstall">archinstall</a> script a few months ago; a lot of Arch-based distros by default ship tools to update your mirrorlist, but I honestly thought I’d never need that.</p>
301<p>Pacman’s mirrorlist is located in <code>/etc/pacman.d/mirrorlist</code>. You can filter out uncommented lines with this command:</p>
302<pre><code>grep -v &quot;^#&quot; &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist
303</code></pre>
304<p>And check the actual status of your mirror(s) on the Mirror Status page linked above.</p>
305<h2 id="solution">Solution</h2>
306<p>This will overwrite your mirrorlist, so you’re advised to make a backup before proceeding:</p>
307<pre><code>sudo cp &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist.bak
308</code></pre>
309<p>I decided to use <a rel="noopener" target="_blank" href="https://xyne.dev/projects/reflector/">reflector</a> to fix this problem. I didn’t want to have to deal with this again, so I enabled the provided systemd timer.</p>
310<p>First, install it.</p>
311<pre><code>sudo pacman -S reflector
312</code></pre>
313<p>Then, edit <code>/etc/xdg/reflector/reflector.conf</code>. I only needed to edit the <code>--country</code> parameter and select countries next to the one where I reside; you can list available countries by running <code>reflector --list-countries</code>.</p>
314<pre><code>--save &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist
315--protocol https
316--country Italy,Switzerland,France,Germany,Austria
317--latest 5
318--sort age
319</code></pre>
320<p>Finally, start the service and check if it worked.</p>
321<pre><code>sudo systemctl start reflector.service
322cat &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist
323</code></pre>
324<p>If everything went smoothly, enable reflector’s timer so it runs weekly.</p>
325<pre><code>sudo systemctl enable reflector.timer
326</code></pre>
327<p>Done!</p>
328<p>Now, by default pacman <em>does</em> update its mirrorlist. It creates a file called <code>mirrorlist.pacnew</code> and it expects you to pick your favorite mirrors each time its generated. You can disable this (now unneeded) behavior by uncommenting and setting <code>NoExtract</code> in <code>/etc/pacman.conf</code>:</p>
329<pre><code>...
330NoExtract = &#x2F;etc&#x2F;pacman.d&#x2F;mirrorlist
331
332# Misc options
333Color
334ILoveCandy
335ParallelDownloads = 3
336...
337</code></pre>
338</content>
339
340 </entry>
341 <entry xml:lang="en">
342 <title>Data volatility</title>
343 <published>2022-01-14T00:00:00+00:00</published>
344 <updated>2022-01-14T00:00:00+00:00</updated>
345
346 <author>
347 <name>
348
349 BiRabittoh
350
351 </name>
352 </author>
353
354 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/data-volatility/"/>
355 <id>https://birabittoh.github.io/blog/data-volatility/</id>
356
357 <content type="html" xml:base="https://birabittoh.github.io/blog/data-volatility/"><p>I tried to access my domain at smol.pub yesterday and I noticed the service went down. Fear started rushing through my veins as I noticed I would have to choose another platform and, most importantly, write everything back from scratch since I don’t have a backup. This made me think about the importance of always having a backup stored somewhere.</p>
358<h2 id="why-though">Why though</h2>
359<p>Creating a backup of your important data is crucial. On a daily basis, people discover vulnerabilities that allow remote code execution on any host machine. Try to imagine what would happen if someone ran a ransomware program on your PC. Would you be safe?</p>
360<p>This genuinely feels like fearmongery, but it’s something that can seriously happen: you can be attacked by someone that specifically targets you. If you run Windows, you might be part of a botnet (think about all of the unsigned EXE files you’ve run since you installed the OS). What happens when someone doesn’t need your machine anymore? Well, that person might try and squeeze some money from you by holding your files hostage.</p>
361<h2 id="cloud-backups">Cloud backups</h2>
362<p>Most people define cloud storage as follows:</p>
363<blockquote>
364<p>Cloud storage is a way for businesses and consumers to save data securely online so that it can be accessed anytime from any location and easily shared with those who are granted permission. Cloud storage also offers a way to back up data to facilitate recovery off-site.</p>
365</blockquote>
366<p>Source: <a rel="noopener" target="_blank" href="https://www.investopedia.com/terms/c/cloud-storage.asp">Investopedia</a>.</p>
367<p>In reality, cloud storage is no more than some dude’s computer.</p>
368<p>As soon as you upload your personal data to any service, you’re trusting it to store it in a safe and private way. If that software is not open source, you’re basically asking to get spied on.</p>
369<p>Most people do not care about that, that’s why cloud storage solutions are very popular and basically enabled by default on any device you might buy nowadays.</p>
370<p>I personally use cloud storage but I would never actually upload anything I actually care about on it…
371If you have to choose, I have a few suggestions.</p>
372<h3 id="don-t-trust-non-encrypted-solutions">Don’t trust non-encrypted solutions</h3>
373<p>Everybody has a Google account nowadays. If you forget your password, there is a way to recover it and get access to everything inside, including your Google Drive contents. As long as there is a password that can be changed or reset, your files are NOT encrypted and fully visible to anyone who has access to the Drive servers (Google or any other government agency that might want to take a peek).
374Most cloud solutions work like this, and it’s actually frightening how many people trust megacorporations to have all of their private information available unencrypted.</p>
375<p>One encrypted solution I use is mega.nz.
376While I can’t be sure that the mega team isn’t spying on me, at least they’re hiding it well if they do.
377Mega includes an encryption key with your account, which is not tied to your login information.
378This means that if you lose your key, you also lost all of your files, there is absolutely no way to get them back, even if you change your account password.</p>
379<p>Now, Mega is not open source, so you can never be sure that there isn’t any backdoor, or that keys aren’t stored together with your personal information, but at least it’s something.</p>
380<h3 id="encrypt-your-data-yourself">Encrypt your data yourself</h3>
381<p>If you really need to trust Google, Apple or Amazon with your files, you can encrypt your files locally with the gpg command. This way, feds and big tech are going to need another password to actually access your private files.</p>
382<p>It’s really easy, just two commands mainly.</p>
383<p>Encrypt:</p>
384<pre><code>gpg -c --cipher-algo AES256 secret.file
385</code></pre>
386<p>Decrypt:</p>
387<pre><code>gpg segret.file.gpg
388</code></pre>
389<p>If you need to encrypt a folder, you can compress it first:</p>
390<pre><code>tar -cf output.tar.gz secret-folder
391</code></pre>
392<p>Then encrypt your output.tar.gz archive as if it was a single file.</p>
393<p>After decrypting it, you can extract your archive through this command:</p>
394<pre><code>tar -xf output.tar.gz
395</code></pre>
396<p>Check out Mental Outlaw’s <a rel="noopener" target="_blank" href="https://invidio.us/M0O7vhvQW30">video</a> about this very topic.</p>
397<h2 id="local-backups">Local backups</h2>
398<p>This is the best way to backup your data.
399You don’t need to encrypt it if you have full physical access to your data, but you would still be vulnerable if it gets lost or stolen, so it’s always better to keep it encrypted and safe.</p>
400<p>Of course, if you have a backup hard drive always plugged in your PC, it’s not really secure at all, since one could remotely execute a ransomware that encrypts everything in your PC, including all drives both internal and external, so you would get your backup encrypted with the original files voiding everything you’ve done.</p>
401<p>This is why you should keep a GNU/Linux device that only serves backup purposes and is turned OFF most of the time. As long as no current runs through your CPU, your files are safe. You should only turn it on once a month and copy everything important over, so you have a safe and offline backup.</p>
402<p>You could also use a USB stick or external hard drive, as long as you only plug them in your PC when necessary.</p>
403</content>
404
405 </entry>
406 <entry xml:lang="en">
407 <title>You should probably use Linux</title>
408 <published>2021-04-29T00:00:00+00:00</published>
409 <updated>2021-04-29T00:00:00+00:00</updated>
410
411 <author>
412 <name>
413
414 BiRabittoh
415
416 </name>
417 </author>
418
419 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/you-should-use-linux/"/>
420 <id>https://birabittoh.github.io/blog/you-should-use-linux/</id>
421
422 <content type="html" xml:base="https://birabittoh.github.io/blog/you-should-use-linux/"><h2 id="why-are-you-writing-this">Why are you writing this?</h2>
423<p>As you probably know, I like using free software (free as in <em>freedom</em>, not free of charge). Most people see users with this mentality as a group of paranoid psychopaths who circlejerk about their custom systems. While that’s in part true, there’s much more to it.</p>
424<p>I often get asked by Windows or MacOS users about why they should think about switching to a GNU/Linux OS (which I’ll be referring to as Linux); I’m just going to address everything here so I don’t have to repeat it to everyone who asks.</p>
425<p>I’ll try to address every aspect where Linux is objectively better than the competition, then look at some reasons you <em>could</em> have to stick to Windows or, like I did, set up a dual boot.</p>
426<h2 id="what-is-free-software">What is free software?</h2>
427<p>First of all, let’s read the official definition for it.</p>
428<blockquote>
429<p>A program is free software if the program’s users have the four essential freedoms:
4300. The freedom to run the program as you wish, for any purpose.</p>
431<ol>
432<li>The freedom to study how the program works, and change it so it does your computing as you wish.</li>
433<li>The freedom to redistribute copies so you can help others.</li>
434<li>The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes.
435A program is free software if it gives users adequately all of these freedoms.</li>
436</ol>
437</blockquote>
438<p>Source: <a rel="noopener" target="_blank" href="https://www.gnu.org/philosophy/free-sw.en.html">Free Software Foundation</a>.</p>
439<p>Let’s examine how this freedom is beneficial.</p>
440<h3 id="linux-is-open">Linux is open</h3>
441<p>Using free software on an open source OS means you always know what’s going on with your PC; if you get curious or have any suspects you can always read the source code (or trust that somebody already did it in your place).</p>
442<p>The good thing about Linux is that it doesn’t hide anything from you. Whenever there’s a problem, you can read various logfiles (with different levels of detail) to identify and troubleshoot your problem; it’s also easier to fix problems since you actually know what each program and file does, while troubleshooting in closed-source OSes is like trying to fix a car engine without being able to open the hood.</p>
443<p>Some distros, like <a rel="noopener" target="_blank" href="https://archlinux.org/">Arch Linux</a>, require you to set everything up from scratch; this means you always know exactly which programs you’re installing and their exact function inside the Linux environment. I would only advise this kind of installation to advanced users, but after you do it the first time you’ll certainly learn a lot about how a Linux OS actually works.</p>
444<h3 id="linux-is-secure">Linux is secure</h3>
445<p>Every single FOSS-oriented website makes this point, I’m just going to re-iterate it just to be sure.
446The source code being publicly available doesn’t make software less secure. In fact, it’s way more secure since more people can work on it and fix security flaws.
447<a rel="noopener" target="_blank" href="https://en.wikipedia.org/wiki/Security_through_obscurity">Security through obscurity</a> just doesn’t work. You can see that by looking at the number of security breaches that are found every day on closed-source software.</p>
448<p>If you make your software closed-source you’re basically betting you and your small team are able to create a better and more secure code than every single other person in the planet. Of course, this assumption is stupid and irrealistic, that’s why FOSS software will always be faster and more secure than closed-source alternatives.</p>
449<p>This goes for every kind of software, including the very operating system code. GNU/Linux based operating systems are the most secure choice for every kind of user.
450More often than not, you can trust the software programmers without even reading the code yourself: since they’re sharing every single line of code, they probably don’t have anything to hide. If they do include malicious code, someone else will probably have noticed by now, provided you didn’t build and run that software straight from the repo a few minutes after the last commit lol</p>
451<p>You can also be safe against external attackers. Linux’s <a rel="noopener" target="_blank" href="https://gs.statcounter.com/os-market-share/desktop/worldwide/#monthly-202012-202012-bar">market share</a> on desktop and laptop PCs was less than 2% as of January 2021, and those people are probably much more tech-savy than the other OSes’ users…
452This means attackers will likely target Windows or OS X users, so you can be safe even without using an antivirus or anything similar (even though there <em>are</em> <a rel="noopener" target="_blank" href="https://www.clamav.net/">choices</a> for that, too).</p>
453<h3 id="linux-is-smarter">Linux is smarter</h3>
454<p>Saying that Linux is for <em>everybody</em> would be a risky take. My point is that you <em>probably</em> could benefit from using a Linux system.</p>
455<p>If you’re a programmer, Linux is objectively the best OS you can use. As a programmer, I love using the terminal to do stuff more quickly. I also love the level of integration you can have with the system: a lot of programs are designed with a client/server model, which makes them work in complex scenarios as long as you have the time and patience to configure them properly.</p>
456<p>While Windows still has to retain compatibility with legacy systems, Linux is much more free to do its own thing. Linux will always be smarter and more modern. Just think about the filesystem structure.
457Windows is forced to retain a confusing structure, where you have a ton of (not) hidden folders where programmers can store their necessary data… But there are so many choices and they’re not coherent! If I wanted to create a backup of all my settings and save files, I would have to copy all of these folders:</p>
458<pre><code>C:\ProgramData; C:\Users\username\AppData; C:\Users\username\Documents\my games;
459</code></pre>
460<p>And I would still miss all of the informations saved on the awful Windows Registry…</p>
461<p>On Linux, you just copy the .config folder in your home directory.</p>
462<p>Moreover, in Windows 10 you have two ways of editing system settings: the Control Panel and the Windows Settings. But sometimes editing a setting on one side does NOT reflect on the other!
463Windows is literally the most confusing OS you can start with… And people still recommend it to beginners over Linux. It’s just dumb.</p>
464<h3 id="linux-is-versatile">Linux is versatile</h3>
465<p>Now, to the point everybody’s been waiting for. Yes, none of the Adobe programs will run <em>natively</em> on any Linux distro. That means if you’re a creative person and you need those programs on a daily basis, maybe you should consider dual booting…</p>
466<p>BUT, steps are being made in two different directions:</p>
467<ul>
468<li>Valve is working on Proton, which allows the execution of most Windows-only applications and games on any Linux system.</li>
469<li>More and more open-source alternatives to closed-source standards are being developed by the day.</li>
470</ul>
471<p>While Proton is interesting, I always prefer to run open source software, especially if we’re talking about programs that are also free of charge: imagine trusting a closed-source software you didn’t pay for.</p>
472<h2 id="conclusion">Conclusion</h2>
473<p>Ok, now I’m getting repetitive so I’ll just get to the point.
474Linux is constantly evolving and it has now become the top choice for a lot of people, so let’s try and consider every use case.</p>
475<ul>
476<li>If you’re a professional that’s deep in the industry and you need some <em>specific</em> program to run perfectly on your device… Yeah, you should use Windows.</li>
477<li>If you’re a power user that’s just used to paid software, maybe consider trying out some open source alternative?</li>
478<li>If you’re a gamer, I say you should dual boot. I have a Windows 10 LTSC installation that I use <em>exclusively</em> for gaming. While Proton has made Linux gaming feasable, the experience isn’t always the best, especially if you play games that require millisecond-grade accuracy, like rhythm games or competitive shooters.</li>
479<li>If you’re a student or employee, Linux would be perfect for you. You can quickly take notes and do office work without the annoying Windows 10 updates popping up and rebooting your system seemingly at random. Also, any Linux system will probably be more light on resource usage than Windows, so you could take some old hardware you thought would never be using again and actually make something useful with it.</li>
480<li>If you work in the programming or engineering field, then what are you waiting for? You should try out a Linux OS as soon as possible, and not in a virtual machine. A lot of my friends said they didn’t like Linux because it felt slow… While running on a VM… Duh? Try it out on real hardware so you can feel its superiority.</li>
481</ul>
482<p>Well, I can’t possibly cover <em>every</em> profession and use-case, but I hope I was clear about those I managed to list above.
483I’m going to conclude this article with some interesting links about Linux and FOSS you definitely should check out.</p>
484<ul>
485<li><a rel="noopener" target="_blank" href="https://islinuxabout.xyz/">Is Linux About…?</a></li>
486<li><a rel="noopener" target="_blank" href="https://usermod.net/why-use-linux/">usermod.net - Why use Linux?</a></li>
487</ul>
488</content>
489
490 </entry>
491 <entry xml:lang="en">
492 <title>Modern web bloat</title>
493 <published>2021-04-09T00:00:00+00:00</published>
494 <updated>2021-04-09T00:00:00+00:00</updated>
495
496 <author>
497 <name>
498
499 BiRabittoh
500
501 </name>
502 </author>
503
504 <link rel="alternate" type="text/html" href="https://birabittoh.github.io/blog/modern-web-bloat/"/>
505 <id>https://birabittoh.github.io/blog/modern-web-bloat/</id>
506
507 <content type="html" xml:base="https://birabittoh.github.io/blog/modern-web-bloat/"><p>This is it. My first blog post; I suppose this officially makes be a boomer.</p>
508<h2 id="inspiration">Inspiration</h2>
509<p>Some time ago I stumbled upon a <a rel="noopener" target="_blank" href="https://invidio.us/cvDyQUpaFf4">video</a>, where the popular Linux influencer <a rel="noopener" target="_blank" href="https://lukesmith.xyz">Luke Smith</a> talked about the effort of looking up a Chicken Parmesan recipe in 2021 without having any adblock or privacy extensions enabled.</p>
510<p>That’s because most modern websites take a lot of time to load framework files, ads and trackers. While that’s kinda functional, I think we should change our habits and start making simple websites again.</p>
511<p>Yeah, this looks like a first world problem and it probably is, but it’s not as subtle as you think. I’m actually convinced that the internet could actually benefit from this way of thinking, and that’s what I’m going to talk about.</p>
512<h2 id="the-problem">The problem</h2>
513<p>In the early days of the internet, it was common for webpages to be written using only HTML, so we had very ugly but functional websites.</p>
514<p>As technology went on, sites needed to get more modern-looking and interactive; that’s why CSS and JavaScript were introduced into the mix, allowing for dynamic websites that could actually change based on user input.
515As of nowadays, a lot more stuff went into the mix, to the point where the browser is now the most common program we use in our OS: you can, in fact, use it for doing things that 15+ years ago required external programs, like:</p>
516<ul>
517<li>playing music and video,</li>
518<li>reading PDF files,</li>
519<li>doing office work,</li>
520<li>checking e-mail,</li>
521<li>cloud storage,</li>
522<li>etc…</li>
523</ul>
524<p>I guess people just find it more comfortable if they can do everything with a single program, and they’re not to blame for that. This IS the easiest approach for unexperienced people: just have a program that does everything, instead of having to learn how to use a bunch of different software.</p>
525<p>This plethora of uses is possible today because of the existence of various libraries and frameworks that simplify JavaScript and CSS and make them easier to develop complicated websites with.
526This is good for basic web users who just want functional websites, and great for developers since they can easily code advanced functions inside the browser, which makes them work in every OS.</p>
527<p>Sadly, this brings us to the problem: any modern website has become a burden for any browser to load, since our browser needs to download and parse through each library and often fill the page content as you scroll through.
528In his video, Luke Smith found that a simple Chicken Parmesan recipe would take up to 5-10 megabytes, which doesn’t sound like a lot, but it actually is.</p>
529<p>It’s easier to understand it if you think about it with video-games; any game on 16-bit consoles and earlier, including full-fledged 30+ hour adventures like Final Fantasy 6 and Chrono Trigger, weighs less than one single recipe page (as stated <a rel="noopener" target="_blank" href="https://blogs.umass.edu/Techbytes/2014/02/10/history-of-gaming-storage/#attachment_2827">here</a>).</p>
530<h2 id="the-solution">The solution</h2>
531<p>Well, I don’t think this “problem” is getting solved soon, as new frameworks for web development are constantly being introduced. Sadly, it’s a one-way train, but if you’re a web-dev you could actually make a difference yourself!</p>
532<p>I mean, this can not apply to all websites. Some of them just NEED to be as responsive and interactive as they are; most of them actually just became bloated at a certain time period (probably mid-2000s) when having a flashy website was cool and different from what everyone else had.
533Nowadays you can make a difference by using plain HTML and CSS for your website: this ensures your pages will load instantly and be compatible even with the oldest of browsers!
534If you like this philosophy, you can check out other projects that aim for a simpler and faster web, like these ones:</p>
535<ul>
536<li><a href="//gemini.circumlunar.space/">gemini://</a>: a new, purposefully limited, internet protocol;</li>
537<li><a rel="noopener" target="_blank" href="https://based.cooking/">based.cooking</a>: a modern recipe website based on user collaboration via GitHub;</li>
538<li><a rel="noopener" target="_blank" href="https://wiby.me/">wiby.me</a>: a search engine that aims to only index classic style webpages.</li>
539</ul>
540</content>
541
542 </entry>
543</feed>