• 1 Post
  • 255 Comments
Joined 3 years ago
Cake day: June 18th, 2023
  • NaibofTabr@infosec.pubtoSelfhosted@lemmy.worldVaultwarden while allowing family emergency accessEnglish
    10·
    3 hours ago

    You are running into the ultimate, and ultimately unavoidable, limitation of self-hosting, which is the self.

    You should run a VM on the VPS for Vaultwarden, with no other services in the VM except whatever you need to connect to it remotely. Keep it simple. Run an exact copy of the VM on your local server. Have the VPS instance push its database to the local instance regularly, to keep up with any changes that your users make. Make regular backups of the local instance.

    When you need to update the software, freeze an image of the local VM and then update the local VM, then when you’re sure it’s stable, copy the updated local VM to the VPS. If either the local or VPS instance crashes out, you should be able to recover (or reproduce) one from the other.

    In the end though, it is functionally impossible to ensure reliability by yourself. Hosting Vaultwarden on a VPS shifts the responsibility for running the underlying server and network connection to the provider, and probably removing the dependence on your residential network connection will be better for your family/users.

    You are still the weak point in your system. You need someone else who can log in to your local server, and into the VPS, and perform recovery if needed. There is no technical solution for this. You cannot be the sole admin, and also ensure reliability for other users.

  • NaibofTabr@infosec.pubtoLinux@programming.devRaven Prism is a Linux Computer That Happens To Be A Pair of GlassesEnglish
    27·
    10 days ago

    There’s a new one being launched by a San Francisco-based startup that has some impressive specs, is powered by Linux, and isn’t looking to sell user data.

    yet.

    This is not an open source project. We covered it because the operating system for this is based on Linux.

    It’s (not) FOSS

    Some use cases the company points to include hands-free coding agents, reading board schematics mid-build, following a recipe in the kitchen, and keeping sheet music in view while playing an instrument.

    We’re trying really hard to come up with justifications to normalize people wearing a camera and microphone on their face all the time.

    Before you get worried, Raven Prism will ship with a physical cover for the camera that you remove when you want to use it and put back when you don’t.

    Which people will discard or lose within a month, especially if it looks like a weird extra piece attached to the frame.

    There’s also “Beakon” lights that illuminate when the camera is active, making it visible to both the wearer and anyone nearby.

    Which will get disabled almost immediately.

  • NaibofTabr@infosec.pubtoPrivacy@programming.devA $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording LightEnglish
    8·
    15 days ago

    The fact that this is labelled as a “flashlight” and the product listing doesn’t tell you anywhere that it’s actually a laser is shady as fuck. The seller is probably trying to dodge safety regulations.

    There’s a review on the same product from a different seller that has a close-up of the label:

    https://a.co/d/0bgSPi28

    This is a 50W laser, which is pretty dangerous. Just looking at the reflection spot where the laser hits something could damage your eyes, and never mind looking directly into the beam. If you’re going to use something like this you should be wearing properly tested safety glasses rated for that frequency, not the cheapos that come with it.

    Edit: that safety label is definitely wrong. Class III lasers are between 5 and 500 mW, so this is probably 500mW and not 50000mW, which makes a lot more sense because you’d never fit that in an object this size.

    The fact that the safety label is wrong makes this thing even worse.

  • NaibofTabr@infosec.pubtoSelfhosted@lemmy.worldrsync is being vibe coded now. We are so cooked.English
    5·
    28 days ago

    No, we’re talking about companies scraping hundreds of millions if not billions of labor hours of output to train their models for the sake of developing software products which they then sell for profit.

    Every model that was trained on legally acquired free public data and open source code should be freely publicly available and open source.

    Every model that was trained on not legally acquired public data (e.g. Meta’s models) should be taken out of production until all of the lawsuits are concluded, and hopefully the parties responsible are put out of business.

    I’m not talking about future, potential labor that AI might replace. I’m talking about the labor which was stolen to produce these models in the first place.

    But, please use AI.

  • NaibofTabr@infosec.pubtoSelfhosted@lemmy.worldrsync is being vibe coded now. We are so cooked.English
    49·
    28 days ago

    Please identify the issues with the LLM generated code.

    Why would the issues be obvious and easy to point out? Most issues with code aren’t. If they were, we wouldn’t have Patch Tuesday, a direct code review would prevent issues from shipping in the first place.

    Throwing this out as if it means LLM code is acceptable and ends the argument is ridiculous. Do you have any grasp of how software vulnerabilities are discovered at all?