Best gun-pants ergonomics, tucked in the front

The resolution is actually quadrupled by doubling the value of both axes. In this case going from 1500x1424 (2.1MP) to 3504x3327 (11.7MP) multiplies the total number of pixels by 5.4

With the same level of jpeg compression you’d expect it to jump from 700KB to roughly 4MB. Since both images are the same file format, the rest of the file size difference is likely attributable to less jpeg compression being used in the larger image.

He volunteered.

Yes, title is a typo. Telegram post and picture indicate Su-34, a twin-seat.

The BBC Historic Farm Series is a collection of docuseries about daily life on English/Welsh farms from the Tudor period to WW2, with each series following a group of people spending a full year on a farm in each period. They show you all the ins and outs of life as it would have been in each era, and it’s like traveling back in time, a living museum.

The first series, Tales From The Green Valley, is available in full on archive.org, and is my favorite of the bunch. One episode per month of a year, on a little farm in Stuart-era England. It’s lovely.

What a cunt

The only legitimate commands for a non-root shell are sudo -i, exit, and echo "yee haw"

DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:

192.xxx.x.47 plex.yourdomain.xyz
192.xxx.x.53 snapdrop.yourdomain.xyz

5-ish percent isn’t exactly tiny

Anyone that uses “woke” as a pejorative really just wants to say the n-word instead, but don’t think they can get away with it yet.

Now that’s a name I’ve not heard in a loooong time.

What is your root filesystem installed on - lvm, zfs, or bare disk partitions? Are you booting with grub (legacy/bios) or systemd-boot (uefi)?

It would be enormously easier to track Taylor Swift on a random flight in business class, because the moment people saw her on their random flight in business class it would turn into a social media frenzy.

This is just an attack that attempts common username/password combinations on ssh, and the article even states that the worm is dime-a-dozen. Unless you have both password auth enabled and an available account with an easily guessable password (and if you have either you should change that), this is nothing to worry about, even with sshd available to the internet.

Sensationalist title.

Aside from the beautiful keyboard build, your website design is just… perfect 🥲

I’d personally recommend putting your provisioning steps for each service into Ansible playbooks. That way, you can spin them all up from zero any time, distribute them across different hosts, in vms or lxc containers, any way you like.

I’m with you there. It’s all layer upon layer of vulnerability and false security, and then at the bottom of all of it lurks the Ken Thompson hack.

Still bad advice to tell people it’s okay to use an explicitly vulnerable OS, I think.

Would you advise your enterprise clients that running Windows unpatched is ‘not a big deal as long as you have patched web browsers and AV’? Of course not. Because that’s dangerous advice and could even open you up to legal liability.

So why would you advise otherwise to home users, who are often more vulnerable in the first place?

Not having security patches on a system you do things like go to your banking website on is actually a pretty big deal, and I don’t think it should be dismissed lightly. Also AV is mostly snake oil, and is in no way an adequate substitute for a properly patched OS.

Not dumb questions! All part of the learning process.

A dns entry by nature only points to an ip address, and when you go to that address in a web browser without a port manually specified, your browser will by default connect to port 80 (http) or port 443 (https) on that address.

I’m going to explain using port 80 to start, since you don’t have to setup ssl certificates that way.

Your reverse proxy should be the thing listening on port 80, where it will proxy those requests by hostname (your dns entries) to the ports each other service is listening on. For example, the Adguard web ui should be at port 3000 (its default, I think) instead of 80/443, and in your reverse proxy config you’ll set it up have requests to http:// your-adguard-hostname.yourdomain.tld reverse-proxy to port 3000. Put your other services on other ports (ports in the 8000s are common for this), and have your nginx config point to them by hostname.domain.tld the same way.

Set up that way, when you go to http:// adguard.your-domain.tld in your browser, your request will hit your server on port 80 where your reverse proxy is listening, and your reverse proxy will send it to port 3000 where adguard is listening. You could also go to http:// adguard.your-domain.tld:3000 to bypass the reverse proxy.

As an aside, Adguard will also be listening on port 53 for dns requests, and the dns entries for all of the services you set up will be looked up through that port, not the web proxy.

You can apply the same process to port 443, but it gets more complicated because you need to set up ssl certificates for that. For simplicity, you can set up a single self-signed wildcard certificate for your reverse proxy to use, and you don’t usually need ssl between the reverse proxy and other services on the same server. Your browser will complain about the self-signed certificate, but if it’s all internal it’s okay. Setting up proper certificates for each hostname.domain.tld is a whole other rabbit hole, but great to learn and great to have done.