[ my public key: https://keybase.io/ingenium; my proof: https://keybase.io/ingenium/sigs/WM9U5ulI4enLEK2fWt2WjGTk0-u1mnsJ7T_v7HLSHMc ]
- ingeniumI mean it works fine for me on Chrome
- Android is pretty easy, you just add it to the keystore and that's it. I've had my own CA long before Let's Encrypt, but now mostly only use it for non-public devices that can't easily use Let's Encrypt (printers, switches, etc).
- This is how I explain it. When I first started scuba diving and explained to the instructor that it wasn't an issue to pop my ears, he was kind of horrified and was like no don't yawn underwater to do that. He didn't seem to understand, no matter how many times I explained it, that I can do it without actually yawning. You just like... mimic the start of a yawn. And then can continue it into a full actual yawn if you want to.
- How are they accounting for the presumably very high timing advance?
- Yup, I switched to Bitwarden and self host my own instance of it using that container. It works great. I was previously using Keepass (and later keepassxc), but it became a hassle to keep the database file in sync between all of my devices (I lost passwords at times as a result). Also the browser extension didn't work that well, nor did it have as nice of Android integration as Bitwarden.
Self hosted was a nice middle ground. No one else has a copy of my password database, and it's always in sync between devices. Stick nginx as a proxy in front of it for https and easy let's encrypt certificate management. The downside is that Keepass by default allowed me to have copies in multiple locations. Bitwarden is only on the server, but since the database is encrypted it's easy enough to have regularly scheduled backups of it. It just is an added step to find another docker host for it if my home server goes down, during which time I may not have access to my passwords.
- I have my Samsung TV wired to my network only for remote control with Home Assistant (can turn it off if nothing is playing for example). But I force all of its DNS to use a pihole, blocking all Samsung domains. I think I also have firewall rules to also block all internet access on it except NTP, but I don't remember if I still have that enabled or not (there may have been an issue with it disabling something that I needed for Home Assistant to talk to it).
- They release pretty frequent updates (monthly), with features added in most of them. It honestly doesn't really make sense to package it with the distro. Home Assistant 1 year ago was missing a lot of nice features in the present version. Plus fixes for integrations that stopped working reliably due to API changes (Ecobee comes to mind), etc.
The best/easiest way to run it is to use Docker. They have a script that will set it up for you. After that, the container can basically self update and self manage. Any addons that you want to use are installed as separate docker containers that talk to the main home assistant container. It's super seamless and easy.
In my case, I just setup a barebones Debian VM and ran their setup script. It took care of all the Docker stuff and got it up and running.
- You can add some protection by putting it behind a reverse proxy like HAProxy or nginx. It's mostly security through obscurity, but in this case it helps a lot unless you're being specifically targeted by someone.
Basically pick a subdomain on a domain you own and have that and only that forward to HA. So the only way to connect to the HA instance from the internet is to know the exact subdomain you've picked for it. Set the proxy to not pass any port 443 traffic unless the subdomain matches one that you've set.
- Pennsylvania (at least at the pharmacies) doesn't verify anything. It's all self certification. You say that you qualify for 1A to make the appointment, and they don't ask you anything when you show up. But Pennsylvania's criteria for 1A is pretty broad, potentially representing 40-60% of the population. So tons of people qualify, but appointments are really hard to come by.
- I believe Moderna was also shown to be effective.
- Honestly I make pretty heavy use of /tmp. Almost all downloads go there, along with anything that I won't be using again after the next hour. Self-cleanup whenever I reboot (which is rare).
Anything of importance, I have broad directories under Documents, and then sub folders. Or sometimes I'll put them on my fileserver with similar directory structure. The Documents folder is backed up with Spideroak.
- Yup, I have HA setup with Unifi integration and it works perfectly for detecting if wifi clients. It gets alerted immediately upon connection (so I don't think it's polling the controller), and they get marked as away exactly 2 minutes after wifi disconnect.
- Yeah, Spain is interesting. Or at least the way it's done in Barcelona. I don't know who owns the fiber (the city?), but it seems that fiber was run to every building/apartment, and when you sign up for service with one of the ISPs, they just give you a combo ONT+router and presumably plug the other end of the fiber line into their OLT. I'm guessing all the ISPs have their OLTs together so they can swap the lines appropriately.
That being said, it seems the networks have a lot of congestion at the neighborhood level (equivalent to oversubscribed DOCSIS nodes), at least in my experience in several neighborhoods in Barcelona. This became much more visible when COVID hit and Netflix and such had to limit quality in Europe as a result.
I only have experience with Movistar and Vodafone fiber, I Haven't used Orange's so I'm not sure if they're any better.
- There are ways to get unlimited service still, which is what my parents do. It's just a bit... hacky. Basically you get an LTE modem and SIM swap to it. The ROOTer mod of OpenWRT is specifically for using LTE modems and works quite well. There are some drawbacks, but it's certainly better than the 1.5 Mbps DSL alternative (which they keep as a backup / automatic failover).
On AT&T (technically a tablet plan) it gets deprioritized after 22 GB, but that's never been an issue for them, even the one month they did 500 GB. I've never seen their speeds affected. Costs about $20 or $25 / month. This is a riskier plan, in that AT&T could check the IMEI and shut it off at any time if it doesn't match (as they've done in the past).
The Sprint plan (hotspot plan with a public routable IP, $41/month effectively, but prepaid for a year at a time) does not get deprioritized, but it's probably not worth it unless you can get band 41. If you do get band 41 you'll see some very nice speeds though, at least download. But T-Mobile is beginning to shut down Sprint's band 41, and to my knowledge this plan is not permitted to roam onto T-Mobile yet. It's keyed in their system as a mobile broadband plan with a 20 or 25 GB bucket of data, however it has unlimited overage. I done hundreds of GB on it no problem. It exists only because of the licensing arrangement for Sprint to use the EBS band 41 spectrum.
- Considering running your own full resolver like unbound. Then you don't have to rely on a DNS provider like Google or Cloudflare. It's really nice not having the whole internet go down when Google or Cloudflare DNS is down.
- I had the latest Windows update break printing, but in a different way. It could no longer connect to the network printer (hosted via CUPS on a raspberry pi). I could load the URL for the CUPS printer just fine in Chrome, but Windows itself couldn't see it. I was also unable to edit anything for the printer in Windows (the option simply wasn't there, and everything was greyed out).
The solution was to set it as the default printer, then add a new printer with the same CUPS URL. For some reason, setting it as the default allowed Windows to see it again. Then delete the new copy, and the original began working and allowed its settings to be edited. Incredibly frustrating.
- There are ways around this. I use ttrss and it has the option to fetch the actual page and replace the RSS content with it. It has a few bugs with formatting and such on some sites, but generally works well. There is a built in Readability plugin for it, but I also use a plugin called Mercury full text for some feeds that don't play nicely with Readability.
Mercury works better than Readability usually, but the downside is that Mercury uses a third party to process it, whereas Readability is all local. So some sites will block Mercury from accessing it, because it's seen as a bot (Forbes does this, as do a few other sites).
This combo works great for reading entirely in your RSS reader. I use my phone to download my feeds for offline before flights, so I can read the actual content as well without an Internet connection (assuming it doesn't have formatting errors).
- Descovy was approved for PrEP about 2 month ago. At least in the US.
- You can set which radios are disabled with Airplane mode with an adb command. It persists and will even transfer to a new phone.
The default is:
adb settings put global airplane_mode_radios cell,bluetooth,wifi,nfc,wimax
I have mine set to:
adb settings put global airplane_mode_radios cell,wifi,wimax
- Or the person was not taking PrEP as prescribed, either missing doses or taking it inconsistently. Once they're infected, if they keep taking just Truvada, then that strain will begin developing resistance, which they can pass on, potentially to others taking PrEP correctly. There have been I believe 6 cases of people being infected with resistant strains while in PrEP.
That's why it's important for people taking PrEP to be screened regularly, and put on a proper cocktail if they test positive.