I used Inkscape a lot on PDFs with forms and broken layout. The beauty of it, you can fix other problems, too, use your own font or change the font of existing text. (:
Stefania by Kalush Orchestra (Ukraine) was the winner this year, only partly because of the invasion. It was probably in most people’s top 3 anyway, and it got such a huge percentage of the votes that it really skewed the rest of the results. (Fun fact, the flautist/lead in this song is the same flautist from SHUM in 2021)
ESC 2023
Cha Cha Cha by Käärijä (Finland) is a TREMENDOUS bop. It’s so catchy. As he was touring around before the actual semi-finals he lost his trademark lime green jacket, and fans made and brought replacements to shows for him until it was found.
Mama ŠČ! by Let 3 (Croatia) is beyond weird but really catchy. They’re the most charismatic artists ever to fake pooping themselves during an interview.
ESC 2024 is in National Finals season now, where each country chooses their entry, usually with a reality show contest. The semi-finals are 7 and 9 May and the Finals will be on 11 May. You can stream on Peacock, or hop on a VPN and watch the live feed from Sweden or Denmark or somewhere.
It makes me happy to see songs in their natives languages, but since the rules changed to allow more English songs, we see countries sending them with the assumption that they’ll get more attention from countries other than their own.
The most important rules change to me would be to revert the 2020(?) loosening of recorded vocals restrictions. In the last two or three years we’ve noticed lots of countries where the recorded “background vocals” include the lead part to cover up bad live performances. Heck, I’d even support live instruments too.
There’s a vocal handful group of people disliking CloudFlare because of their irrelevant “privacy” concern here — you can absolutely use the registrar without using their CDN features. Also, reality check: with CloudFlare’s market reach, there’s zero chance nothing they do online isn’t already MITM’ed already. Having said that, Cloudflare uses their registrar as loss leader, so they give their wholesale price to end users registering, and as such you’ll have the cheapest price available for the domain extensions they support. You can then just set your DNS without their orange cloud and traffic on your domain aren’t going to flow through their CDN.
So they profit from high-profile commercial users to subsidize the free tier (proxy, tunnels) and cheap DNS. What’s wrong with that? It’s not like we absolutely need those (proxy is nice but you can use vps, tunnels are also offered by ngrok).
Privacy and cars are mutually exclusive. If you want privacy use public transport and pay in cash. With cars you have licence plate scanner, cameras and tollbooths everywhere (no to mention that most people drive with their phones on them). “They” will know where were you driving no matter what car you use. The question really is what data are you trying to hide and from who? The obvious thing to do is not to give your data to advertisers. Selling you shit is the whole point of most of the data collection. Just get extra phone and use some fake google account for android auto and you should be fine here. As for car companies all they will gather is some generic data about your driving habits but guess what? Everyone knows this already because driving is not private (again, if you want to hide this use public transport). So yeah, it would be nice for car companies to be more transparent about the data they gather and how they use it but it’s really not a big issue. If you’re paranoid about it then don’t drive. If you’re driving the data your car is leaking though analytics is not your biggest problem.
And what did I say? “Just get extra phone and use some fake google account for android auto and you should be fine”. Kind of like I’m saying that while total privacy is not possible you can find a good compromise, wouldn’t you say?
The only thing I really hate about “AI” is how many damn fonts barely differentiate between a capital “i” and lowercase “L” so it just looks like everyone is talking about some guy named Al.
When that show was new, I could sing them all. Kinda. I certainly had no idea what the words were, but I listened to them enough that I could fake it lol
You’re going to get a lot of bad or basic advice with no reasoning (use a firewall) in here… And as you surmised this is a very big topic and you haven’t provided a lot of context about what you intend to do. I don’t have any specific links, but I do have some advice for you:
First - keep in mind that security is a process not a thing. 90% of your security will come from being diligent about applying patches, keeping software up-to-date, and paying attention to security news. If you’re not willing to apply regular patches then don’t expose anything to the internet. There are automated systems that simply scan for known vulnerabilities on the internet. Self-hosting is NOT “set it and forget it”. Figuring out ways to automate this help make it easy to do and thus more likely to be done. Checkout things like Ansible for that.
Second is good authentication hygiene. Choose good passwords. Better yet long passphrases. Or enable MFA and other additional protections. And BE SURE TO CHANGE ANY DEFAULT PASSWORDS for software you setup. Often there is some default ‘admin’ user.
Beyond that your approach is"security in depth" - you take a layered approach to security understanding what your exposure is and what will happen should one of your services / systems be hacked.
Examples of security in depth:
Proper firewalling will ensure that you don’t accidentally expose services you don’t intend to expose (adds a layer of protection). Sometimes there are services running that you didn’t expect.
Use things like “fail2ban” that will add IP addresses to temporary blocklists if they start trying user/passwords that don’t work. This could catch a bot from finding that “admin/password” user on your Nextcloud server that you haven’t changed yet…
Minimize your attack surface area. If it doesn’t need to be exposed to the internet then don’t expose it. VPNs can help with the “I want to connect to my home server while I’m away” problem and are easy to setup (tailscale and wireguard being two popular options). If your service needs to be “public” to the internet understand that this is a bigger step and that everything here should be taken more seriously.
Minimize your exposure. Think though the question of “if a malicious person got this password what would happen and how would I handle it?” Would they have access to files from other services running on the same server (having separation between services can help with this)? Would they have access to unencrypted files with sensitive data? It’s all theoretical, until it isn’t…
If you do expose services to the internet monitor your logs to see if there is anything “unusual” happening. Be prepared to see lots of bots attempting to hack services. It may be scary at first, but relatively harmless if you’ve followed the above recommendations. “Failed logins” by the thousands are fine. fail2ban can help cut that down a bit though.
Overall I’d say start small and start “internal” (nothing exposed to the internet). Get through a few update/upgrade cycles to see how things go. And ask questions! Especially about any specific services and how to deploy them securely. Some are more risky than others.
Going off of what you said, I am going to take what I currently have, scale it back, and attempt to get more separation between services.
Containerization and virtualization can help with the separation of services - especially in an environment where you can’t throw hardware at the problem. Containers like Docker/podman and LXD/LXC aren’t “perfect” (isolation-wise) but do provide a layer of isolation between things that run in the container and the host (as well as other services). A compromised service would still need to find a way out of the container (adding a layer of protection). But they still all share the same physical resources and kernel so any vulnerabilities in the kernel would potentially be vulnerable (keep your systems up-to-date). A full VM like VirtualBox or VMWare will provide greater separation at the cost of using more resources.
Docker’s isolation is generally “good enough” for the most part though. Your aggressors are more likely to be bot nets scanning for low-hanging fruit (poorly configured services, known exploits, default admin passwords, etc.) rather than targeted attacks by state-funded hackers anyway.
I‘d only access my jellyfin through a VPN like WireGuard. As a plus, you can route your DNS calls to your DNS server in your home network (like AdGuard) and have always most ads blocked in any app even on iOS.
Yeah I am using unifi I might have to switch my client if I can figure out how to connect to my existing wire guard setup that I have on my dream machine.
😳what?? Why would AA not work with VPN?! What a deal break, lol, I guess I’ll keep my iPhone X in the car for CarPlay after switching to a new (maybe not apple) phone in that case
Wired works but because wireless AA needs to use WiFi the VPN blocks the communication. It only works with VPN providers that allow split tunnels which the one I use does not. I use unifi one click VPN which is subscription free.
Just today I started experimenting with Hyprland and this repo for installing and configuring all the additional software. The easiest flow seems to be “install EndeavourOS with Gnome, clone illogical-impulse, run install.sh”
Unfortunately, Hyprland runs like trash in a virtual machine so it’s difficult to try out such a setup without going through a full install.
Yes, I was a public figure on reddit. And even if I wasn’t, it’s irrelevant. You don’t need to have a reddit account for scammers to post libel about you and your business.
kbin.spritesserver.nl
Active