One thing you probably need to figure out first: how are the dgpu and igpu connected to each other, and then which ports are connected to which gpu.

Everyone does funky shit with this, and you’ll sometimes have dgpus that require the igpu to do anything, or cases where the internal panel is only hooked up to the igpu (or only the dgpu), and the hdmi and display port and so on can be any damn thing.

So uh, before you get too deep in planning what gets which gpu, you probably need to see if the outputs you need support what you want to do.

It’s viable, but when you’re buying a DAS for the drives, figure out what the USB chipset is and make sure it’s not a flaky piece of crap.

Things have gotten better, but some random manufacturers are still using trash bridge chips and you’ll be in for a bad time. (By which I mean your drives will vanish in the middle of a write, and corrupt themselves.)

Okay so you’re able to access it via the IP it’s hosted on, but NOT via the domain name in the tunnel?

Is the working IP a public or private one?

My $5 is that you don’t have the tunnel configured properly and that’s why you’re having issues, but maybe not.

Also, what specifically did you put in the config file? Usually they’re not asking for an IP, but the FQDN of the site.

Am I missing something, or is this just the argo tunnel thing Cloudflare has offered for quite a while?

Are you using Cloudflare as DNS, proxy, or via their argo tunnels? (I know you said tunnel, but then mention accessing via IP address, so I’m not entirely sure what you’ve done.)

Kinda changes what you should be looking at.

10000% this.

Tell me what it does, and SHOW me what it does.

Because guessing what the hell your thing looks like and behaves like is going to get me to bounce pretty much immediately because you’ve now made it where I have to figure out how to deploy your shit if I want to know. And, uh, generally, if you have no screenshots, you have no good documentation and thus it’s going to suuuuck.

It’s because of updates and who owns the support.

The postgres project makes the postgres container, the pict-rs project makes the pict-rs container, and so on.

When you make a monolithic container you’re now responsible for keeping your shit and everyone else’s updated, patched, and secured.

I don’t blame any dev for not wanting to own all that mess, and thus, you end up with seperate containers for each service.

Time to rename the blue shell to The Shell of Equity, I guess?

Those both have a Ring 0 component, which is essentially presented as required for the crap to even work.

The argument being that you have to have that level of access for the anti-cheat software to be able to actually be able to do it’s thing, since if you just ran it with a normal user’s permission, it’d be subject to numerous ways you could have a cheat tool simply bypass it.

They’re probably not wrong about that, but doesn’t mean that we should have to essentially install a rootkit on our hardware to play online games.

Might have been unclear; I listen basically exclusively to spoken word stuff. Podcasts, audobooks, “raido” plays, etc.

The Airpods actually sound remarkably good and clear (and ANC helps a lot with ensuring clarity anywhere even slightly noisy) with voices, so for my uses, they sound perfectly fine.

I have a pile of Chi-Fi earbuds that absolutely destroy them in sound quality for music, but it’s very much a 99.9% of the time it’s not music situation.

Head to the lemmy github and subscribe to the releases email and you’ll get one when a new version is out.

(And, unlike SOME projects I’m subbed to, they don’t do anything that generates a ton of spam, so it really is just one-email-per-release.)

The best way I’ve heard that described is that for the Bambu stuff, you spend your time fiddling with the thing you want to print, not your printer.

I love my p1p (and it’s several thousand hours and 100kg of filament into ownership and all I’ve had to do is clean the bedplate and replace a nozzle), and really wish there was anyone who was making an open-source printer that’s as reliable and fiddle-free as this thing has been.

I’d probably go with getting the ISP equipment into the dumbest mode possible, and putting your own router in it’s place, so option #2?

I know nothing about eero stuff, but can you maybe also put it into a mode that has it doing wifi-only, and no routing/bridging/whatever?

Then you can just leave the ISP router in place, and just use them for wifi (and probably turn off the wifi on the ISP router, while you’re in there).

I’ve become a fan of staying one version behind for a month or two, unless there’s a security issue that is involved in which case I’ll patch.

I like it when someone who isn’t me finds out the catastrophic breaking issues and has to do the cleanup, and I’ll wait for the fixed version. :P

Something that’s made shockingly unclear, for anyone who might be interested: you only need to have subscribed for a single month to have all the subscriber gated stuff unlocked.

I don’t really know how that’s a viable business model, but pay $14 or whatever, get all the expansions and inventory and whatnot unlocked, and then don’t worry about it until there’s another expansion you want.

They really do.

The sound great, and the ANC is great, but the “official” battery life for a brand new one (which these are not) is “up to 4.5 hours” with ANC on, and 5 without it.

It ends up being 2-3 charge cycles basically every day, plus a full recharge of the charging case.

They do, however, work amazingly well if you’re in the Apple ecosystem; for example they’ll swap between my iPad and Mac Mini if audio starts on one or the other.

But for actually sitting down with something and listening to a thing, I’d rather just plug in some headphones (via the lovely USB-C dongle) and not have to think about if the stupid things are going to die before I’m ready to stop listening.

(Disclaimer: I’m also a weirdo who doesn’t carry a smartphone, and still uses an iPod for listening to stuff outside of the house, so feel free to roll your eyes and disregard my obviously bad opinions :P )

My complaint has always been that the stupid things need to endlessly be recharged.

I’ve got some AirPod Pros and they’re great… for about 4 hours.

Then you’re stopping what you’re doing, recharging for half an hour, and then you’re good for uh, another 3 hours because that wasn’t a full charge.

And after the 2nd or 3rd time you’ve done that, your case is dead and you get to throw everything on a charger for a couple of hours.

Ooooooooor I can put in my wired headphones, and not give a shit about any of that, because that’s not how those work at all.

I suppose most people don’t spend most of their day listening to podcasts and audiobooks and thus 4 hours is fine, but good lord is it annoying as crap.

Heh, I started another playthrough last night myself.

Never really gone through the Republic storylines, so I guess I’ve got a bit of game time ahead of me…

Then the correct answer is ‘the one you won’t screw up’, honestly.

I’m a KISS proponent with security for most things, and uh, the more complicated it gets the more likely you are to either screw up unintentionally, or get annoyed at it, and do something dumb on purpose, even though you totally were going to fix it later.

Pick the one that makes sense, is easy for you to deploy and maintain, and won’t end up being so much of a hinderance you start making edge-case exceptions because those are the things that will 100% bite you in the ass later.

Seen so many people turn off a firewall or enable port forwarding or set a weak password or change permissions to something too permissive and just end up getting owned that have otherwise sane, if maybe over-complicated, security designs and do actually know what they’re doing, but just getting burned by wandering off from standards because what they implemented originally ends up being a pain to deal with in day-to-day use.

So yeah, figure out your concerns, figure out what you’re willing to tolerate in terms of inconvenience and maintenance, and then make sure you don’t ever deviate from there without stopping and taking a good look at what you’re doing, what could happen if you do it, and coming up with a worst-case scenario first.

What’s your concern here?

Like who are you envisioning trying to hack you, and why?

Because frankly, properly configured and permissioned (that is, stop using root for everything you run) container isolation is probably good enough for anything that’s not a nation state (barring some sort of issue with your container platform and it having an escape), and if it is a nation state you’re fucked anyways.

But more to your direct question: I actually use dns scopes and nginx acls to seperate public from private. I have a *.public and a *.private cname which points to either my external or internal IP, and ACLs in the nginx site configuration to scope where access is allowed.

You can’t access a *.private host outside the network, but can access either from inside it, and so (again, barring nginx having an oopsie somewhere) it’s reasonably secure and not accessible, and leaves a very clear set of logs (and I’m pulling those logs in and parsing them for anything suspicious and doing automated alerting if I find anything I would not otherwise expect) so I’m happy enough with the level of security that this is, when paired with the services built-in authentication options.