confusedpuppy

joined 2 years ago
sorted by: new top controversial old
Sad but true in c/[email protected]
Action needed on plastic additives linked to sperm decline, experts warn in c/[email protected]
[–] confusedpuppy 13 points 2 days ago

Whenever I think about the movie Children of Men, all I can think is that the answer to the Human Project's question was microplastics.

Instead of asking why women couldn't have children anymore, they should have been checking men for forever confetti in their balls.

Men can't read our signals in c/[email protected]
[–] confusedpuppy 1 points 2 days ago

That on it's own is fine.

But I said no. I shouldn't have to say no more than once because it's annoying to continually say no. It is weird that they put nearly two weeks of effort into trying to get me to do something when I already said no.

We already worked a physically demanding job and I rode a bike to and from work. I was already happy with my body but they weren't happy with my arms.

Can't access exposed rootful podman container from outside of host device in c/[email protected]
[–] confusedpuppy 1 points 3 days ago

So I disabled the firewall first and that has some good and weird results.

The good: When I type curl 192.168.40.215:5050 from any device on the same local network, I get the result Client sent an HTTP request to an HTTPS server. which is expected and wasn't happening before when the firewall was up. This is a step in the right direction.

The weird: when I type curl https://www.samplesite.com:5050/ from those same devices on the local network, the connection times out. Even on the same device hosting Podman/Caddy. When I use the browser on my desktop to connect to https://www.samplesite.com:5050/ it again times out.

The weirder: When I type https://www.samplesite.com:5050/ into the browser of my phone, it works. I can see my test site and navigate it perfectly. It's the only device that works. Which is strange to me because I believe the mobile version of Firefox is a lot more strict on accessing sites using uncommon ports (from my past experiences).

The results are the same with or without my VPN enabled.

I did a little digging around and it seems I needed to change my firewall's FORWARD policy to allow using doas ufw default allow FORWARD. After doing this, I can replicate the exact same results from the last four paragraphs with the firewall up.

My firewall settings now look like this:

UFW Status

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
5025                       LIMIT IN    Anywhere                  
5050                       ALLOW IN    Anywhere                  
5025 (v6)                  LIMIT IN    Anywhere (v6)             
5050 (v6)                  ALLOW IN    Anywhere (v6)             

53 (DNS)                   ALLOW OUT   Anywhere                  
80/tcp                     ALLOW OUT   Anywhere                  
53 (DNS (v6))              ALLOW OUT   Anywhere (v6)             
80/tcp (v6)                ALLOW OUT   Anywhere (v6)

Disabling my firewall again, I was able to get some information with tcpdump using the command doas tcpdump 'tcp port 5050' The log is here(one week expiration). I replaced the IP addresses with the devices I attempted to connect with. The first device is with my phone using Android Firefox. This is successful and I can see my page and navigate it normally. The second device is my desktop using Firefox and that times out when I try to connect.

As for the Caddy images. I am using a custom build of Caddy that has a module for my DNS that is used for authenticating TLS with Let's Encrypt. Here is what the Dockerfile looks like:

DockerfileFROM caddy:2.10.0-builder AS builder

RUN xcaddy build
--with github.com/caddy-dns/desec FROM caddy:2.10.0

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

I haven't tried using the latest Caddy build just yet, but I'll give it a try a bit later when I can focus on this again. I'm also not sure how to use tcpdump within a container so I don't have anything to compare with that.

Men can't read our signals in c/[email protected]
[–] confusedpuppy 3 points 3 days ago

I'm quite fortunate enough to have found people who appreciate my hugs. Not quite bros. Or maybe they are. Depends on peoples perspective. In any case, my arms just fine as they are for them :)

Men can't read our signals in c/[email protected]
[–] confusedpuppy 2 points 3 days ago (1 children)

I've had a lifetime of people labeling me as something and trying to enforce that label on me. When I eventually do something that sits outside of that label, those same people get angry at me for breaking the expectations that they set for me. Expectations that they never explicitly told me but assumed because of that label they placed on me.

As a result, I pushed back by "delabelling" myself, mostly. If I must label myself, I attempt to use the most broad term possible as to avoid cornering myself. Sometimes it's too easy to use a label as a conversational shortcut.

As a personal result, I tend to avoid labeling others. In my mind that puts me on even level with the people around me. It avoids me talking to specific groups of people and allows others to participate in the discussion, no matter how those other people view or identify themselves.

I've watched how words, labels and categorizations have become weaponized and used to divide people. Which is absurdity. Words are ever evolving and dying so to me it seems pointless to allow words to strongly influence me.

These days I surround myself with people who are able to show me who they are over people who spend their energy telling me who they are. Real confidence doesn't need to waste their time on only words. Those words should add to that person as a whole. That's how I want to view another person.

Not trying to convince you to change your mind, I do see the value in using words or labels to find community, especially in times like these. I think you seem open to at least seeing where my unorthodox views come from.

Men can't read our signals in c/[email protected]
[–] confusedpuppy 1 points 3 days ago (3 children)

I tend to ignore terms like neurotypical and neurodiverse because I just view everyone as neurodiverse. And if everyone is neurodiverse, then nobody is neurodiverse. That just means to me that people are people. Some more insecure than others.

I also think that everyone is gay. Which means I personally don't really view anyone as gay, just people doing normal people things no matter who they love. Some people just happen to be insecure as fuck about loving another person.

What I do see are a lot of insecure people attempting to set and enforce normal behaviour because they are afraid of being weird while ignoring the fact that being alive is the most weird and pointless experience ever.

Gotta have a little fun with the weird, pointlessness of existence, that's what can make life beautiful and interesting :)

Men can't read our signals in c/[email protected]
[–] confusedpuppy 5 points 3 days ago (5 children)

I was just having some fun by pointing out that women aren't the only mythical creature whose signals are hard to read.

I do agree with your last point thoroughly, bullshitters do be bullshittin' it. A lot. Too much I would say.

Men can't read our signals in c/[email protected]
[–] confusedpuppy 4 points 3 days ago (2 children)

I'm quite literally a bro they can hang out with, and have always been. I just lack the big strong arms they want me to have to cuddle them with D:

Men can't read our signals in c/[email protected]
[–] confusedpuppy 11 points 3 days ago (9 children)

Part of the confusion is the men I have had experiences with spend a lot of time talking about women but then invest an uncomfortable amount of time trying to turn me into a man that they want me to be for them.

One guy spent nearly two weeks trying to get me to take creatine and go work out with him. Like if he wants me to cuddle him with big, strong, manly arms, he was going about it in a weird way.

It's just as confusing when men love that I treat them as unique individual but get upset with me that I also treat women like unique individuals, almost like they are jealous.

The signals are there but I can't read 'em!

Men can't read our signals in c/[email protected]
[–] confusedpuppy 39 points 3 days ago* (last edited 3 days ago) (21 children)

I'm autistic as fuck so I can't read anyone's signals but men are just as bad. I could never understand why men worked so hard to get my attention and got all weird when I didn't give them that attention.

They also spend a lot of time trying to shape me into the type of man they want to be around yet they would never outright say what they are doing and why I should change for them.

Then they would get all jealous when I actually hung out with women and get even weirder about it when I wouldn't engage them in the weird conversations they wanted to have about women.

Like dude, if you want a hug or a cuddle, just say so because these roundabout games you're playing is confusing as fuck.

So now I wander the earth thoroughly confused...

Can't access exposed rootful podman container from outside of host device in c/[email protected]
[–] confusedpuppy 4 points 4 days ago (2 children)

podman ps shows the following:

CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS                                                         NAMES
daae60bdcc65  docker.io/library/caddy-caddy:latest  caddy run --confi...  47 minutes ago  Up 47 minutes  0.0.0.0:80->80/tcp, 0.0.0.0:5050->443/tcp, 2019/tcp, 443/udp  caddy

netstat -tunpl shows the following:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5025            0.0.0.0:*               LISTEN      3270/sshd: /usr/sbi 
tcp        0      0 0.0.0.0:5050            0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 10.89.0.1:53            0.0.0.0:*               LISTEN      7336/aardvark-dns   
tcp6       0      0 :::5025                 :::*                    LISTEN      3270/sshd: /usr/sbi 
udp        0      0 10.89.0.1:53            0.0.0.0:*                           7336/aardvark-dns

The only difference for the netstat command between Docker and Podman is that Podman show's entries for aardvark-dns and Docker does not which is something I expect.

22
Can't access exposed rootful podman container from outside of host device (self.selfhosted)
 

As of right now, I currently have a working Docker container for Caddy which can successfully get TLS certs and I am able to access my own test site with an external web browser.

What I want to do use the same files (Dockerfile, docker-compose.yml and Caddyfile) to do the same with Podman Compose. When I run podman compose up -d I am able to build the Caddy container and it will also successfully get it's own TLS cert.

docker-compose.yml

services:
  caddy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 80:80
      - 5050:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - /home/sxc-pi/shared/:/srv:Z
    networks:
      - reverse_proxy

volumes:
  caddy_data:
  caddy_config:

networks:
  reverse_proxy:
    external: true

While on the same device, I can use curl localhost:5050 and get the message Client sent an HTTP request to an HTTPS server. which is the same result as if I were using Docker. If I try to access my site through my domain name or local network ip address from an external device, the connection times out.

I didn't make any changes to my firewall or router's port forwarding because I expect Rootful Podman Compose to work similar to Docker.

I checked iptables and below are the differences between using Docker and Podman but I don't really know networking enough to understand what it's really saying

iptables differences

sxc-pi:/srv/caddy$ diff ~/iptables-docker ~/iptables-podman 
***
/home/sxc-pi/iptables-docker
+++ /home/sxc-pi/iptables-podman
@@ -31,8 +31,6 @@
 
 Chain DOCKER (2 references)
 target     prot opt source               destination         
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http
 DROP       all  --  anywhere             anywhere            
 DROP       all  --  anywhere             anywhere            
 
@@ -70,15 +68,20 @@
 Chain NETAVARK_FORWARD (1 references)
 target     prot opt source               destination         
 DROP       all  --  anywhere             anywhere             ctstate INVALID
+ACCEPT     all  --  anywhere             10.89.0.0/24         ctstate RELATED,ESTABLISHED
+ACCEPT     all  --  10.89.0.0/24         anywhere            
 
 Chain NETAVARK_INPUT (1 references)
 target     prot opt source               destination         
+ACCEPT     udp  --  10.89.0.0/24         anywhere             udp dpt:domain
+ACCEPT     tcp  --  10.89.0.0/24         anywhere             tcp dpt:domain
 
 Chain NETAVARK_ISOLATION_2 (1 references)
 target     prot opt source               destination         
 
 Chain NETAVARK_ISOLATION_3 (0 references)
 target     prot opt source               destination         
+DROP       all  --  anywhere             anywhere            
 NETAVARK_ISOLATION_2  all  --  anywhere             anywhere            
 
 Chain ufw-after-forward (1 references)

I've also rebooted after starting the Podman containers incase there were any iptables issues but that still didn't help.

I've searched what I can but haven't gotten anything to work or get me closer to finding an answer.

I'm hoping to use Rootless Podman if I can figure this out, if not I have Docker as a fall back plan.

Any help or insight would be appreciated.

29
Caddy + DeSEC.io + DNS Challenge [Solved] (self.selfhosted)
submitted 1 week ago* (last edited 1 week ago) by confusedpuppy to c/[email protected]
10 comments fedilink
 

For a couple weeks I've been struggling to get TLS over Caddy with DNS challenges. My ISP blocks incoming data on ports 80/443 and I was looking to use an uncommon port (5050) for my personal needs.

I've followed the instructions here and I've made sure to use the proper DeSEC.io module in my docker build.

When I start my docker container and check the logs, I get an error that says the challenge failed because of an incorrect TXT record. However when I check DeSEC.io's website, the TXT record that was created matches the Caddy log error message and even shows that the TXT record has been last touched "less than a minute ago."

I've tried minimizing my Caddyfile to the bare minimum and I still can't seem to get TLS working.

Dockerfile

FROM caddy:2.10.0-builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/desec
FROM caddy:2.10.0

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker-compose.yml

services:
  caddy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 80:80
      - 5050:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - /home/sxc-pi/shared/:/srv:Z
    networks:
      - reverse_proxy

volumes:
  caddy_data:
  caddy_config:

networks:
  reverse_proxy:
    external: true

Caddyfile

{
        acme_dns desec {
                token "<DeSEC.io Token Number>"
        }
}

files.samplesite.com {
        root * /srv
        file_server {
                hide misc
                browse
        }
}

At this point I do not know what else I can try to get TLS working with Caddy. If I can't get this to work, I can use Nginx Proxy Manager as a tried and tested backup plan, although I prefer to use something that is terminal based because I don't want to use the Web UI that NPM uses.

Any insight or help would be greatly appreciated. I'm also not looking to use any tunnel services at the moment. I'd like to figure this way out so I have a fall back plan if I decide to use a tunnel in the future.

36
The babies grew up too fast (lemmy.dbzer0.com)
 

Woke up this morning to an empty nest. The babies were walking around the deck while both parents were out.

About an hour later both parents came back. The babies were hiding behind a pot so I moved it out of the way and the one parent immediately came down and sat with them for about 10 minutes.

After a bit the parent called out and fed both the kids. Not long after that they all flew off into the big tree in our backyard.

Sad to see them go but I hope they stay safe out there and come back again next year :)

45
Frosted (lemmy.dbzer0.com)
 
52
Yoga Bun (lemmy.dbzer0.com)
 
39
A cool day is great for cuddling (lemmy.dbzer0.com)
 

We have a nice cool day today after some really hot days. The babies were all cuddled up and staying warm.

Bonus baby picture

Here's some colour to make up for the sad flowers in the dove planter box.

And a sleepy bee butt

8
Why do mourning doves vibrate? (self.pigeon)
 

Lately I've noticed the mourning dove nesting in our planter has been vibrating a lot lately. It's throat visibly and silently vibrates. I've even noticed it's tail has been vibrating as well and it's causing the plants in the planter to shake too.

Currently there's two babies in the nest with it so I assume it's some form of contentment like a cat purring?

When I first go outside, it's usually like an unblinking statue. Once I'm sitting down and eating or playing music at a reasonable volume, it's quite animated, curious, blinking and vibrating constantly.

I also thought maybe it has something to do with producing crop milk since this all started sometime around when the babies hatched but I can't find anything when I search for more information.

44
Babies! (lemmy.dbzer0.com)
 

Every year there's mourning doves that nest in our planter that hangs on the backyard deck's railing. This morning I was able to get a couple quick pictures of the babies during the morning shift change :)

Here's one parent looking cute and keeping their babies safe.

45
I don't know if that's a cucumber anymore... (lemmy.dbzer0.com)
 

What's growing in my garden? I didn't plant it. It's just doing it's thing. It's also become one with the mystery tomato plant growing beside/in/on it.

Here's a picture of the flower if that helps

Everything about this plant is comically oversized

26
Butt Buddies (lemmy.dbzer0.com)
 
21
Terminal-Based Web Browsers (self.foss)
 

Over the past year as I've gotten into linux and self-hosting as a hobby, I've found an interest in using terminals and the "minimalist" feeling it gives me. Recently I found out there are terminal based web browsers and I'm really interested in the stripped down nature of web browsing it offers.

I already tried out W3M but I know there are a few others such as Lynx and Browsh.

I'm interested in hearing about other people's experiences with terminal web browsers, the pro's and con's and also the reasons for using them.

63
I've given up doing any sort of planning (lemmy.dbzer0.com)
 

I only do chaos gardening now.

My seedlings didn't do well this year but there seems to be a bunch of tomatoes, cucumber plants and red mustard growing all over. All of them in very inconvenient spots. But it's happening and they are here to stay now.

I don't know why this cucumber plant is so big though. I didn't even know they could get to that size.

My other garden bed is an absolute free for all. I just threw a bunch of wildflower seeds from a nearby trial, a seed mix to attract hummingbirds, yellow clover and beans in there. Whatever happens, happens.

I'm pretty sure my dad hates it because there's so many "weeds" in there. I think it's pretty and there's always so many bugs hanging out there.

view more: next ›