Lets start with the good

• latest match engine is quite good, haven't see any weird stuff going on and the movement of the players are quite smooth now

The bad

• The new ui is not consistent, space bar sometime works for continue, but on the match it doesn't, so that someone (me) need to click it
• This filter don't work

• this modal page sometimes appear and disappear, a lot of time it's stuck there so that i need to click X on top right if i want to check the message

• When I wan't to confirm, i can't use space bar / enter. I need to click that OK button
• I can't use space to stroll through messages anymore, a lot of press question are skipped due to this
• Shouts are gone, this frustrate me if sometimes I want to bash a player that miss open goal
• I delegate match talks to my Assistant Manager, but I still need to give half time & full time talks

They made no improvement for those who really need one, a lot of them are easy fix rather than adding a whole woman leagues for example:

1. they use the same script template for any interaction, i start to delegate it to my assistant manager due to lack of variety on before / after match, dugout, the press are like NPC that keep asking the same question over and over again. even interaction with agents & player.
2. Player asking for improved contract are too often, on highest football league level even if they're not paid that low anyway, and they ask for quite high wages that always break wage structure, and more people will ask for new contract if I've ever give one
3. almost everything else

To summarize this, not only they make almost no improvement, they also manage to make their games more retarded than before, even after 1 year break of not releasing anything.

I can believe that QA on Sports Interactive are only using scripts to test their game and no human really ever test this game.

Happy New Year!

I've decided to revive my tradition of making New Year's resolutions on my blog, even though I often struggle to keep them.

Reflecting on past resolutions, I've always aimed to acquire new skills, like learning to play the guitar (which I never did), mastering backend development (which I haven't), or picking up a new language (which I only half-assed attempted).

Last year, I didn't set any resolutions and felt like I was stuck in place.

Lesson learned! This year, I'm keeping it simple and focusing on two fundamental areas where I need improvement:

1. Empathy
2. Discipline

There's no concrete way to measure my progress in these areas, but I hope that by the end of the year, I'll be a happier person and a better role model for my children.

I have a Windows laptop for almost everything: works, movies, games, anything you name it. but I’m not sure why, I’ve been distracted a lot of time with it, it seems like I can’t focus more on the stuff that I need to. I feels like I need to setup a boundary to separate work/entertainment device

I’ve tried dual booting with Linux to separate those “environments” (https://wibenson.com/back-to-linux/), but the OS isn’t just … right, even after a lot of time tinkering with it. I feel like a lot of software on Linux is created to fulfill the needs, but it lacks the final touches that make it whole.

I've considered building a PC, but now might not be a good idea since I might need it to also do LLM well, I believe the Nvidia card is the best option here due to the software and community support, and the 5xxx series might be released soon with god knows what new AI feature that they will bring and walled on their new series, and it will be quite pricey too

then, apple just does a week of product release, one of them is Mac mini

Mac OS with One of the fastest single core in the planet, 16GB of RAM for all base variant,  not make my electricity bill go kaboom

the most important thing

same price with previous base variant

I’m sold

To be honest, this is the moment that I’ve been waiting for quite a time, a time when Apple stops mocking people with its “pro” devices that start with 8GB of Memory. They might not create “Scary Fast” event like last year, but oh boy, we don’t need a big event for a good product, we just need a good product

and by great product, not you iPhone 16 with 60hz refresh rate, not you

also, never touch specs upgrade on the Apple website, they make no sense on the pricing, I might be better off with building a PC if I need something more than 256GB / 16GB of RAM

If I consider the base model price and form factor, with the same price I can get Beelink SER7 with the specs:

• Processor: AMD Ryzen 7 7840HS (Max Turbo Frequency 5.1GHz, 8C/16T, 16MB L3 Cache)
• GPU: AMD Radeon 780M 12-core 2700MHz
• RAM: 2x SO-DIMM DDR5 5600MHz Slots (Built-in 32GB, up to 2x 32GB)
• Storage: 2x M.2 2280 NVMe PCIe4.0X4 SSD Slots (Built-in 1TB, up to 2x 4TB)
• Connectivity: Bluetooth 5.2, WiFi: WiFi 6 (Intel AX200)

For comparison, the Mac mini’s specs:

• Processor: Apple M4 (10 CPU cores, 10 GPU cores)
• RAM: 16GB unified memory
• Storage: 256GB SSD
• Connectivity: Wi-Fi 6E, Bluetooth 5.3
• Ports: Front: 2x USB-C (10Gbps), headphone Back: 3x Thunderbolt 4, HDMI 2.1, ethernet
• Weight: 1.5 pounds
• Dimensions: 5 x 5 x 2 inches

Beelink has double the RAM, 4X more storage, but Macs are much better on CPU and GPU performance, which affect how fast is an application loaded & runs or a webpage is opened.  I’m a proud owner of an early 2015 Macbook Pro that still runs today, albeit out of its time and we can tell that it’s very slow compared to most modern devices, I feel good with the user experience. how snappy everything is and I feel good using this OS.

In the end, two things matter here, which device can bring me more value, and if I’m good with the price that I paid for it.

I’ve considered a Macbook (pro) as my purchase, but I can tell that this Macbook would just sit there on the table, closed, connected to an external monitor, keyboard, and mouse. Maybe a few days on the outside in a month, but with more than twice what this Mac mini cost, I can’t justify that.

On my wishful thinking, in the future, if technology advances so much that I tempted to acquire another device, and this Mac mini is still survives, I think it can be a good homelab server device for it's low energy consumption, or maybe a NAS Server due to its high-speed port

First Impression  

Everything loaded instantly, after 4 generations, most applications already have their silicon version which makes it more efficient than using a translation layer. Trying to check the limit, it can run LLM qwen2.5-coder 7b and stable diffusion quite well, it is not mindblowing fast but I think it's enough for personal use.

❯ ollama run qwen2.5-coder --verbose
>>> golang script to remove disk from a machines and attach it to another
...
...
you're working with other cloud providers or on-premises systems, the steps would be similar but the API calls and
configurations will differ.

total duration:       48.671739791s
load duration:        22.358958ms
prompt eval count:    43 token(s)
prompt eval duration: 394ms
prompt eval rate:     109.14 tokens/s
eval count:           955 token(s)
eval duration:        48.252s
eval rate:            19.79 tokens/s

For the OS itself, not much has changed since the last mac os that I used (Monterey), some new features require another Apple device like an iPad for screen extension or an iPhone for “external webcam”.

Another new feature "Apple Intelligence" which they put everywhere (and not yet available until some months ago) is not usable, I’ve tried to use it several times but this might be the first apple major feature that I might not touch.

for example, if I want to access the notification panel using a keyboard shortcut, I need to ask with a specific keyword or it will just return Google search

for comparison, this is what ChatGPT does on the first try

maybe this will change after Apple integrates Siri with ChatGPT, but .. the features haven’t been released yet

In a previous post, I discussed how I exposed my local network’s traffic without a static IP address (Start of self hosted server). However, recently, this site is down, probably because the Tailscale session is expired.

Coincidentally, I discovered a better solution to this problem

Enter Cloudflare Tunnel

Despite having read about Cloudflare Tunnel before, it didn’t fully click until I stumbled upon a YouTube video titled Every Developer Needs a Raspberry Pi Then, I realized how easy and straightforward it is to expose my local services to the internet using Cloudflare Tunnel — even without relying on my Linode public IP address.

The migration

The best part? I completed the entire migration in just a few minutes. Here’s what I did:

Install Cloudflared:

I followed the installation instructions on GitHub to set up Cloudflared on my local machines

Create a Cloudflare Tunnel:

Using the guide Create a Remotely-Managed Tunnel from Cloudflare, I created a tunnel that redirects all traffic to http://localhost:80. I also need to remove all existing A Record from DNS management.

Copy Existing Routing Rules:

Transfer all my existing routing rules from Caddy on my public VM to Caddy running on my local machines using scp -r root@l-sg-0:/srv/caddy /srv.

Voilà! My site was back up, and the best part. No more worrying about refreshing Tailscale tokens to keep things working smoothly.

Browser Selector

Browser Selector is a handy tool for managing different browsers based on my needs. I need separate browsers for work, personal use, and multiple “session containers" sometime. I would consider an alternative like ArcBrowser which have everything in one, but I would wait for it become more mature.

UniGetUI (formerly WingetUI)

UniGetUI seems like a time-saver! Regularly updating installed applications is crucial for security and performance. Running UniGetUI periodically to ensure everything is up to date is a good practice.

Notion Calendar

Integrating your calendar with a Notion board is a great way to manage your time effectively. Being able to add notes related to work in progress or meetings directly within Notion is convenient. Plus, it keeps everything in one place!

I’ve been in Japan for 10 night, 3 night in Tokyo, 2 night in Fujikawaguchiko, 2 night in Osaka, 2 night in Kyoto and 2 night in Nagoya, most of it was spend in sightseeing, I’ve learned so much about Japan’s culture that I really respect of, eat a lot of good food, drink all kind of water, from non alcoholic to alcoholic one and appreciate the infrastructure.

Japan is one of the most visited countries in Asia, which when I came, it’s on Sakura blooming season and on a few weeks where a lot of tourists visit, boosted by the weak Japanese yen. which result in hence when I go to Japan, I can see a lot of people from another country, which is somehow... easy to distinguish

I can see the infrastructure in Japan is designed by human to another human for the sake of better quality of life, always on time and almost everything is predictable. for example, my first impression of the country. The immigrations is self-service and automated to the last bit until there’s a need of human part (I really feel the difference and pain when I get back to my own country). the luggage is sorted tidy when the process is done, the public toilet is the best, there’s always a price tag on any item on a store, I almost don’t need to ask for things except if it contains some meat that some of my families don’t eat

The infrastructure, especially the train, I will compare it to Indonesia’s, and I can see there’s not much difference between how I̶n̶d̶o̶n̶e̶s̶i̶a̶'s̶  Jakarta's is (thanks to mr. Ignasius Jonan), I still can’t believe why our government don’t push public transport usage more. compared to Japan’s (any city mentioned above) Jakarta's train line is simpler without that many operators and terminal. Japan’s train station has multiple operators on the same stations and some big stations have a lot of platforms, we need to make sure which platform we’re supposed on. I believe Singapore’s MRT have better experiences and easier to navigate

The road .. is another story. it have no speed bump, there’s almost no traffic on some part of the country, walker is prioritized to cross the road, the sidewalk has no pothole and very clean. Contrast to what’s we have on my home country. Indonesia may have similar / better landscape than Japan, but the reason why Indonesia won’t become tourist destination like Japan is because how much it lack in infrastructure, the absurd domestic flight price, the lack of public transport coverage in most city and the extortion from “local people”

it’s interesting that “pungli” is translated to extortion by google, it indeed has the same meaning, should we just use “pemerasan” for that kind of behavior?)

Over tourism may be a good problem for Japanese to have (and solve), it’s nice to know that some Japanese understand basic English and very accommodating, especially on public facility like train station or high tourist area, but in my opinion, don’t expect too much, we might travel to some less remote area and the local might not understand English. So it’s better to also learn some basic Japanese with their proper pronunciation with google translate as backup (not the other way around).

The view out there is amazing, supported with great weather

There’s some fun fact about Japan that I learned while I was there

1. The hotel is amazing, the first hotel that I’m using look old from outside but the receptionist (owner(?)) is very helpful, they have everything on the bathroom, from shampoo, conditioner, soap, lotion to hair tonic(?). The second one provide large plastic bag
2. I understand why it’s a great weather when it’s clear blue sky, in my country, a clear blue sky means it’s hot and humid as hell
3. they have adult store, just .. search it on google maps ;)

Maybe some tips, to help future traveler

1. Google maps is your best friend, you can go anywhere with it
2. The train ticket is a “magnetic” card with all kind of form factor, don’t put it near any magnet or it will broke the ticket. fool me realize this after 3 day of broken ticket, the best thing is, not a single officer that standby there assume it’s my fault, they just let me pass after see my card expiry date. one of them actually help me change my card (which i broke the very next day)
3. I learned this late, but don’t eat or drink while walking
4. Take off your shoes indoor
5. Put your backpack on the front in the train
6. Don’t talk out loud (and on the phone), inside the train is the safe place for all people to rest, sleep or anything that don’t bother other people
7. Keep your trash, bring a small plastic to hold your trash, there’s not a lot of trash bin out there
8. Don’t suddenly stop when walking, let people walk fist, watch around when walking. Japanese sure do walk very fast (and I like it)
9. Check the weather forecast, prepare accordingly

Now, random picture drop

This is for research purposes. I've been utilizing Tailscale's exit node from this blog's virtual machines, which sufficiently hides my internet tracks and improves my internet speed. For some websites, media loads noticeably slower without a VPN. I don't use it to unblock government-restricted sites, as I don't visit those sites anyway ;)

The idea arose because I wondered if it was possible to enhance my online privacy further, as the IP detected on the server side is still associated with this blog, which has my name attached to it.

The big question is: can I achieve more with less cost?

Enter NordVPN + Tailscale

I can set up a virtual machine (VM) without my name attached. A new VM with a public IP will cost me $5 a month from a reliable cloud provider. NordVPN costs $3.69 a month for up to 10 devices. If I find a group of 10 to share a NordVPN subscription, it could cost as low as $0.369 a month. However, seakun.id offers a similar service with a small fee, and I want to set this up quickly, so I'll use seakun.

I'm still limited to one active VPN at a time and I have many devices. I need to set up a "gateway" for all my devices. I already do this with Tailscale's exit node from my cloud VPN, so I just need to set up NordVPN on my Orange Pi (referred to as "the board" from now on) and then use that node as my Tailscale exit node.

# setup nord
sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)
nordvpn login
nordvpn login --callback "nordvpn://login?action=login&exchange_token=copythisfromcontinuebuttonrightclickcopylink&status=done"

# ssh routing (optional)
sudo ip route add 192.168.6.0/24 dev eth0 # lan
sudo ip route add 100.64.0.0/10 dev tailscale0 # tailscale

# whitelist so we can ssh
nordvpn whitelist add subnet 100.64.0.0/10 # tailscale
nordvpn whitelist add subnet 192.168.6.0/24 # lan 

# tailscale up 
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf\necho 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf\nsudo sysctl -p /etc/sysctl.d/99-tailscale.conf

sudo tailscale up --advertise-exit-node

# approve exit node on tailscale console

# disable nordvpn firewall (or allow tailscale network) or tailscale will return offline status with error log: Tailscale hasn't received a network map from the coordination server in 

nordvpn set firewall off

# I need to have my tailscale magic dns works, also adguard dns
nordvpn set dns 94.140.14.14 100.100.100.100

nordvpn connect antartica

I can use "the board" as an exit node, and it detects me wherever I connect the NordVPN. However, I encountered a small issue where I couldn't SSH into "the board," which I resolved by downgrading from the latest version.

Enter Rundeck

It annoyed me to SSH into "the board" every time I needed to change the country. To streamline this, I overengineered a solution and set up Rundeck to provide a UI for running NordVPN commands. Now, it looks like this:

But after a few uses, I found Rundeck wasn't as easy as it seemed. I had to log in and click several things before doing anything. There should be an easier way, right?

Enter Rundeck's API endpoint, With Rundeck's API endpoint, I can run a job with its parameters from a curl command. I just need to generate a token, and I can do this from my terminal. However, a phone doesn't have a terminal. Yes, I know it has Termux, but I've tried it, and it requires more setup to be usable—it doesn't even have history by default. :facepalm:

.. However, a phone doesn't have a terminal. Yes I know it has Termux, but I've tried it, and it requires more setup to be usable—it doesn't even have history by default. :facepalm:

Enter Telegram bot

To complicate this small project, I needed something that could interact with my Rundeck API Gateway or NordVPN directly. Fortunately, among all the free messaging services, Telegram Bot is the easiest to set up, thanks to BotFather. Creating the code wasn't hard, especially with help from ChatGPT. Here's the Python code with some tweaks like I don't want this bot to be accessible to any Telegram user except me:

from telegram import Update, ReplyKeyboardMarkup
from telegram.ext import Application, CommandHandler, MessageHandler, filters, CallbackContext, ConversationHandler
import requests,os
from dotenv import load_dotenv
from functools import wraps

load_dotenv()

# Define states for the conversation
CHOOSING, GET_REGION = range(2)
HEADERS={
            "X-Rundeck-Auth-Token": os.getenv('RUNDECK_AUTH_TOKEN'),
            "Content-Type": "application/json",
        }

# Define the allowed user ID (replace with your actual user ID)
ALLOWED_USER_ID = 123456789  # Replace with your actual Telegram user ID

# Define a decorator to check if the user is allowed
def restricted(func):
    @wraps(func)
    async def wrapped(update: Update, context: CallbackContext, *args, **kwargs):
        if update.effective_user.id != ALLOWED_USER_ID:
            await update.message.reply_text("You are not authorized to use this bot.")
            return ConversationHandler.END
        return await func(update, context, *args, **kwargs)
    return wrapped

# Define command handler for /connectvpn
@restricted
async def connectvpn(update: Update, context: CallbackContext) -> int:
    reply_keyboard = [['Connect', 'Disconnect']]
    await update.message.reply_text(
        'Please choose an option:',
        reply_markup=ReplyKeyboardMarkup(reply_keyboard, one_time_keyboard=True)
    )
    return CHOOSING

# Define message handler for the choice
@restricted
async def choice(update: Update, context: CallbackContext) -> int:
    user_choice = update.message.text

    if user_choice == 'Connect':
        await update.message.reply_text('Please enter the region:')
        return GET_REGION
    elif user_choice == 'Disconnect':
        # Perform HTTP request for disconnect
        data = {"argString": "-connection disconnect"}
        response = requests.post(os.getenv('RUNDECK_VPN_JOB_URL'),headers=HEADERS, json=data)
        if response.status_code == 200:
            await update.message.reply_text('VPN disconnected successfully.')
        else:
            await update.message.reply_text('Failed to disconnect VPN.')
        return ConversationHandler.END

# Define message handler for the region
@restricted
async def get_region(update: Update, context: CallbackContext) -> int:
    region = update.message.text
    # Perform HTTP request for connect
    data = {"argString": "-connection connect -country " + region}
    response = requests.post(os.getenv('RUNDECK_VPN_JOB_URL'),headers=HEADERS, json=data)
    if response.status_code == 200:
        await update.message.reply_text(f'VPN connected to {region} successfully.')
    else:
        await update.message.reply_text(f'Failed to connect VPN to {region}.')
    return ConversationHandler.END

# Define command handler for /start
async def start(update: Update, context: CallbackContext) -> None:
    await update.message.reply_text('Hello! Use /connectvpn to manage your VPN.')

# Define function to cancel the conversation
async def cancel(update: Update, context: CallbackContext) -> int:
    await update.message.reply_text('Operation cancelled.')
    return ConversationHandler.END

def main():
    # Create the Application and pass it your bot's token
    # Create the Application and pass it your bot's token
    application = Application.builder().token(os.getenv('TELEGRAM_TOKEN')).build()

    # Define conversation handler with the states CHOOSING and GET_REGION
    conv_handler = ConversationHandler(
        entry_points=[CommandHandler('connectvpn', connectvpn)],
        states={
            CHOOSING: [MessageHandler(filters.Regex('^(Connect|Disconnect)$'), choice)],
            GET_REGION: [MessageHandler(filters.TEXT & ~filters.COMMAND, get_region)]
        },
        fallbacks=[CommandHandler('cancel', cancel)]
    )

    # Register handlers
    application.add_handler(conv_handler)
    application.add_handler(CommandHandler("start", start))

    # Start the Bot
    application.run_polling()

if __name__ == '__main__':
    main()

I'm a self-proclaimed browser enthusiast. I love experimenting with new features and approaches to web browsing. From Edge's AI-powered Copilot to Firefox's innovative Container tabs, there's always something exciting on the horizon. However, each browser has its quirks that prevent me from fully committing to any single one. For example, Firefox's past struggles with DNS resolution on startup (which I believe they've recently addressed) kept me from using it for a while.

After what felt like forever, Arc Browser finally launched for Windows! I've been diving into it for two weeks now, and wanted to share my early thoughts.

The Good Stuff

Arc's "Spaces" feature has been an instant win for me. As someone who like to divide works and personal environment, it's fantastic to have separate workspaces for my various tasks. It's a much cleaner, more organized way to work. This feels like how Firefox multi container, but instead I have two environment instead of putting everything in one windows.

Chrome can do this, but I dislike to only able open a link in one profile. and also, it open on multiple windows while windows 11 have that long time bug where Win + (#) number key command not opening taskbar apps and previews in Windows 11 when there's multiple windows for the same app opened (https://aka.ms/AAjb755) kudos for windows for not fix this bug for 3 years and keep releasing AI features /s

Another nice touch is Arc's handling of duplicate tabs. If I open a new tab and start typing a site I already have open, Arc cleverly takes me to the existing tab instead of creating a new one. This might seem small, but it's those little details that make a browser feel more intuitive.

Arc's "auto archive" feature has been surprisingly helpful. It automatically suspends tabs I haven't used in a while, freeing up system resources. It's like those onetab, but built right into the browser and far less clunky.

Some Bumps in the Road

Unfortunately, it hasn't all been smooth sailing. One of the first things I noticed is that Arc doesn't display website certificates. If you're like me and want to quickly check a site's security details, you'll still need to have another browser on hand, which is a bit of a hassle.

I'm still on the fence about the vertical tab layout. It's definitely easier to read the titles when you have a bunch of tabs open, but I've also found myself struggling to find specific tabs sometimes, especially if they're for ongoing things like Google Meet calls.

Bookmarks in Arc are essentially permanent tabs, which I actually like. I don't use bookmarks much, and when I do, it's usually more of a reminder to myself that a website exists.  Having it always there as a tab feels more useful to me than a traditional bookmark.

A Few Bugs to Squish

Being an early launch, there are still some bugs to work out. As I write this post, Arc keeps opening new tabs in a different space than the one I'm working in, which is a bit frustrating.

Overall

Overall, my first couple of weeks with Arc have been mostly positive. It definitely feels like a browser designed for the way we use the web today, and features like Spaces and auto archive are genuine improvements. If the team can iron out some of the kinks and maybe add a certificate viewer, Arc could be a real contender.

Have you tried Arc yet? What are your impressions?

Let me know in the comments below!

The default setting from ArcBrowser to "popup" link rather than new tab makes feeds easier to browse, especially with shortcut like j for next page, k for previous , space to open the link and ctrl + w to close the pop up "tab"

I’m a S20FE users that just switch my phone to S23 and I feel scammed by Samsung, not that because S23 isn’t a great phone, oh it’s not a perfect phone either, but the problem is that I use a supposed “flagship” experience phone for 2 years when it isn’t

Beware that this is a rant post, and this is not a suggested post for someone to read, if you have enough toxicity in your life, lets move on and skip this post

More details

What’s wrong with the old S20FE? there’s two answer for this

1. Exynos 990
2. My ignorance of it

I trust some reviewer that make a video of using this phone as a main phone for a day, unknowingly  that they get paid for it and maybe can’t give objective review from a phone, I trust some well known international reviewer knowing that they are using more efficient / powerful Snapdragon variant, and I can’t be more ashamed of this.

the thought process when I purchase that S20FE is: “what can go wrong with self made chipset, yes the benchmark show lower score than the snapdragon variant, but it’s the newest chipset, it can’t be worse than some mid range phone, right? even apple doing a great job with it’s own chipset” I also expect some better performance because the phone and the chipset are made by the same company.

Oh how wrong I am, the end result is a battery sucker - hand warmer - ear burner - glitchy smartphone. from I can’t run high end game on this smoothly to I burn my ear when i take a call under sunlight.

I can understand if it still can’t run high end game, I don’t game that much on a phone anyway, but to get my phone get so hot from daily normal usage is … baffled, how is it so different from what the reviewer tell me? how can a company release a product this bad and get away with it.

Well.. no, they don’t get away from it, from they acknowledge the problem, Samsung going with Snapdragon chip in South Korea for the Galaxy S20, the shame of not releasing internally created chipset on their own home country,  on 2021 they decide to release Exynos version on their home, but the reviewer country (US) still got Snapdragon variant, but the trust isn't there anymore. Galaxy S21 series are lower than S20, S10 sales. On 2022, they released S22 Snapdragon version on Indonesia, but the European market still got Exynos version and finally they scrape Exynos on 2023’s S23 altogether, there’s no Exynos 2300 for 2023 to the point where their profit plumeted because of the low demand for the chip and lower profit margin of using Snapdragon variant. which force their hand to come back to Exynos for their next flagship.

I prided myself as one of those who appreciate technology advancement and not over fanatic / hate on some “brands”, I like to compare one technology brand to another and make my own opinion over that, if the next Exynos are doing great, than good for them, I love to see competition in the market, if it can be more efficient or powerful than Snapdragon variant, when I need to switch my phone again, I’m not afraid to use Exynos again, but in my opinion, a big company like Samsung which decide release “failed product” is worse than apple who make a closed product. They are the largest seller of android phones. I can’t laugh at apple decision to make people unable change back cover from third party without some feature disabled when the finished product I got from Samsung is “failed” in the first place, yes there’s a good thing from S20FE, it took beautiful photo and video, but that’s it.

How to fix this relationship

Nothing broken, really. I realize that part of this is also my mistakes, I trust some people that I shouldn’t and I don’t do my research, I even purchase another phone from the same brand when I vow to not doing so

for others and myself to avoid the same issue in the future, I would recommend some extra things to do: go to the phone subreddit / forums (open forums, not that closely controlled Samsung member) and find out what people opinion on that phone, we will get subjective point of view from people who use that as a daily driver

For Samsung, it will be nice to not release a worse variant on a region and using a same series name, either you sell both variant on all region and don’t use the same series name or be brave and sell your own chipset on all region

For local big name reviewer, please be as objective as possible, I know Exynos - S20FE isn’t good, but I haven’t find even one reviewer to told me so. and please be careful for the wording, I just feel worse when the S23 is giving another level of flagship experience. yet some big reviewer try to sell that experience on S23FE series with “flagship” word - courtesy this articel on how to make a smartphone a flagship from mediatek

no, S23FE is not a flagship, and never will be

I use Windows for my day-to-day job, but all servers mostly using Ubuntu, including my self-hosted one.

I have some problems with Windows, the [win] key + [number] shortcut sometimes didn’t work, this problem has been appeared from my first install of Windows 11 and also reported via Window’s feedback hub, it seems like not everyone encountered this bug because of the low report count (or nobody is using this (but how..)). Microsoft already acknowledge this problem by responding to the feedback-hub ticket 9 months ago and they released a patch on Dev Channel, how is that patch never arrived on the beta channel is baffling me  I’m just not brave enough to use that channel because I still want my device reliable.

I also use an old and slow 2015’s MacBook Pro that I often brought outside work because it’s light and actually has “battery”, somehow I can be more productive using this laptop, probably because I can’t do multitask very well so I can’t get distracted for too far, also I can’t install any game here

So, on one bright Saturday, just me procrastinating about what I should do, disgusted by my shortcut that did not work, motivated by trying to check how efficient it would be for me also to use Linux for my daily driver. so I just download the latest POP OS  and boot it up.

Pop!_OS 22.04

Pop!_OS is the latest Linux Distro of my choice before I migrate to Windows 3 years ago, in my opinion, they provide the best UI out of the box and looks clean, the installation is going well, and I can install and boot without much issue, just make sure that secure boot is disabled

and then, the Linux configuration nightmare began

oh you sweety old friend

here is the list of configuration that I made

Scaling issue with Large High Res Monitor

this is what appears on my monitor

okay, easy, let's just scale this up

this may look normal, but believe me when I said this is not the ideal view for a 4k monitor, and also why I can’t pick 150% scale? and why does my secondary laptop screen also bombarded to 200%

yes, Fractional scaling does the job, but now my mouse is blinking all the time and my second screen is cropped.. this is not ideal, Fractional scaling is a deprecated option that's.. better be left alone

so, back to non-fractional scaling, some people on the internet recommend to keep using 100% but also setting the font’s scaling factor to 1.5, this makes the button small but everything is readable, not really an ideal solution but there are no better options.

VPN

shamelessly copied from askubuntu.com, but here’s my exact problem

!https://i.stack.imgur.com/Shy56.gif

how is Add button greyed out? this thread and another thread discussing this

apt-get? apt? snap? … flat?

Just how many application managers do you need? exaggeration with apt-get and apt because they are the same things, flat is a new thing for me and I never use snap before, but I think I like snap, it have a lot of apps registered, have a nice website to showcase the app and also an app for it, snap store

On the topic of "app store", in my opinion pop shop provides better UI than snap store, but I still won’t use both because it’s ordered by alphabet, I may use Snap Store because I can manage my command-lines snap installation

snap windows to left down

Windows also have this problem, but easily solved with powertoy, if there’s apps that I can bring to Linux, that would be powertoy and Microsoft office. Snap windows it’s still achievable with tilling assistant, but it does feels harder to use, some configuration that I want also hidden behind “Advanced / Experimental Settings” that I missed in the first

[Win] key + number shortcut

it’s not enabled by default, but easily achievable by toggling one of the config from command line

gsettings set org.gnome.shell.extensions.dash-to-dock hot-keys true

no bugs here!

After a week

it’s been a good experience so far, I don’t have issues with peripherals and driver, NVIDIA drivers work flawlessly this time (Pop OS even differentiate installation image with or without NVIDIA drivers). I need to remember the keyboard shortcuts but that muscle memory does get back fast. did configure it a lot in the beginning, but I almost don’t touch the settings after that.

For the performance, its all fast and snappy, I rarely hear my laptop fans running, and the Linux OS uses half of what my Windows use in idle condition with all necessary apps opened (slack, browser, terminal, and vs code)

For fun, I set all the themes to Dracula and this is the best decision I ever made this week. It does feel seamless moving from one application to another, to quote the intention of the maker

I always believed in the cost of context switching. I know how it feels when you're "in the zone", then suddenly, you get distracted and lose focus. It shouldn't be that way, so I decided to create my own color scheme, and my mission was to make it available everywhere.

This post will walk through my thoughts process to expose a service that runs on my local network

Premise

I already did expose service, which I have posted a bit from my previous blogs, quick recap on that:

while I can expose services with well-known good authentication (for example grafana or adguard-home) I can't expose services with no authentication (for example: dashy) and services with too basic authentication that it's insecure & easy to brute force (for example sonarr, radar, and qbittorrent)

The goal here is to have some authentication methods for all of my services so that we need authentication services

The Authentication Services

yes, I know the title already said that I use authentik, but the options for me are:

• Setup Google login and protect anything insecure with Google auth proxy
• Same as before, but instead of Google auth proxy, we use Pomerium
• explore auth services like keycloak, authelia or authentik

Setup Google login + auth proxy may be the easiest way to do, I'm familiar with it, but the last time I check, I must provide every Google auth proxy for every service that I have, and I have many services to expose.. this option is something that easy in the beginning but don't scale very well

Another similar option is Pomerium, I've also pretty familiar with Pomerium, and I still can google login proxy with the better value from previous options with just one deployment for all services that I have

Then I find authentik, something that I haven't used before. From the documentation, I can have one login method for all services that I have, for example, if I have logged on to https://grafana.wibenson.cloud, I can open https://homepage.wibenson.cloud without login, authentik also have other security protocol that I'd like to explore in the future. Authentik also seems preferred on this Reddit thread

hot damn, I'm in

Authentik

The setup itself is quite simple, and the guide from the official docs is quite good, I won't rewrite that here because I believe it's subject of changes (or I'm lazy), here is the new diagram after we have Authentik

There are only one cloudflare and Caddy service, I split it up to 3 just to understand the flow of each services, authentik itself has a lot of documented integration with services on their documentation, but in short, authentik proxy provider will work with a lot of services, for some that already have "solid" authentication like grafana, we will just add antoher layer of authentication, so that the user will login twice, once for authentik and another for the app itself, so that's why services like grafana that support external OAuth, it's better to use Authentik Oauth Provider to simplify authentication

Epilogue

some noteworthy thing to mention is:

1. Authentik needs a lot of memory, the docs state the minimum requirement is 2 core and 2 GB of memory, I use around 900++ mb of memory

➜  authentik docker stats | grep authentik
04e80aafca1c   authentik-worker-1            2.04%     240.6MiB / 7.506GiB   3.13%     332MB / 222MB     1.01MB / 0B       7
786fada5d82f   authentik-server-1            1.68%     570.7MiB / 7.506GiB   7.42%     120MB / 177MB     21.4MB / 0B       48
277d8712366d   authentik-postgresql-1        0.43%     78.05MiB / 7.506GiB   1.02%     93.4MB / 89.7MB   80.7MB / 326MB    10
9048807a0646   authentik-redis-1             0.38%     9.305MiB / 7.506GiB   0.12%     285MB / 347MB     3.99MB / 3.13GB   5

2. There's an integration with google login, and it does work. But to the point where this blog is written, I still have issue with how can I allow specific email to signup (or disable signup altogether).

3. Authentik does support authorization! it's really a nice feature that can be implemented in an organization, not really useful for self-hosted private projects because usually there's only one person accessing all this stuff.

4. There's a point where suddenly I can't login into authentik without error message,  there's authentik log ERROR:  invalid input syntax for type inet: "172.70.142.146:56164" at character 491 which.. don't really tell anything, except that it seems like this wasn't the correct format for IP  address, hardcoding remove caddy's x-forwarded-for solve the issue for me (Cloudflare already provide correct x-forwarded-for), it was my mistake to overwrite it with remote_addr

Update 2023-07-28: Fix some wordings

This page will tell how to secure stuff after I see a lot of people hacked on my social media feeds, and I will keep this as short as possible

to not get hacked, there are 2 basic rules:

1. Use your phone as a second-factor authentication
2. Don't lend your phone to anyone

Use your phone as second-factor authenticator

This should be the default security application for your email account, social media account, and digital bank account. the options are:

• SMS
• Second-factor apps like auhty or Google authenticator

some links on how to do this:
- gmail
- instagram

Also keep in mind that you must remember your password, don't write it down anywhere else if it's possible, if you forgot, just reset the password.

Don't lend your phone to anyone

When you're using your phone as a second-factor authenticator, treat your phone as another layer of password, you won't lend your password to someone else, right?

One small thing that I do is to lock my sim card, from your phone Settings, search for SIM card lock on Android or SIM PIN on IOS devices, change the pin. this should stop people from using my SIM card if they stole it.

I would also recommend disabling the lock screen messages preview - to keep SMS/email authenticated code can be viewed even if the phone is locked.

Bottom note

Just these two main rules, you should be fine. even if you somehow get hacked, you should be able to recover your account, just try to double-check the page where you insert your password to avoid phishing.

Email verification code or WhatsApp may be less secure because you may have logged on to another device that is often accessible to another person, your laptop for example.

If you use Password Manager, also try to keep that as secure as possible, don't add your mail email password to your password manager. Don't use the second-factor auth feature from your password manager, keep the password manager requires your password/fingerprint every time you need one.

Remember that a hacker is often not someone behind a computer who types 1000 words per minute, a lot of time it's just someone close to you, wearing a friendly mask and helpful attitude.

After giving a lot of time thinking of whether I should "invest" more in a product, I finally decided to buy Orange Pi 5, this one comes without EMMC and WiFi, but it does have a slot for m2 nvme and WiFi extension.

This post will talk about my first impression of Orange Pi, what is the issue, and how well it works.

note if you're living in Indonesia, purchasing orange pi is cheaper with aliexpress.com, even after adding shipping cost and tax. I would recommend this if you have time to wait for, my item get delivered in 22 days (from estimated 30 days)

Back to the orange pi, which I will call pi from now on, I already migrate all my home media setup from my old laptop to the pi, it's pretty simple because I copy all the docker setup and the data. I use Ubuntu Server from Joshua Riek for the OS, a brand new Samsung micro sd for the storage, and a Realme type c charger (I see that it matches orange pi's requirement – 20w / 5v 4A).

noteworthy things:

Some bumpy road that never occurred to me on cloud server setup

first time working with a machine that is only accessible from SSH, I find some issues like the IP address that keeps changing back to default until I realize that I must use static IP, I use netplan for this.

fun fact, I reformated the OS because I thought I messed up with my boot config

After I confirm that I have static IP after a reboot, I found out my radarr / jacket services can't access torrent sites because they are blocked by our government's "healthy internet" (a firewall layer that blocks porn / whatever site the government didn't like), Okay, I can use DNSCrypt, but no.. netplan didn't respect its own DNS / nameserver config, changing nameserver at /etc/resolv.conf keep revert to default because of some process.

The solution? – Removing the symlink of /etc/resolv.conf and create the file manually with a nameserver pointed to DNSCrypt IP

Kubernetes setup

To be honest, this is something that I try first after booting up, but after installing, I find out on k3s documentation that kubernetes's etcd wear micro sd faster because of the high I/O, maybe I will try another alternative (for example this one) or just waiting for my budget to losses up and me buying storage. I will have another blog post for that

Slow USB with exfat or high storage

This is something that I need to research more, but I find out that browsing the ExFAT hard disk is noticeably slower than ext4, sometimes to the point that I can't ls the disk, but this is can also because it's a 5TB ExFAT hard disk and it may consume more power than the pi can provide(?). After I change it to my old 500GB ext4, disk browsing and writing are smoother and I just keep that way until I need the urge of more storage.

Benchmark

the results:

that MacBook Pro result is.. weird,  sysbench may not be a standard tool for benchmarking, but I think we can get the picture with the comparison with cloud providers like Linode or GCP. The pi's CPU / Memory utilization itself is quite low with my current setup

what I use the pi for

For now, I mostly use this as a media server, monitoring, and file downloader, but in the future, I'm planning some stuff like:

• Exposing some services to the internet, with authentication

• SSO with Authelia or Authentik or Pomerium if I'm very lazy
• Smart home that uses Local Area Network, so that my house does not become a dumb house whenever there's an internet outage. I use home assistant for this, the problem that I encountered is integration with Bardi devices. My Philips Wiz light and Xiaomi Yeelight are automatically detected with the home assistant, but Bardi's are a little more complicated)
• CCTV server
• Baremetal Kubernetes setup

The first question that appear was "why", and the answer is because:

• I want to watch a movie while lying on the bed with my phone/tablet
• My ISP sucks, it stops me from accessing a lot of research sites. I can use public DNS over HTTPS / VPN that I already own, but I think it's faster when I have the DNS server running on my local network
• I have a primary laptop that I use most of the time for work, this laptop draws a lot of power (because of the gaming label), and I don't want to keep this machine alive 24x7 with a higher risk of breaking when I need it.
• I want to have a backup solution for my primary laptop

then the question continues with what I need to solve that problem. For context, I already have a Linux virtual machine running at Linode, I utilized it for VPN, and whenever I need high-speed internet to docker build or for me to remote when I'm AFK and work from my phone. I use the lowest option available, it's 1 vCPU, 1 GB of memory, and 25 GB of storage for $1 a month. to be clear in layman's terms: it's not enough.

I don't want to spend another dime on object storage, I want more computing power, more ram, and more disk. I also have a 5TB hard disk lying around and some slow laptop that my sister complained since long time ago and I haven't found the time to fix that until she got another new laptop from her new job.

The answer seems so obvious now, let's buy a home server! and after quick research. I found out what I want, a SBC capable of rendering 4k media server, maybe a little computing power for backup work device and it's orange pi 5.The device is nice, but me being so cheapo thinking to spend another $134 for something so experimental, I'm not sure.

So let's back to plan A, re-utilized old laptop to be a server that up 24x7, not really a safe idea, but we must be agile and start somewhere. Here we go!

• The choice of OS, quick googling and just me being me – can't really stay in one Linux distro for a long time, finally chose Zorin OS Lite, mostly because it's known for being really light and can live well on older machines
• Setup dashy for a dashboard that will list service and their URL because there's will be a lot of services and I can't remember all the locations and port numbers

• setup jellyfin for the media server
• setup monitoring with glances for me to know which service causing everything to slow down / crash, we may improve this later on, but while we only running a single machine, I wouldn't give it too much thought
• setup transmission, radarr, sonarr, readarr and jackett for "downloading"
• Expose some service to the internet, accessible from this blog domain

The last part, exposing things also had its own catch, back to point 2 where my ISP sucks, I also realize that my ISP didn't give me a public IP. My internet has another layer of the internal network before being connected to the internet, I believe they do this because there's a limit to number of Public IPV4 and I only paid for lower services, this also makes some options like DDNS can't be used.

Back to exposing, quick googling gives me some potential solutions, serveo.net  is something that I do first,  the way they do is ssh port forwarding between my machines and serveo machines, and magically I can access my machines from somethingsomething.serveo.net. I also can use my chosen custom domain or even my own domain, which is super awesome when another well-known service paywall has this feature (I see you ngrok). but when I give it a second thought, I realize that I over complicate things, I just can setup VPN between my publicly accessible linode VM and my local machine, and I add caddy to reverse proxy some services that are served from Linode VM (like this blog) or to my local machine like dashy or glances (I'm not sure why I publicly share my process monitoring, will close that soon). I use tailscale for the VPN because it's just so easy to setup, they have good offerings for personal use, and there are just a lot of features available. bonus point, I also can access my machines anywhere with my phone and I can scrap my VPN because there's a thing called tailscale exit node that does the same stuff.

We're good, for now.. for the media part at least..

The idea is unlimited, while writing for this post, I also want to create a baby monitor, smart self-hosted home server - so my home did not become progressively dumber whenever the internet is down, and a lot of good things listed at https://github.com/awesome-selfhosted/awesome-selfhosted