- 0 Posts
- 55 Comments
4·2 months agoNoooo, you got this backwards. Think about how many times you wanted an extra key for something. Push-to-talk in VoIP apps, extra modifier keys so you don’t have to use double-modifiers… The possibilities are endless!
Standardize more useless keys so I can remap them on every keyboard!
3·3 months agothe best way to learn is by doing!
I just built my own automation around their official documentation; it’s fantastic.
https://www.wireguard.com/#conceptual-overview
vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we’re deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we’re certainly passed accepting a budget consumer router as acceptably meeting these and other needs.
Also you don’t need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.
If you’re really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don’t have to open anything directly, and internal traffic still routes when you don’t have an internet connection at home. It’s basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.
Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it’s not as scary as it sounds.
Fail2ban and containers can be tricky, because under the hood, you’ll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation
https://docs.docker.com/engine/network/packet-filtering-firewalls/
For your usecase specifically: If you’re using VMs only, you could run it within any VM that is exposing traffic, but for containers you’ll have to run fail2ban on the host itself. I’m not sure how LXC handles this, but I assume it’s probably similar to docker.
The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)
3·5 months agoIf there are any water pipes through the second half of the house you cannot let those exterior walls reach freezing temperatures. Whatever solution you go with needs to account for the entire space in some capacity.
+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.
That’s… not remotely true? Linux can absolutely install kernel drivers. If you mean running windows games under wine then sure, but then we’re no longer talking apples:apples. You could do the same thing on windows by running a game in a VM.
This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it’s not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.
The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.
Endpoint is any PC/laptop/sign/POS/etc. It’s a catchall term for anything that isn’t a server. it basically refers to any machine that might be logged into and used by a non-IT user.
You would expose a single port to multiple vlans, and then bind multiple addresses to that single physical connected interface. Each service would then bind itself to the appropriate address, rather than “*”
You should consider reversing the roles. There’s no reason your homelab cannot be the client, and have your vps be the server. Once the wireguard virtual network exists, network traffic doesn’t really care which was the client and which was the server. Saves you from opening a port to attackers on your home network.
Sorry I should have said “carbons and carbons related qol extensions”
Did you ever get carbons working properly? (As in, mobile and desktop clients of the same user both getting messages and marking as read remotely between them)
Probably 64gb chips that failed QC and had some registers disabled. Similar to how CPUs that fail QC have cores disabled and are sold as lower-tier skus
They probably would. As the value of a dollar drops disproportionate to the value of goods/services, the cost in dollars for the same good/service goes up.
“Phonk” traditionally referred to the music style itself without lyrics, but as most emerging music styles do, it’s evolved into a sort of new-age emo/grunge mix of Phonk, Hip-Hop, and Alternative Rock. All of the below can be considered modern phonk, even though in the strictest sense, traditional phonk is lyricless. A lot of people will know the “phonk walk” song Why Not by Ghostface Playa
https://www.youtube.com/@trash-gang This youtube channel has popularized many of the rising artists in the genere as it’s evolved over the last 3-4 years, and if you’re looking for some recommendations from an enthusiast, check out (in no particular order):
Nothing beats the bang/buck ratio of used enterprise hardware (always buy new drives though if you care about the data)
https://www.theserverstore.com/ https://www.serversupply.com/ https://www.servermonkey.com/
I’ve bought from all of these in the past, personally I’m a fan of dells but there are arguments for just about any of the major 3 (dell, hp, sueprmicro)
Personally my main server right now is an r630. 96 threads, 768gb of ram. With that many memory channels, not only can you run all of what you listed, you can even do medium-sized inferencing/diffusion if you’re interested in that sort of thing.