theit8514

theit8514 , 2 days ago

Make or find yourself a cart to drag around (g or G to drag it). It it doesn’t have wheels it’ll be quite loud. Sound = attraction = death in most cases.

Don’t bother with cars for a long while, even one that actually runs. They take a lot to maintain and cause a lot of noise (see above). You’re better off starting with a bike for midrange transportation (or if using mods a foldable bike).

When you start building or find a nice base area, make a crafting nook and drop all your items nearby to it. When crafting you can pull ingredients from 1-2 tiles adjacent.

theit8514 , 7 days ago (edited 7 days ago)

On one hand you definitely don’t want to be assigning manual/static IPv6 to all your devices because if your prefix ever changes you’ll have to update it everywhere. IPv6 doesn’t really have a concept of private address space (with a few exceptions). On the other hand most modern IPv6 stacks support dynamic protocols like SLAAC while also assigning a static suffix to the published prefix (e.g. You want :0:0:1234:1 to go to your server, and SLAAC gets the prefix 200x::5678/64 your server would assign itself 200x::5678:0:0:1234:1).

DHCPv6 fixes a lot of these headaches for managed networks by allowing you to reserve specific IPv6 for a given DUID.

IMO, your network, do what you want. I have two jump Raspberry PIs that I have static suffixes so I always know where they are without relying on DNS or whatever. Edit: I apparently misremembered how I had these setup. I use a custom interface up script to take the SLAAC prefix and append the custom suffix to it as a secondary IP.

theit8514 , 7 days ago

Its a bit complicated and depends on your ISPs support level.

If your ISP supports basic IPv6 they will likely use SLAAC or DHCPv6 to advertise the /64 that any directly connected devices, like your router, can use (/64 being the default size for a single LAN segment, even between point-to-point connections). If you have devices behind that router that want to use IPv6, you will need additional prefixes. The most common method nowadays is to use Prefix Delegation (DHCPv6-PD) where your router will ask the upstream router for an additional routeable prefix which you will use on another interface of the router. The RFC for prefix delegation recommends a /48, but many ISPs are not delegating that much. I only get half of a /60 from my ISP’s modem.

If the ISP just provides you a static routeable prefix, then you would just assign that to your router’s interface and enable SLAAC/DHCPv6 to give out that prefix. This would only need to be configured in a single device and is why they don’t recommend hard coding servers and workstations with IPV6 addresses.

Keep in mind that your router will also need a firewall as all of these IPv6 prefixes are routeable and public. While IPV6 space is quite like finding a needle in a haystack, you could still find yourself having a bad day if you treat it like private IPV4 space.

The end result though is that you would setup DNS so that devices register their IPv6 addresses and it just works. There’s also the MDNS protocol that supports IPv6 which will do segment-local resolution for device names.

theit8514 , 7 days ago

Yes, ULA are one of the exceptions I mentioned. It covers fc00::/7 which is fc00 to fdff, though I believe most use just the top half. I use one for an intermediate network between my edge router and my primary firewall to not consume one of my limited /64 networks.

I haven’t played with IPV6 NAT much. I know its use is a bit discouraged as NAT was always designed as a stopgap measure for IPV4 exhaustion. It might be a good option if you need additional space and your ISP doesn’t support additional prefixes. Just keep in mind that if you use these in DNS, they won’t be accessible externally.

theit8514 , 29 days ago

You’ll probably have to provide the netmask info for us to review. If you’re using /24 then those all reside in the same network so I would expect them to be in the same broadcast domain.

If you have mismatched netmasks that could be trying to route traffic to the gateway which then reflects back. Ensure your devices have the same network, netmask and broadcast ip (e.g. 192.168.1.0/24 will have broadcast ip of 192.168.1.255)

theit8514 , 1 month ago

I was thinking this too, if you have an open-ended 4x slot it can fit a 16x card but only runs at 4x.

TBH if you’re running 10Gb you may want to look for a board with on-board 10Gb rather than a PCIE which will save you the slot. My HP server has a swapable daughter board for the nic so you can chose 4x1Gb or 4x10Gb.

theit8514 , 1 month ago

29% of 112 and 60% of 170 is 134, which is 47.7% of the total. Math checks out.

theit8514 , 1 month ago

Perhaps they should ask Copilot how their templating system works.

theit8514 , 2 months ago

As an aside, these are the client logs, check the /var/log/ auth.log or secure files or journalctl to see if the server logged why the access was denied.

theit8514 , 2 months ago

You seem to be misinformed on how the internet works. Nothing is “free”. ISPs have to buy equipment, pay for expensive physical connectivity (without disturbing existing infrastructure), and usually have to deal with constant, ever increasing bandwidth requirements.

I’m all for a bit of net neutrality, but ISPs tend to get a lot of flak for policies like this, for seemingly no reason. For example, let’s say ISP A and Upstream B have a mutual bandwidth sharing policy (called Peering) where both sides benefit equally from the connectivity. ISP A determines that N is using all the bandwidth to Upstream B. ISP A has three options: N gets all the bandwidth to Upstream B (disturbing other traffic to/from that network), N has to be throttled to allow all traffic equally, or ISP A and Upstream B need to expand their network again (new equipment, new physical links) which will cost a lot of money. N doesn’t even pay ISP A or Upstream B, they just pay their ISP C. In the end, ISP A has to throttle N, and N is the one who had to expand/change their business model to deliver content to their customers. They had to go out and buy services from many upstream providers to even the load and designed a solution to install Caching boxes inside each ISP’s datacenter so their traffic could reach end users without going upstream.

theit8514 , 2 months ago

Microsoft publishes a learning platform that covers a large amount of topics, from Windows Server to Azure services. I used it to prepare for an Azure DevOps Database Administration certification. Should be a good place to start as it’s free. Just search for what you’re looking to learn or select a product from the filters and off you go. learn.microsoft.com/en-us/training/

theit8514 , 2 months ago

For the disks, you may have a small issue with having multiple types of disks in a single RAID10, as those disks might have slightly different physical attributes. ZFS is an option here as you can add two vdevs for the different drive types and add them to the same zpool, which effectively creates the RAID10 you’re looking for. You would typically not use LVM on top of ZFS but if you go with RAID10 it would let you create logical partitions that can be expanded easily at a later time.

Another ZFS option is to use RAIDZ1 with the 4 disks in a vdev. The vdev will use 1 disk of space across all disks to maintain a parity with the other disks. You will have 12TB of usable storage on your 16TB raw storage. This will allow you to lose one drive with no data loss.

theit8514 , 2 months ago

I mean it was not too long ago there was a bug which could lead to an unauthenticated RCE against Bluetooth on Android.

nvd.nist.gov/vuln/detail/CVE-2022-20345

So yea, reducing surface area of attack when a feature is not needed is kinda important.

theit8514 , 2 months ago

While the full extent of the exploit is not fully known, it seems specifically targeted at the sshd binary on deb and rpm based systems. If you’ve got that service disabled it should not have been running actively on your system. You should still perform whatever is needed to downgrade, but I would say you’re in the clear.

theit8514 , 2 months ago

Each distribution is different but Arch has stated that they did have the exploit artifact in their version of xz but the artifact was not loaded into memory with sshd as their process does not link sshd with liblzma library.

More details below but highly recommend upgrade/downgrade anyways to remove the exploit code version.

archlinux.org/…/the-xz-package-has-been-backdoore…

theit8514 , 3 months ago

The creator’s clear check doesn’t count towards the level being cleared, so these levels are uncleared. I think if the creator plays it on the uploader account it wouldn’t count either.

theit8514 , 3 months ago

You can, sure, but you probably shouldn’t. Encrypting and decrypting consume additional cpu time, and you won’t gain much in terms of security.

theit8514 , 3 months ago

Does cryptsetup/luks do that? I thought that was only software encryption.

theit8514 , 3 months ago

Yes, but as I’ve found recently AES-NI is only as good as your software support for it. Had a team using an ancient version of winscp and they kept complaining about download speeds on our 10Gb circuit. Couldn’t replicate it on any other machine with the newest version of winscp so I installed their exact version. AES-NI support wasn’t added until like 2020 and it gave them 5x better download speed after upgrading.

theit8514 , 3 months ago

Running stock 14, but rooted with Pixel Xpert. I also have a dark mode quick tile and I don’t think it was added by Pixel Xpert.

theit8514 , 3 months ago

One of my system engineers started using TFS a few weeks ago. All he knows how to do is click Sync Changes in vscode and call me if there’s a problem.

theit8514 , 3 months ago

Since we don’t know what server or VM tech you’re using the advice will be pretty generic. For self hosting, you can likely get away with your ISCSI traffic sharing the LAN interface with your usual vm traffic but if you need high throughput you will want ISCSI optimized nics and turn on jumbo frames (mtu of 9000 is the standard here). This requires a switch that supports jumbo frames as well.

For Windows, I find the ISCSI support to be very lacking. Every time I have used it I have had sporadic loss of connectivity, failure to mount on boot, and other issues. I would avoid it.

For ESXi you can map an ISCSI lun as a datastore and create vmdks on top. This functions the same if you use actual FC luns or NFS mounts, and have had no issues with reliability. There’s also RDM which is raw direct map which can mount the ISCSI lun as a disk of the vm. If you’re using vSphere I would advise against this as you lose the ability to vMotion or use DRS.

theit8514 , 3 months ago

So after the 60+ (/s) play tests they’re going to EA? Strange decision.

theit8514 , 3 months ago

This is funny because most object storages now use keys that represents a path. For example, you can host a website on S3 with folders for js/css/etc and it “just works”.

theit8514 , 4 months ago

I believe ZFS works best when having direct access to the disks, so having a md underlying it is not best practice. Not sure how well ZFS handles external disks, but that is something to consider. As for the drive sizes and redundancy, each type should have its own vdev. So you should be looking at a vdev of the 2x6TB in mirror and a vdev of the 2x12TB in mirror for maximum redundancy against drive failure, totaling 18TB usable in your pool. Later on if you need to add more space you can create new vdevs and add them to the pool.

If you’re not worried about redundancy, then you could bypass ZFS and just setup a RAID-0 through mdadm or add the disks to a LVM VG to use all the capacity, but remember that you might lose the whole volume if a disk dies. Keep in mind that this would include accidentally unplugging an external disk.

theit8514 , 4 months ago

Cool. Yeah, as a professional I am constantly aware of data integrity and have most of my shit stored on redundant drives. I had a WoW Guild Officer who shared his home setup with like 8x12TB drives in Windows Storage Spaces with no redundancy that was like 80% full. I had to ask how he slept at night knowing he could lose 80TB of data at any time.

Personally my TrueNAS has 5x1.92TB SSDs setup in two mirror vdevs and a hot spare for my ISCSI LUNs and 8x1.2TB 10K drives in a raidz2 (2 disk parity) for my NAS storage.

theit8514 , 4 months ago

Could be trying to mount it loopback instead of by ip. What does your exports file look like? Can you do a mount from 192.168.0.55 manually?

theit8514 , 4 months ago

Based on your edit about getting the public IP: Most firewall/routers are not configured to do this operation by default (called Hairpinning). If you request your firewall/router’s external IP address from the internal network you won’t get a response unless Hairpinning is enabled and some devices don’t allow you to do that. If you have an internal dns server, you should override the internal dns to return the private ip address so it goes to your nginx reverse proxy instead of the firewall/router.

theit8514 , 4 months ago

I would start by testing if you can resolve acme-v02.api.letsencrypt.org from the PiHole and if not, see what you need to unblock that.

theit8514 , 4 months ago

discourse.pi-hole.net/t/…/4

theit8514 , 4 months ago

If only they had done this with .local ages ago. Still, it’s a nice change, but I doubt my company will adopt.

theit8514 , 4 months ago

Probably not but if you want to test it create a directory with some fake files then add and remove it from the interface.

Edit: if you have any movies mapped to /downloads you should probably move them first.

theit8514 , 5 months ago

Honestly I would describe it as Ark-lite. It has base building/taming and that’s pretty fun, and you can also get random encounters at your base. The leveling system is a bit grindy. There are dungeons and bosses in the world to go find and explore. The map is huge, I think I’ve hardly explored a tenth of it.

Been playing about 15 hours or so and enjoyed it, but the game is definitely early access. I’ve had a number of crashes, fell through the world a few times, etc. I’d give it a month or two if that bothers you.

theit8514 , 5 months ago

There’s a tutorial that leads towards the first dungeon boss of the game, but after that it looks like you make your own challenges. There’s a few bosses around my level that I’ll be taking on next, then I’m probably going to explore to see if I can find more dungeons.

theit8514 , 5 months ago

Based on your update you may need to bring the containers down and up to fix the database.

Sometimes when opening LinguaCafe the first time there is an error message about users database table. If this happens, just stop and start your containers again, it should fix the problem.

<span style="color:#323232;">docker compose down
</span><span style="color:#323232;">docker compose up -d
</span>

theit8514 , 5 months ago

Since you’ve probably been using the SMB protocol to access the NAS you probably need to understand a few things about the NFS protocol which functions differently. The NFS mount acts like a mapping of the entire system, rather than a specific user. That means that if there are differences in the systems, you may get access errors. For example the default user in Synology has a uid of 1024, but most client systems have a default of 1000. This means your user may not have access to the share or files, even if you have it mounted on the client.

One thing to check is what your Shared Folder’s NFS permissions squash is set to. This is found in Control Panel > Shared Folder the the NFS permissions tab. If it’s set to “no mapping” then uids must match. The easiest setup is to “map all users to admin” but you may encounter issues with that later if you switch back to SMB since new files will be owned by admin.

theit8514 , 6 months ago

I have used gocryptfs (github.com/rfjakob/gocryptfs) in the past, it creates an overlay mount that encrypts each dir and file separately, so no need to precreate a container. There are some security downsides to this approach though so be aware of that. nuetzlich.net/gocryptfs/threat_model/

theit8514 , 6 months ago

If your home ip changes a lot a dynamic dns provider will keep up with it so you don’t constantly have to change your phone’s wireguard configuration

theit8514 , 6 months ago

Synology’s support is also quite crazy. I’m still using my 8-bay NAS that I bought in 2015. It’s been replaced twice by RMA. Just upgraded it to DSM 7.0 a few months ago. Almost unheard of in the era of planned obselecense.

theit8514 , 7 months ago

A torrent is broken into pieces, and further into blocks. The torrent file contains hashes of all the pieces that make up the full torrent. The client validates each piece that is downloaded and will re-download from another peer if an invalid piece is encountered. The spec goes in to more depth if you’re interested. wiki.theory.org/BitTorrentSpecification

theit8514 , 7 months ago

Now if they could also let me use my own api key to access my own profile without having to make it public. Or maybe just a sane Openid Connect implementation that actually does anything.

theit8514 , 10 months ago

I’ve been watching this guy’s backlog on building a kernel and bootloader from scratch. A bit monotone but amazing technical knowledge. youtube.com/@nanobyte