Talos is great
Talos is great
I do that, until some container has permissions issues.
I tinker, try and fix it, give up and use a volume. Or I fix it, but it never seems to be the same fix
And keycloak has a decent k8s operator, making deployment on a k8s cluster a breeze
accessed from the internet
Accessed only by you and close family/friends who you are also hosting services for?
Or accessed by anyone?
“Accessed by anyone” carries more risk.
“Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
Wireguard is the go-to these days.
Tailscale is much easier and free for 3 users and 100 nodes.
If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.
Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall
It’s a server with integrated UPS and KVM console.
The value after the :
isn’t in double/single quotes, so it is a literal value. Thus, a float value will be parsed as a float. Whether it is 1E-5 or 0.00001. They are numerically equivalent, but not stringly equivalent.
If you are having errors parsing your JSON, then use a proper JSON library instead of trying to roll your own.
But that’s a stringify method, tho.
JS passes a float to the console. Console prints the float however it wants to.
Just do strict comparison when you want to compare a variable to1e-5
.
Cause a string of 0.00001
should be passed through parseFloat
(or whatever your language equivalent is) before you compare it to a variable with the value f0.00001
So you have local DNS set up?
If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000
Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why
Edit:
Just because your ISP speed is 100mbps and you are seeing 500mbps, doesn’t mean the connection isn’t hairpinning through your router via it’s public IP (as in, the traffic never leaves your router, but still goes through it)
Ah, piss. So it is.
I’m going to blame it on autocorrect, even though we both know I just got it wrong
[Object object]
Hmm, maybe I mean moral?
Like, there is a correct way to go about something regardless of context.
As opposed to doing something because of the context.
Any exploit should be notified to the software/platform maintainers with a proper disclosure timeline to ensure it gets fixed in a timely way.
That is the correct way.
Abusing the shit out of a poorly implemented nazi government is the moral thing to do, but would go against a white hat’s ethics. Collectively a good thing to do, but not the correct thing to do as a white hat.
Are gray hats more ethically and morally true?
This is getting to deep for me.
I guess what I mean is that they are blasting through flimsy guardrails.
Yeh, the difference between being high value (twitter) and an actual high value (government) target are entirely different. I bet many countries were salivating over the mere idea of these servers.
I guess they will pass some laws about “hacking being illegal”, arrest some poor self-hosters that did nothing wrong, declare a victory, and change absolutely nothing - other than ruining people’s lives.
I remember an article about a batch of compromised NICs from China that had backdoor firmware in them. You can harden your software system all you want, but when the literal hardware is backdoored, you are doomed.
I think it was Supermicro. So am American company and not a small Mfr.
I wonder if DOGE have reputable hardware, or if they cheapest out on servers.
Yeh, but they aren’t keeping control.
They have been elected. They have 4 years.
So far, it doesn’t seem that they have broken any laws or whatever, that would cause the system to reject their workings. They’ve rigged the courts, so the system is unlikely to reject their workings.
I’d say it’s more of a constitutional coup. They are using loop holes to seize more power.
I think it will be an attempted self-coup in 4 years.
Regardless, it isn’t worth arguing about.
It’s wrong. It’s a shit sandwich, the flavour of shit doesn’t matter.
Sorry for the wall of text.
You would hope that a public front end is entirely isolated from critical systems.
Hackers got in.
Either they saw there was nothing of value, and figured they would embarrass the owners.
They got in, saw shitloads of value, but decided the ethical thing was to embarrass as opposed to exfil/exploit/sell the access.
Or the hackers were explicitly aiming to embarrass the owners, and didn’t explore scope beyond that.
It’s likely “gay furry hackers” or similar, and it’s “grey hat” hacking.
The ethical route, ie “white hat”, is to contact the owners about the exploit with a fixed period disclosure. Ie, “fix this in 30-90 days, or we will publish our method”.
“Gray hat” are more like this. Where they find an exploit, it could go deeper, but they do some lulz instead. Basically make it obvious something has been hacked, but not actually exploit it further.
“Black hat” would find the exploit (even if it was limited access) then sell it while trying to leave no trace, so it can be exploited again. Or straight up exploit it themselves.
There is a possibility of foreign agents doing false-flag gray hat shit. Exfil sensitive data, cover their tracks, then “botch” some “hahaha you’ve been pwnd” stuff. Both getting sensitive data, and derailing the US government (because Musk has been authorised by Trump. It’s a huge undermining).
With the timeline, this seems like gray hat, or black hat further exploited by gray hat. Or false flag.
The obvious aim is to embarrass the owners.
This casts serious political shade on the DOGE servers that have been hooked into government networks without oversight. Any further data exfil is a bonus to certain foreign countries.
Best case scenario is that this is domestic gray hat, the muSSk team learn from it, and figure out how actual internet security works, and harden their systems accordingly.
I mean, the actual best case is that this DOGE coup gets stopped. But the president has authorised DOGE, so this is what America wants. So, not a coup.
Ideally, this hack has 0 actual scope of security vulnerability.
Other than the “yeh, but if they can get into your public web server (something expected to be hardened as fuck, and might as well be static file hosting. Seriously, why is there a database for this shit), how can we trust your servers on government networks”.
But chances are the exploits to get into this server will be similar to the exploits to get into the government connected DOGE systems. Unless the sysadmin & network admins (god bless them) have managed to maintain some control that muSSk doesn’t understand, and are able to mitigate the tsunami of access such a compromised server might unleash.
USB as in USB-C?
If the display is HDMI in, you can get HDMI auto/priority switchers. IE, will switch to the highest active input.
Then get a USB-C cable to HDMI, and a plain HDMI cable for the other input.
That covers USBC & HDMI.
If you want something more fancy,
https://www.amazon.co.uk/KVM-Switch-Monitors-Computers-Keyboard/dp/B0DNYVGRZZ
Or,
https://www.amazon.co.uk/Anker-Docking-Station-Laptops-DisplayPort-Gray/dp/B0C7QVL2RT
If you are a larger company, it’s worth talking to an AV integrator.
There are many ways to do this.
I think it’s handguns and anything semi-automatic or automatic that are designed for violence.
Basically anything that makes it simple to shoot more than twice, or makes it easy/convenient to carry.
Bolt action or double barrel shotguns are for hunting or actual self defence.
They are tools.
Pump actions, handguns, semi-autos and automatics are for “I have made a very bad mistake”.
If your rifle is semi-automatic, have there ever been actual occasions where you have gone “thank god this is semi-automatic”?
Locking a thread that gets heated and goes wildly off topic is normal moderating actions.
It stops any kind of inflow of rule breaking, it stops all arguments, and it gives mods time to sort out what’s happened.
If an new/inexperienced mod encounters something they don’t know how to handle, locking is the safest bet. It keeps the content, prevents escalation.
The behaviour afterwards is what defines if the mods support bigotry or not.
Ideally the mods wade through the bullshit, delete the bigotry comments and ban the bigots with the reason of “being a bigot”. Then release a post saying that bigotry is not tolerated, and make any changes to rules that are appropriate. Consulting the community where appropriate, and being as transparent as possible.
All of this takes time. Locking a post is the first stage.
By creating a second thread with more similar content, the OP is subverting moderators trying to moderate.
There is already a thread that got out of hand, which mods are struggling to deal with.
By creating ANOTHER thread, it doubles the mods workload. The expected mod action would be to lock it instantly with a comment stating they are tidying up an existing post, clarifying rules, and will contact OP when they can safely repost. Next best thing is to just delete it.
The correct response from OP would be to ask for a public comment why the original thread was locked.
This would prompt a moderator comment - hopefully - that they are dealing with it, and will give a timeline of expected deadlines.
It’s not the mods that are bigots, it’s that Reddit is a cesspool. And fun communities can easily be overwhelmed if targeted.
If the mods hadn’t encountered this behaviour before, then they have to figure out - amongst themselves and with the community - how to proceed.
I wasn’t there, I can’t be arsed reading Reddit bullshit. From the context you’ve given, I’ve come to the above conclusion.
I’m currently reconsidering using a couple mikrotik for some layer 3 hardware offloading.
Not really homelab, but close.
I have a project that gets integrated with another network for an event. I’m thinking of using 2x crs504 (cause I’m using mlag for servers, think vrrp or whatever for “public” (it’s all internal) ip) and seeing if I can get l3hw working as a router.
While I could sit on a subnet of the “host” network, having a gateway that traffic goes through allows me to test and prove everything for my system in my homelab, with just the final integration being a do-in-a-time-crunch problem.
I’m already using the crs504s for networking (I bought them ages ago, thinking 25gbps was going to be as easy as 10gbps. It’s all running at 10gbps), and this saves having to use something as a router, cuts down on rack space, all sorts of benefits. I think.
Anyone have any experience with mikrotik l3hw offloading?
My actual homeland is just a NAS and some networking. It’s a small flat, it’s just me. Not complicated, no need to give me more headaches!
I was aware of kubernetes 6 months ago, but had never used it.
I got a 3 node cluster running in a day, and was learning kubernetes.
The only issues I’ve had were due to hardware failure causing etcd instability, and misconfigured operators generating terabytes of logs leading to pod eviction.
I don’t know what would signify it being production ready. It had all the levers and knobs I needed. I haven’t yet needed to run a sysadmin debug container to poke around the host OS.
It’s also great for learning. If you make a mistake, it’s very easy to wipe and reinstall and get back to where you were.