

Theoretically, yes. But .me domains are pretty cheap, ~10$/year from Joker and likely even cheaper elsewhere.


Theoretically, yes. But .me domains are pretty cheap, ~10$/year from Joker and likely even cheaper elsewhere.
Just protecting for spoofed IP doesn’t add much in my opinion, at least compared to the effort of setting up and maintaining 802.1x. Easier way would be to set up different local networks per family and allow access to shared services via common firewall. That doesn’t require support from devices nor it doesn’t rely on security on them. Properly setting 802.1x would mean that you’ll need to manage every device on the network somehow and, assuming you don’t actually own or control the devices, that would be at least challenging.
Your thinking isn’t wrong, in that scenario network level authentication would help, but overhead of such setup is, again in my opinion, way more complex than what you can actually get in return. Of course if you want to just do it for the fun of it, go ahead. And also, if the devices are on the same network, they can sniff MAC addresses and IPs of neighboring devices, so protecting anything with just IP/MAC is a lost cause.
Radius is a part of 802.1x standard and for your threat model that does absolutely nothing. If a bad actor can access a device already in your network, then network level authentication doesn’t do anything. For example it prevents from someone randomly plugging their device in your switch and getting access that way, or it only allows verified clients to your WLAN. But once the network connectivity is already established you need a totally different tools.
Mainly that means firewall on your network and/or servers. There’s multiple ways to build that. You could get a separate firewall device to block access from the rest of the network to your devices or you can set up firewall for each of your things separately. All solutions have their own pros and cons and ‘correct’ solution depends on multiple variables.
Perhaps the easiest, and still at least decent, approach is to just run nmap (or any other port scanner) against your own subnets/IP addresses. That way you’ll at least find out if the firewall allows something trough which it shouldn’t, Also you can run tcpdump/wireshark on destination host to see if it receives packets it shouldn’t.
For client authentication, if ARP filtering is not enough, you could set up 802.1x, but that’s likely a massive overkill (and overhead) for home network. I personally don’t authenticate clients separately. Just WPA2 on wifi and firewall rules to allow/deny traffic between subnets. Sure, it’s pretty easy to bypass, but in practise you’d need to be inside the house to access some parts of the network. But my threat model is mostly about a handful of IOT things which I don’t trust with full network access, not about someone unauthorized getting access to my home network.


unless the data is off site, its not truely a backup
Two is one and one is none. No matter if it’s offsite or on top of your main server. Also 3-2-1 is an industry standard for a reason. Plus unless you test that you can actually restore your backups they don’t really exist (also known as Schrödinger Backups).


Don’t put words in my mouth. I didn’t say anything about not needing to be concerned, I was just interested on what kind of virus they cooked in the datacenter-incubator and how that might affect on a general population. “Deadly bacteria”, while not incorrect, is a bit clickbait-y, as it doesn’t just kill everyone and their dogs.
Of course there are reasons to be concerned and Meta should absolutely throw boatloads of money to clean up their mess. I was just interested about the bacteria in general, where it came, how it works and so on, nothing more and nothing less. I’m across the big pond and in here environmental regulations actually work, so I personally am not the one who should get angry about the situation, but it doesn’t mean that no one should, even if I don’t explicitly say so.


Yes, but infections are somewhat rare on healthy adults, at least based on a quick search around the net about the virus. If you have some underlying condition you’re more likely go get the infection in the first place and as your immune system is already weakened by something it’s going to be more dangerous.


Apparently that particular bacteria is basically everywhere on the environment and amounts of it around is pretty harmless. Datacenter just offered a nice and warm environment for it to prosper and then dumped the shitload of bacteria into water treatment system and the treatment plants can’t manage that much of it properly.
Also, while it could be deadly, it’s more likely that you’ll have couple of miserable days on the porcelain throne. But almost any underlying condition (being old, having any kind of gut issues, having flu…) can tip the scale and instead of literally shitty ilness you’ll end up in a box.
While Meta is of course guilty here on multiple things one might argue that local government is equally responsible since they allowed Meta to connect their sewer pipe in the first place without proper precautions. But maybe Zuck just had to have a new limousine or whatever so responsibility part was skipped.
i still need to find a way to setup a simple sambashare via a web gui and a good backup solution.
I’m running openmediavault as an VM for file shares and backups with proxmox backup server. Works pretty well. I’ve got a physical backup server in detached garage and another in a VPS which syncs the most important parts to remote location.
I definitely didn’t suspect there to be a whole new standard of wireless communication to that.
There’s multiple. Some devices are on wifi, some on z-wave and as zigbee is getting quite a lot of support from vendors I’ll likely add that to the mix soon-ish. Also I could use bluetooth for some automations, but at least for now I don’t really see any advantages over that.
As for pihole, it’s main DNS server for devices in my network and rest of the family uses the net quite a lot too (IPTV and streaming services included) so any longer downtime would cause at least annoyance for them so it’s nice to have an option to keep things running and take my time to maintain hardware or whatever. I of course could change DHCP server to offer something else too, but it’s simpler and faster to just migrate a VM to another host.
Is there a benefit for splitting your services on 2 hosts?
I don’t know about OPs situation, but I have a mini-PC as proxmox hypervisor too addition to my main server. Mini-PC is located middle-ish of the house as it’s running home assistant with ZWA-2 and the location helps a lot with Z-wave coverage. But added benefit is that I can (within the pretty strict resource limits) move VMs to the mini-pc when doing maintenance on main server. It’s pretty handy to move PiHole and some other small stuff to another host so that everything on network still functions even if one hypervisor is down.


I’ve been working on IT for quite a while now and the only certain thing on this business is that hardware breaks down. All of it. Only questions are ‘when’ and ‘how’. I’m pretty sure you can’t get NBD support to the orbit. And I’d guess that shaking the shit out of the hardware during launch won’t really help.
And that’s of course just a minor detail, the whole idea is so stupid on a very fundamental level that I don’t know why it’s even a news worthy.


Nothing much has changed. During the gold rush people who actually made money sold shovels and pickaxes, only very few got rich by actually digging dirt.


In a sensible world landlord would purchase the unit in the first place for tenant. It’s somewhat common in here that if you want to use your own time and effort to make your (rental) home nicer the landlord pays for the materials. It’s commonly used for things like paint or wallpaper, but replacing kitchen kabinets or other bigger renovations are not unheard of either.
But yeah, that’s obvious issue which should be resolved before installing anything. I wouldn’t buy 1000+€ unit as a gift for the landlord. And you’ll likely need a permit or two before drilling trough apartment walls anyways.


That particular quote is from D. Elton Trueblood. Mark Twain said “The best time to plant a tree was 25 years ago. The second best time is now.”. A bit different twist, but the same idea.
There’s also (alledeg) Indian proverb: “Blessed is he who plants trees under whose shade he will never sit.”. And many other variations of the same over the last 300 years or so.


whack a sodding great hole
Ours have a hole about 50mm in diameter. It’s not going to bring your wall down and if you decide that you don’t need the efficient heating/cooling with minisplit-unit it’s easy enough to patch. I own the house, so I didn’t need to think nothing else than the location of the hole, but any sensible landlord would see a minisplit-unit as an increase of property value.


A man has made at least a start on discovering the meaning of human life when he plants shade trees under which he knows full well he will never sit.
There’s a ton of variants of this, and saying (in a form or another) apparently goes back to 1700s.


It’s not just the price. If you get excavators to your new chip factory plot today to start building foundations it’ll take several years until you get first chips out of the line after everything is calibrated and ready to go. By then you’ve thrown few hundred millions on the building, machines and all the physical stuff. Hired and trained workers, managed supply chains and built a system which is pretty expensive to keep running.
So, you’re betting quite a lot of money and time against that the market stays like it is for the next 10 years (give or take) to just break even. If the bubble bursts in 5 years you have incomplete factory without potential market and a metric shitload of debt on your company. And that’s the same odd you’re betting against when trying to raise funding. Venture capital understands this risk too pretty well and that’s why everyone and their dogs aren’t building chip factories right now.


You’re correct, current is RFC2822 (I think). The point, besides being a smartass, was that checking email address validity with just regexp is not a very good approach anyways. What you described makes much more sense, specially by verifying that the address is not just technically correct but that it actually belongs to the person filling the form.
15% of GDP just from TLD is wild. But they have only ~10k people there, so makes sense that their GDP isn’t really high.
Montenegro is ‘a bit’ bigger country by GDP, so for them it’s a lot closer to rounding error.