• 74 Posts
  • 423 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle
  • IsoKiero@sopuli.xyztoSelfhosted@lemmy.worldDNS?
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 hours ago

    have an additional external DNS server

    While I agree with you that additional DNS server is without a question a good thing, on this you need to understand that if you set up two nameservers on your laptop (or whatever) they don’t have any preference. So, if you have a pihole as one nameserver and google on another you will occasionally see ads on things and your pihole gets overrided every now and then.

    There’s multiple ways of solving this, but people often seem to have a misinformed idea that the first item on your dns server list would be preferred and that is very much not the case.

    Personally I’m running a pihole for my network on a VM and if that’s down for a longer time then I’ll just switch DNS servers from DHCP and reboot my access points (as family hardware is 99% on wifi) and the rest of the family has working internet while I’m working to bring rest of the infrastructure back on line, but that’s just my scenario, yours will most likely be more or less different.


  • En minäkään tiedä alkon myymälöiden liiketoiminnasta mitään, mutta sinne on kumminkin viinat, viskit, rommit ja aika paljon muuta jäämässä sen asiantuntemuksen ja muun kanssa. Ihan yhtälailla ainakin paikallisessa alkossa on tarjolla tuplapukkia ja muuta olutta mitä saa siitä viereisestä prismastakin, hintoja en ole vertaillut vaan veikkaan että s-mafia myy halvemmalla.

    Toisaalta jos merkittävä määrä pienempien kuntien alkoista menisi kiinni niin ehkä sitten saataisiin alkoholin etämyynti jotenkin järkeväksi, mutta en taida pidättää hengitystä tuota odotellessa.




  • losing 1380 personnel, but only 1 tank

    That’s what I’ve been following too. And additionally, based on quick’n’rough estimation from wikipedia numbers, artillery reserves are pretty much depleted too, so Russia is fighting on what ever soviet era relics they can refurbish and what they can manufacture/buy. I don’t think they’ll have short of ammunition any time soon, but diminishing numbers of barrels should start to show up on these statistics ‘in the near future’, whenever that might be.


  • My bank uses 6 digit ‘customer number’ (which is set by the bank) and that’s verified with an app and a personal PIN (app shows ‘login attempt ABCD at mm.dd. hh:mm’ where ABCD is shown on login page too) or via SMS OTP (again with ‘ABCD’ verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can’t just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.

    I think that’s pretty reasonable approach.


  • Back in the day with dial-up internet man pages, readmes and other included documentation was pretty much the only way to learn anything as www was in it’s very early stages. And still ‘man <whatever>’ is way faster than trying to search the same information over the web. Today at the work I needed man page for setfacl (since I still don’t remember every command parameters) and I found out that WSL2 Debian on my office workstation does not have command ‘man’ out of the box and I was more than midly annoyed that I had to search for that.

    Of course today it was just a alt+tab to browser, a new tab and a few seconds for results, which most likely consumed enough bandwidth that on dialup it would’ve taken several hours to download, but it was annoying enough that I’ll spend some time at monday to fix this on my laptop.


  • IsoKiero@sopuli.xyztoLinux@lemmy.mlMan pages maintenance suspended
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    7 days ago

    I mean that the product made in here is not the website and I can well understand that the developer has no interest of spending time for it as it’s not beneficial to the actual project he’s been working with. And I can also understand that he doesn’t want to receive donations from individuals as that would bring in even more work to manage which is time spent off the project. A single sponsor with clearly agreed boundaries is far more simple to manage.




  • IsoKiero@sopuli.xyztoLinux@lemmy.mlThe Insecurity of Debian
    link
    fedilink
    English
    arrow-up
    10
    ·
    9 days ago

    The threat model seems a bit like fearmongering. Sure, if your container gets breached and attacker can (on some occasions) break out of it, it’s a big deal. But how likely that really is? And even if that would happen isn’t the data in the containers far more valuable than the base infrastructure under it on almost all cases?

    I’m not arguing against SELinux/AppArmor comparison, SElinux can be more secure, assuming it’s configured properly, but there’s quite a few steps on hardening the system before that. And as others have mentioned, neither of those are really widely adopted and I’d argue that when you design your setup properly from the ground up you really don’t need neither, at least unless the breach happens from some obscure 0-day or other bug.

    For the majority of data leaks and other breaches that’s almost never the reason. If your CRM or ecommerce software has a bug (or misconfiguration or a ton of other options) which allows dumping everyones data out of the database, SElinux wouldn’t save you.

    Security is hard indeed, but that’s a bit odd corner to look at it from, and it doesn’t have anything to do with Debian or RHEL.


  • Vähän kaksijakoiset mietteet tuli uutisesta. Alvikanta nousee mm. julkisella liikenteellä, lääkkeillä ja liikuntapalveluilla, jotka varmaan osuu pahimmin sinne köyhimpään kansanosaan ja varsinkin lääkkeissä tuo 4% voi olla tarpeeksi kaatamaan jo valmiiksi hataralla pohjalla olevan talouden esim. työttömillä. Karkkien ja kulttuurin kohdalla varmaan ihan perusteltu nosto, mutta tahtoo kyllä omalla kohdalla sanoa että kulutus vastaavasti pienenee tuon noston verran. Samaten hoitajamitoituksen pienentäminen ja kotitalousvähennyksen lasku osuvat heikommin pärjäävään kansanosaan, joten linja on edelleen tuttu raippaa raipan päälle.

    Eläkkeiden kohdalla sama homma, joskin sille kokonaisuudelle on varmasti pakko jotain tehdä ja sieltä se köyhin pääty joutuu nyt sitten puun ja kuoren väliin. Jää nähtäväksi nouseeko sosiaalipalveluiden tarve kokonaisuudessa isommaksi kuin nyt tehdyt säästöt ja jos näin käy niin lisätäänkö sinne rahoitusta vai pistetäänkö mummot kirjailmellisesti hankeen istumaan.

    Puolustusmenojen kasvu nykyisessä maailmantilanteessa taitaa olla enemmän pakollinen paha. Parempi varautua nyt kuin vasta sitten kun ruskeaa on tuulettimessa ja tuotantoketjut solmussa. Poliisin määrärahalisäys on sitten vähän monitulkintaisempi juttu. En näin kylmiltään osaa sanoa että miten tehokkaasti poliisi nykyiset lanttinsa käyttää, mutta ainakin tien päällä näkee virkavaltaa melkoisen harvoin. Oma (yksittäinen tietysti) esimerkki kertoo, että katsastamattomalla autolla voi ajella kirjaimellisesti melkolailla koko valtakunnan päästä päähän pariin kertaan eikä mitään tapahdu (nykyisen perheenkuljettimen ostin tammikuussa ja pakkasilla pistin vaan korvantaakse että siinähän on kesän yli leimaa, vaan muistikuva oli pari kuukautta huti. Tilanne on nyt korjattu).

    Paljon muutakin analysoitavaa tuossa hyvin kapeassakin jutussa varmaan olisi, varsinaisista yksityiskohdista puhumattakaan, mutta ei tuo nyt isossa mittakaavassa tarkasteltuna varmaan aivan täysi susikaan ole. Sen suhteen tosin olen varsin skeptinen että tällä(kään) kierroksella saadaan valtiontaloutta kovin isosti parannettua ja semmoinen kutina tuossa on että yhteiskunnan turvaverkoissa on yhä enemmän reikiä mihin tippua ja ne montut on entistä syvempiä.



  • If I had to guess, I’d say that e1000 cards are pretty well supported on every public distribution/kernel they offer without any extra modules, but I don’t have any around to verify it. At least on this ubuntu I don’t find any e1000 related firmware package or anything else, so I’d guess it’s supported out of the box.

    For the ifconfig, if you omit ‘-a’ it doesn’t show interfaces that are down, so maybe that’s the obvious you’re missing? It should show up on NetworkManager (or any other graphical tool, as well as nmcli and other cli alternatives), but as you’re going trough the manual route I assume you’re not running any. Mii-tool should pick it up too on command line.

    And if it’s not that simple, there seems to be at least something around the internet if you search for ‘NVM cheksum is not valid’ and ‘e1000e’, spesifically related to dell, but I didn’t check that path too deep.


  • Did they damage that target? Disable it? Destroy it?

    I haven’t seen any public statistics for this, but based on my understanding, if you hit pretty much any modern tank on top hatch or some other weak spot with a javelin it’ll at least disable the tank as it pretty much melts everything inside the crew space/engine bay. Those might be repairable, but most likely not in the location.

    And what Ukrainians will most likely encounter is not a modern tank, but a T-62 or some even older soviet relic, which doesn’t have active armor and those can be stopped with a good throw of molotov cocktail. So, my somewhat uneducated guess would be that every decent hit is a destroyed tank. Of course there’s missed shots, less than optimal impacts and all that, so actual number isn’t 100%, but I’d guess that it’s not far off.

    And for tanks there’s also a guestion if Ukraine can even find anything to shoot at. On Ukrainian reports destroyed tanks have been in single digits per day for quite a while, so either Russia has learned on how to defend their gear or (in my opinion more likely) they just don’t have that many tanks anymore. Obviously across the whole Russia there’s a ton of relics around, starting from T-34’s from WW1, but I guess no one knows how many of those are in condition where they could even move on their own and even if they did it’s guestionable how effective those would be on todays battle field.

    But javelins are still pretty neat hardware and they can easily destroy pretty much anything on the field, the only guestion is if Ukraine can get those close enough to hit anything interesting.


  • A part of it is because technology, specially a decade or so ago, had restrictions. Like with ADSL which often/always couldn’t support higher upload speeds due to the end user hardware, and the same goes with 4/5G today, your cellphone just doesn’t have the power to transmit as fast/far as the tower access point.

    But with wired connections, specially with fibre/coax, that doesn’t apply and money comes in to play. ISPs pay for the bandwidth to the ‘next step’ on the network. Your ‘last mile’ ISP buys some amount of traffic from the ‘state wide operator’ (kind-of, depends heavily on where you live, but the analogy should work anyways) and that’s where the “upload” and “download” traffic starts to play a part. I’m not an expert by any stretch here, so take this with a spoonful of salt, but the traffic inside your ISP’s network and going trough their hardware doesn’t cost ‘anything’ (electricity for the switches/routers and their maintenance is excluded as a cost of doing business) but once you push additional 10Gbps to the neighboring ISP it requires resources to manage that.

    And that (at least in here) where the asymmetric connections plays a part. Let’s say that you have a 1Gbps connection to youtube/netflix/whatever. The original source needs to pay for the network for the bandwidth for your stream to go trough in order to get a decent user experience. But the traffic from your ISP to the network is far less, a blunt analogy would be that your computer sends a request to the network ‘show me the latest Me. Beast video’ and youtube server says ‘sure, here’s a few gigabits of video’.

    Now, when everyone pays for the ‘next step’ connection by the actual amount of data consumed (as their hardware needs to have the capacity to take the load). On your generic home user profile, the amount downloaded (and going trough your network) is vastly bigger than the traffic going out of your network. That way your last mile ISP can negotiate with the ‘upstream’ operator to have capacity to take 10Gbps in (which is essentially free once the hardware is purchased) and that you only send 1Gbps out, so ‘upstream’ operator needs to have a lot less capacity going trough their network to ‘the other way’.

    So, as the link speeds and amount of traffic is billed separately, it’s way more profitable to offer 1Gbps down and 100Mbps up for the home user. This all is of course a gross simplification of everything and in real world things are vastly more complex with caching servers, multiple connections to the other networks and so on, but at the end every bit you transfer has a price and if you mostly offer to sink in the data your users want and it’s significantly less than the data your users push trough to the upstream there’s money to be made in this imbalance and that’s why your connection might be asymmetric.




  • Patentti- ja viritysosasto nostaa nyt kyllä kädet pystyyn. Se mitä nurkista helposti löytyy on liian kanttista ja jos alkaisi ihan oikeasti tekemään työkalua niin siinä ensinnäkin menisi niin pitkään että ehtii työkalukaupat aueta ja toisekseen raakamateriaalit mitä on saatavilla on vähän niin ja näin, eli koko yön värkkäämällä saisi melko huonon työkalun jolla saisi homman tehtyä. Tai sitten voi heti aamu7 eteenpäin lompsia paikalliseen markettiin ja ostaa ihan kunnon raaka-aineista tehdyn kalun n. 4kympillä.




  • Taitonettiä tulin itsekin suosittelemaan, mutta kun se on jo pariinkin kertaan mainittu niin ihan serverirautaakin liikkuu netin kauppapaikoilla tori.fistä lähtien. Minullakin on muutama vanhempi serverirauta nurkissa, jotka pitäisi laittaa johonkin myyntiin tai nakkoa serriin.

    Noilla pääsee ehkä “oikeampaan” kokemukseen, mutta virrankäyttö ja varsinkin meteli on sitten ihan toista luokkaa, joten ainakaan mihinkään kaksion nurkkaan en lähtisi vanhoja xServereitä pinoamaan. Plussapuolella on sitten että servereissä on useimmiten enemmän muistia ja cpu-tehoa tuommoiseen kuin vanhoissa työasemissa, samaten etähallintakortit löytyy käytännössä kaikista, jolloin sen klusterin hallinta ja valvonta on vähän helpompaa.