I dunno about recommending FreeNAS (Known as truenas now). It is basically an appliance OS, and unless you are using enterprise level hardware, they want nothing to do with you.
I’m currently using it, but it was a very unpleasant experience setting it up.
Crowdsec does not provide DDOS protection in the same manner as Cloudflare. You can use crowdsec to block the traffic at your server, but it has already reached your server, and will be using up your ingress bandwidth regardless. So if you were DDOS’d, your site will go down.
Cloudflare prevents the traffic ever reaching your server, while allowing the legitimate traffic through. They block it on their servers, which have much higher bandwidth than any VPS provider has.
The beauty of game dev, is that you can make the most cursed codebase, and as long as it works, the only person itll impact is yourself.
Also, startup costs are basically zero, there is no need for a top end PC, whatever you have now is probably good enough to start.
Yes. Separate out each part out. You are currently publishing the equivalent of of a compiled binary. Split it up, and use a script to “compile” it back into the mega shell script.
It means that changes to each file can tracked (and audited) individually, you can conditionally compile bits in or out, and most usefully, you can write tests for the individual components.
Sorry, but a photo of a directory structure is not a source tree.
Your git repo consists of 4 files, a readme, a licence, and two packed shell scripts.
If you have an actual published source repo, link people to it.
I dont understand why people do this
Charitably: AI turbocharged dunning-kruger
Less charitable: Malware delivery.
There is no good reason why they couldn’t have a normal source tree, that they pack into a single shell script in CI.
I use a separate nuc, and even still, rebooting the router is a non-trivial exercise. The internet was wired into the top shelf of a cupboard, so need a step ladder to get to it.
Since getting a second pihole setup I haven’t had any issues, so I think I’m okay now. Hopefully it fails over the christmas break when I’m home :D
I mostly like it, but over the last few months I’ve had my pihole die randomly during the day, which killed my home network, and I had to walk my partner through rebooting everything.
I’ve now got redundant pihole instances, but I’d really like to know what is going wrong with pihole. Its impossible to replicate, and very sporadic.
Packagekit (at least last I heard of it) was just a higher level package manager (wrapping around dnf/apt/etc), not anything specific to kernel patching. Maybe that has changed?
You can live patch a kernel, each distro has their own way of doing things, usually, you get a kernel module that is loaded that fixes the bug live, and there is a real fixed module to go with it that gets loaded next boot. The kernel patch module is just a hack to avoid rebooting. Ubuntu has some doco on their system LivePatch which is worth a read. I am not sure that kernel module signing is super commonly used, but there may be some distros that ship with it enabled. If it is enabled, then loading an unsigned kernel module should be impossible.
As for trust a modem, thats a tricky one. Firmware level hacks have been theorised for a long time, but there is very few examples of actual exploits. Its mostly security through obscurity.
I’ve seen a few posts on reddit while trying to solve it, but no idea how widespread the issue is. There certainly isnt a solution that I’ve found yet.
Other than this issue, I agree, protect is quite good, but there isnt much point having nice 4k cameras if they dont work correctly…
Oh, also, had 2 cloudkeys develop disk problems within weeks of owning them, so that was very annoying. 3rd one is going strong though.
Get ready to see lots of this in your future:
No explanation, the connection is fine, the cloudkey is fine, the camera is fine, it just randomly decides to drop quality permanently.
I rely on the developers putting in a health check, but few do.
I’ve also got uptime kuma setup, which is kinda like an external healthcheck.
If timers on the bios aren’t an option, look for the settings to power on after power outage. If you turn it on, you can use a standard timer plug to turn the power on and off.
Definitely, which is why i suggested hosting the image + js on a CDN. Keeps brand awareness, and lets the CDN take the brunt of any malicious activity. with a bit of code-golfing, the data served by Anubis directly prior to POW could be a few hundred bytes, without impacting its functionality.
I dunno that is true, nothing in the docs indicates that it is explicitly anti-CDN. And using a CDN for a static javascript resource and an image isn’t the same as running the entire site through a CDN proxy.
A HTTP get request is a few hundred bytes. The response is 28KB. Thats 280x. If a large botnet wanted to denial of service an Anubis protected site, requesting that image could be enough.
Ideally, Anubis should serve as little data as possible until the POW is completed. Caching the POW algorithm (and the image) to a CDN would also mitigate the issue.
I have a lot more faith in tailscale holding the fort against enshitification. They at least seem to have planned their business plan around free tier for advertising, and minimising the cost of the free tier traffic. Can’t predict the future of course, but from a business model POV, they appear to be well setup.
Headscales main issue is that they rely on the tailscale app, and if the app got paywalled or locked to tailscale, that would kill headscale overnight.
I am very happy with headscale so far though, bit fiddly, but once setup it works very well.
I have all my domains on my pihole pointed to the local address, so I only noticed when my uptime monitoring of the external sites started pinging me. But for me, the outage was at 10pm, so it really didn’t matter either way.
There are no domains that are infinite time ownership (AFAIK, please correct me if I’m wrong), but its pretty close to ownership. I have the rights to the domain for 10 years, and I get first dibs on renewal after that. So its sorta renting/sorta owning?
Annoyingly, disk discovery. It refused to use my disks, claiming they didn’t have serial numbers. I could see the serial numbers in the frontend and the console, but their middleware just hated them.
I am using a USB multi-disk drive thing, which didn’t work properly on an old kernel, but it should have been fine with the new kernel.
I reported the bug, which didn’t really get addressed, and then had to build my array using the command line tools (which aren’t documented).