I know about that one. The 800MB “fix” for it has been crashing machines quite hard.

I don’t have that problem because I don’t run Windows.

Windows is shit.

IPv6 should not be disabled under any circumstances.

In fact, many devices in my house have IPv4 disabled. Disabling IPv4 on my public-facing SSH reduced the attack traffic to zero.

IPv4 is shit.

Public-facing: Password generator, stored in a password manager.

Internal LAN: Everything gets the same re-used, low-effort password.

Nobody is going to hack my CUPS server.

Ahh. Approving every piece of software would make them… Apple.

You did say “driver”, and Microsoft typically approves every single driver on the majority of PCs.

What do you think WHQL is?

The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.

The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.

Thanks! I’m going through a DisplayPort to HDMI adapter because it was the only way to get 4K video. Pipewire is a bit flaky and applies filters that I don’t want. It’s a 3.1 channel setup. The goal is for the AV receiver to do all the decoding.

I’m on the new HTPC version installed as a snap. I can see that it’s meant to work with passthrough, but I find that it… doesn’t.

I haven’t tried in a few versions. Maybe I should give it another crack.

I used MythTV for decades. I really loved the “raw” digital output of the music player. It would casually hop from 44/16/2.0 to 96/24/5.1 between songs and my amp would decode it. I even contributed a small patch to make the visualizer work with 24bit audio.

The live TV hardware accelerated deinterlacing was really good too. TV recording was super reliable.

The TVDb lookup was a tad glitchy. It turns out that it didn’t include the year in the lookup. I wrote a patch that did it (and improved my metadata lookups heaps) but never made a PR.

I jumped to Plex around 2020. Mostly for things like streaming to my phone so I can have my music on the train. I believe Myth was better for HTPC, but Plex isn’t too far off.

I’m not a fan of Plex audio. Every time I try to make it do AC3 passthrough or skip the OS mixers, the whole thing breaks.

The longest outage I’ve had in a decade is when my primary SSD died a 2 months ago and I had to reinstall using config backups. It was down for around a day.

I’ve thrown a UPS on it and flown overseas for a week or two. It’s basically just email for me and the kids.

I’ve had longer outages on hosted services, TBH.

I host my own mail. When it’s down, the mail just gets delivered after I get online again. Almost all mail servers are configured to retry over a period of several days before giving up.

Once my health insurer sent me mail by post to tell me that my mail server was down. That was kinda funny.

TightVNC. Use TightVNC.

I did have LUKS and a USB flash drive with a key to be inserted on boot. It was definitely difficult and caused performance issues. It was particularly difficult to add/remove drives from the array. These days I only encrypt my off-site backups that sit at the office where my coworkers potentially have physical access.

There have been recent advancements in TPM so disk encryption is easier to maintain and doesn’t affect performance. I’ll need to investigate this one day. My server/NAS is a 4th-gen i5, so it may not support the functions I would need. Full disk encryption will land in Ubuntu soon. I’m hanging out for that.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

> 176 shots returned.

Everything exposed except NFS, CUPS and Samba. They absolutely cannot be exposed.

Like, even my DNS server is public because I use DoT for AdBlock on my phone.

Nextcloud, IMAP, SMTP, Plex, SSH, NTP, WordPress, ZoneMinder are all public facing (and mostly passworded).

A fun note: All of it is dual-stacked except SSH. Fail2Ban comparatively picks up almost zero activity on IPv6.

Testdisk and photorec? It’s saved me heaps of times.

I was thinking “she should be able to” … “ask one of my friends to figure it out”.

As long as she knows what the passwords are, a tach savvy friend will figure out the rest.

My backup solution is hard to setup and maintain, but shouldn’t be terrible for someone else to recover from.

All the phones sync to nextcloud when on wifi and charging. My server has alternating encrypted backups, and one is always off-site.

If I go, my wife can plug it in and punch in the password. Hopefully that’s enough.

I would drop the “== true” entirely. C will evaluate any nonzero int as true in an “if” statement.

You declare it as the first line after “function getNextDay() : date {”, then it is glaringly obvious that is a date variable that will (eventually) contain tomorrow’s date, and will be returned by the function.

However, I would only use “var” if it’s initialized in the same statement. It prevents Smurf code, and the compiler knows the type straight away.

Given a small and clean context, variable names don’t need to be specific.

Then it would be WD-41.

“WD” is “Water Dispersant” and the “40” is the sequential number of the fornumation attempt.

I’m on ABB and everything was fine after I called up and got CGNAT disabled and the ports unblocked.

You can unblock ports in the MyAussie phone app these days.

And you most definitely got a new IP address. Make sure you’ve updated your DNS. My IP hasn’t changed in over a year. It only ever changed when they upgraded their equipment.

I gave my wife a laminated card with explicit instructions on how to access my keepass DB and encrypted backups. The rest can die when I do.

I self-host all those things.

I just have two portable drives, and I bring one home from work at a time to run an rsync backup job.

I did… Until the police knocked on my door. They said I was lucky because they decided to ask questions first, but they technically could have siezed every computer in my house without warning. I don’t think you’d ever get convicted for something obviously done over tor, but having your stuff taken while they investigate is really inconvenient.

I’m seeing a lot of this. I wonder if the server is overloaded and failing to send the ack response for a successful post.

OK, here’s how it happened.

I was hungry, and I wanted to see the menu for my local pizza joint. I couldn’t find it anywhere.

I discovered that all their socials linked to a website that wouldn’t load. When I checked, the domain had lapsed.

Out of frustration, I purchased the domain and pulled the last snapshot of their website off archive.org. It had their full menu as a PDF.

6 months later and it’s still getting visitors from their facebook page, who are viewing the menu. They haven’t even realised.

Zoneminder is best for a low-power system. In the last year or so, it got proper passthrough support so it can record video straight off the camera with zero processing. You don’t get alarms or motion detection or live view, but you can record 24x7 using 2% of your CPU.

Host all the things!

Wordpress, SMTP/IMAP, tor, bittorrent, Nextcloud, Plex, NTP, photo galleries, DoT…

I even started hosting the website for my local Italian restaurant and they haven’t even realised it yet.