Snowplow8861

Snowplow8861, 7 months ago

100%

Snowplow8861, 7 months ago

Just choose Australian. Tbh we don’t care how you say it just be loud.

Snowplow8861, 7 months ago

Why did you train so badly?!

Snowplow8861, 7 months ago

Who needs 20! Lol. Says more about me than you.

Snowplow8861, 7 months ago

First of all it clearly says counter clockwise so like first of all don’t rotate it clockwise like I did. Then secondly google image search rick roll. Thirdly consider the methods and time people go to to land a joke. Like I wonder if it was assisted by AI to just obfuscate it just enough to not be obvious.

Anyway I had to go to the comments too but mostly because I didn’t read the instructions.

Snowplow8861, 7 months ago

I don’t think that works on my Samsung TV, or my partners iPad though. :)

Although not especially effective on the YouTube front, it actually increases network security just by blocking api access to ad networks on those kinds of IoT and walled garden devices. Ironically my partner loves it not for YouTube but apparently all her Chinese drama streaming websites. So when we go travel and she’s subjected to those ads she’s much more frustrated than when she’s at home lol.

So the little joke while not strictly true, is pretty true just if you just say ‘streaming content provider’.

Snowplow8861, 7 months ago

Nobody happy. :(

Snowplow8861, 7 months ago

Five words into the article says

Apple’s internal presentation from 2013

Literally at the top under TL;DR

Snowplow8861, 7 months ago

Is the copied file going to a usb? Is the usb fake? Otherwise I’m pretty sure your source is bad. Probably the disk sector if you’re sure the file was at some point complete.

Something like btrfs probably does block cloning or similar so a copy to the same disk probably just points at the same disk blocks as the original.

ffmpeg -v error -i file.avi -f null - 2>error.log

Check the source probably

Snowplow8861, 7 months ago

This article was hard to read, based on zero facts they’ve determined experience factors like battery life and performance which all depends on more than just hardware.

Then setting the conversation again argumentatively like valve doesn’t win no matter who makes a clone, is just ignorant. Valve wins by making a store that sells. They could even sell for a loss.

I went to that article to get information and read hype and antagonism. I came away frustrated.

Snowplow8861, 7 months ago

Many of those types while having great brightness and reduced image burn in actually have terrible quality images. Eg no hdr, some may only be 30hz, some may have the contrast ratio which is so low you’ll just be sad to watch a movie on it looking at a black grey mush.

Though like all things, there’s a gradient. Some of the conference room monitor panels can be better but often >3x more expensive than the consumer model due to much better warranty (eg same day parts).

So I don’t have any advice here, just a bit of warning with experience with being around zoom, teams, and display walls from an IT solutions perspective,though generally I use AV partners for model selection and installation on any meaningfully sized conference/boardroom room or special application eg stages.

Snowplow8861, 7 months ago

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There’s probably more but these are issues I’ve seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they’re blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren’t relaying outbound mail spam from infected local computers.

Overall fair enough.

Snowplow8861, 7 months ago (edited 7 months ago)

It’s paraphrasing Torvalds himself though. It’s a cheeky title.

“… and I have absolutely no excuses to delay the v6.6 release any more, so here it is,”

Snowplow8861, 7 months ago

Does it connect to the same arcgis BIM servers so I can work with my coworkers, in real architecture projects?

Snowplow8861, 7 months ago

Mm, not quite, when say having 60+staff work in a single building model you need something that allows object locking so stag can work on part of a building and check it in and out.

I’m not the architect, I’m the sysadmin that designs and builds the server/network infrastructure for a half dozen architecture firms, some which have over 300 architects spread around Australia, Europe, and south East Asia. That mostly means running up servers to host BIM and BIM cache servers, as well as maintaining PIM servers.

To be honest I quizzed you because I honestly never heard of it and my life revolves around both revit and bim360, revit and revit self hosted bim servers, or archicad. Not that I do anything much in them, BIM managers generally administrate their own BIM instances and their teams. But some of the projects are in the billions of dollars that you’ll find on featured on the b1m YouTube channel.

Id argue that while the architects themselves are by and far the largest cost, the largest IT cost is the modelling software. I’ve even had some people using unreal engine to do parts of their work now especially for customer facing flythrough demonstrations and city view with time of day and all that.

So I’m pretty open minded to keeping my ears open to new software since I’m never sure what to expect. It would be interesting to see if it could ever be possible to do one of these megaprojects in open source. But my gut says it’s unlikely.

Snowplow8861, 7 months ago

You should be open minded: youtu.be/Zlgkzjndpak?si=BvddeUBIxoISsDiM

Snowplow8861, 7 months ago

It came out like two weeks ago project 4 years time. How does that look to you?

Snowplow8861, 7 months ago

Yeah that’s fair but I wouldn’t put a cap on it. If a game developer takes 4 years to make a game, then that’s the time period I’d want to assess though when comparing what AI might be able to do. Given the rapid development so far, I’d not bet it can’t make a 3d game with the right amount of management.

But calling it worring is fair. It sure is a big unknown. I’m using it daily but I can see how using a team of 200 ai organised together to self regulate past their weaknesses, kind of already exponentially improves them and that sure is… Something.

Anyway just a thought to share that paper review on that YouTube and my thoughts. It’s a strange world we are looking forward to.

Snowplow8861, 8 months ago

Bring free on cloudflare makes it widely adopted quickly likely.

It’s also going to break all the firewalls at work which will no longer be able to do dns and http filtering based on set categories like phishing, malware, gore, and porn. I wish I didn’t need to block these things, but users can’t be trusted and not everyone is happy seeing porn and gore on their co-workers screens!

The malware and other malicious site blocking though is me. At every turn users will click the google prompted ad sites, just like the keepass one this week.

Anyway all that’s likely to not work now! I guess all that’s left is to break encryption by adding true mitm with installing certificates on everyone’s machines and making it a proxy. Something I was loathe to do.

Snowplow8861, 8 months ago

Didn’t understand that by willing you meant wanting.

Snowplow8861, 8 months ago

I think the question is, where can you bet on a single coin flip? Maybe because I’m Australian, there’s only one day a year you can bet on a (two) coin flip legally here. Everyone else seems to generally understand that coin flips aren’t fair for gambling and therefore is illegal.

If this paper was like ‘this is how corruption in sports…’ rather than ‘this is like that magician cup and balls trick’ then I’d understand your concern.

But like you said, you don’t even have a coin in the house, so the practical side is day to day, perhaps not even once a year, not only are you not deciding on a coin flip, even if you were, you’d (or whomever was flipping it for you) have to learn a technique to see it affect you.

Snowplow8861, 8 months ago

To be honest I think we have different cultural values here. The way I read this and the way you read it is clearly different. I’m disappointed by how little I had my expectations changed, while you had them moved more.

Snowplow8861, 8 months ago

Yeah! Not sure why you get paid to work the only transaction that potentially needs to take place is paying for your work up front.

Why is money involved?

Snowplow8861, 8 months ago

I’m not in America but the organisation for NIST recommends it in guidance now and its getting backing by the nsa

nsa.gov/…/nsa-releases-guidance-on-how-to-protect…

zdnet.com/…/nsa-to-developers-think-about-switchi…malwarebytes.com/…/nsa-guidance-on-how-to-avoid-s…

I see this becoming required in the future for new projects and solutions when working for new governnent solutions. The drum is certainly beating louder in the media about it.

Snowplow8861, 8 months ago

It’s possible to host a dns server for your domain inside your tailnet, and offer dns responses like: yourwebserver.yourdomain.com = tailnetIP

Then using certbot let’s encrypt with DNS challenge and api for your public dns provider, you can get a trusted certificate and automatically bind it.

Your tailnet users if they use your internal dns server will resolve your hosted service on your private tailnet ip and the bound certificate name will match the host name and everyone is happy.

There’s more than one way though, but that’s how I’d do it. If you don’t own a domain then you’ll need to host your own private certificate authority and install the root authority certificate on each machine if you want them to trust the certificate chain.

If your family can click the “advanced >continue anyway” button then you don’t need to do anything but use a locally generated cert.

Snowplow8861, 8 months ago

Not possible without a domain, even just “something.xyz”.

The way it works is this:

• Your operating system has some trusted certificate root authorities root certificates installed from installation of the OS. All OS have this, Linux, Windows, iOS, macos, Android, BSD.
• when your browser goes to a Web url and it is a https encrypted site it reads the certificate.
• the certificate has a certificate subject name on it. It also may optionally have some alternative names.
• the browser then checks if the subject name matches the Web url address. If it does, that’s check one.
• next it checks the certificate validity: it looks at the certificate chain of trust to see if it was signed by a intermediary and then the intermediary was signed by a root certificate authority. Then it can check if any certificate has been revoked along the way.
• if that’s all good, then you’ll open without a single warning, and you browse Web sites all day long without any issue.

Now, to get that experience you need to meet those conditions. The machine trying to browse to your website needs to trust the certificate that’s presented. So you have a few ways as I previously described.

Note there’s no reverse proxy here. But it’s also not a toggle on a Web server.

So you don’t need a reverse proxy. Reverse proxies allow some cool things but here’s two things they solve that you may need solving:

• when you only own one public IP but you have two Web servers (both listening to 443/80), you need something that looks at incoming requests and identifies based on the http request from the client connecting in ‘oh you’re after website a’ and 'you’re after website b".
• when you have two Web servers running on a single server, you have to have each Web server listening on different ports so you might choose 444/81 for the second Web server. You don’t want to offer those non standard ports to public so instead you route traffic via a reverse proxy inbound and it listens for both Web servers on 80/443 and translates it back to the server.

But in this case you don’t really need to if you have lots of ips since you’re not offering publicly you’re offering over tailscale and both Web servers can be accessed directly.

Snowplow8861, 8 months ago

Just fyi, as a sysadmin, I never want logs tampered with. I import them filter them and the important parts will be analysed no matter how much filller debugging and info level stuff is there.

Same with network captures. Modified pcaps are worse than garbage.

Just include everything.

Sorry you had a bad experience. The customer service side is kind of unrelated to the technical practice side though.

Snowplow8861, 8 months ago

It’s totally fine to bulk replace some sensitive things like specifically sensitive information with “replace all” as long as it doesn’t break parsing which happens with inconsistency. Like if you have a server named "Lewis-Hamiltons-Dns-sequence“ maybe bulk rename that so is still clear “customer-1112221-appdata”.

But try to differentiate ‘am I ashamed’ or ‘this is sensitive and leaking it would cause either a PII exfiltration risk or security risk’ since only one of these is legitimate.

Note, if I can find that information with dns lookup, and dns scraping, that’s not sensitive. If you’re my customer and you’re hiding your name, that I already invoice, that’s probably only making me suspicious if those logs are even yours.

Snowplow8861, 8 months ago

I love the hand gesture at the end!

Snowplow8861, 8 months ago

Start realising that the way you’re used to scrolling with your mouse wheel, is a cog between you and the service it’s moving. Actually you were using natural all along. It was the early touch pads that were wrong and nonsense.

Snowplow8861, 9 months ago

Luckily on your own network you have control over these decisions! Especially with source and destination firewall rules.

Snowplow8861, 9 months ago

Traceroute.

Snowplow8861, 9 months ago

If you take an engine out of a car and try to spin it by turning the crank shaft, it will be hard to turn because the cylinders need to compress air (it’s required before adding fuel and spark to explode that compressed air so it expands).

When that engine is in the car, and you don’t add fuel and spark, then the cars wheels have to turn the engine and compress that air, thousands of times per minute. That force that the wheels have to send to the engine to spin that engine slows you down.

I’m thinking you think the engine itself has a brake on it… No.

Snowplow8861, 9 months ago

Look it depends on the age of the car, but let’s take an old manual car for example.

On those cars, there’s a fuel map to rpm. There’s actually a few maps including throttle and ignition timing. But think of a spreadsheet of rpm and fuel at a certain throttle load.

At 0 throttle: The map says to stop the engine from stealing at under say 800 rpm it needs to have fuel added at rpms lower than that to speed up the engine to avoid stalling. At 800rpm it needs a consistent amount kind of a known amount that keeps it in equilibrium. At over 800rpm it needs less fuel the more rpm it has over the idle 800rpm until it’s zero fuel.

And you’ll feel that, you’ll feel that moment the car starts adding fuel because if you’re only engine braking to a stop your car will get near that idle rpm and your engine will start adding power to avoid a stall, and your braking will diminish.

Snowplow8861, 9 months ago

Personally, it’s the power of powershell that I use for the hundreds of windows servers. Otherwise it’s the power of Linux bash shell scripts for the dozens of Linux servers. None of the Linux servers run a gui so there’s no options there. Tbh for me, self documenting gui is the slowest way to do work. Configuring hundreds at once with peer reviewed scripts and change control is much more effective since the peer review and change control will be needed either way.

Oh though I use fortimanager a lot of configuring dozens of Fortigates. Only have a few scripts on it though.

Snowplow8861, 9 months ago

So I think you may not know about quick sync, an Intel transcoding acceleration feature of Intel gpus in Intel CPUs.

handbrake.fr/docs/en/latest/…/video-qsv.html

There’s information about it for I think plex and handbrake and ffmpeg in general. This is how some people do real time transcoding for media servers. But I’m not an expert. I just hope you can be guided with easier search terms.

Snowplow8861, 9 months ago

Stupid take to be honest, real people getting trafficked and stalked, domestic abuse victims being tracked for control by the abuser, and you think that’s fine because google has that data about you even though nobody can use it so why shouldn’t all apps be able to? Go to a women’s shelter, touch grass.

This issue is far more nuanced. No it’s not good Google has that data on you.

No it’s not fair that automatons caused a small developer to have their entire amount destroyed without a proper review.

Both things can be true.

Snowplow8861, 10 months ago

Hi, I run pop! Os for about a year on a mac book pro 2012. My biggest hassles are Bluetooth audio sucks (glitchy) and I had to install a wireless driver to get wireless to work at all. Other than that, it’s working exactly as expected. Can recommend. It can’t game, it can’t play videos well because the inbuilt speakers suck (and the Bluetooth audio is glitchy), but it’s plenty performant for my actual tasks. Runs smooth. I’m sure most distributions will.

Snowplow8861, 10 months ago

I can guess at some things but let me first start with what I think is happening:

You have a gateway set. Your device sends a broadcast arp message asking 'who has ip ’ and the device with that ip is supposed to send back ‘me with this mac address!’.

That device is either sending it so slowly that your machine says ‘I can’t go past the gateway, the gateway isn’t responding’ which in your error message is no route to host.

Assuming that you have no custom manual network route in play.

So things that can cause that are usually link layer and layer two issues and sometimes duplicate IPs. Two devices with the gateway ip.

You should watch your mac address table and arp table (arp a) and watch if the router gateway disappears or changes Mac addresses.

Snowplow8861, 10 months ago

The bypass is to run your own router, distribute locally hosted dns servers (either the router or pihole) and the dns servers get their lookups over dns over https (443) and your provider can’t intercept that since it looks like regular encrypted Web traffic just like they shouldn’t be able to inspect your netbank.

Australia is different but these isps who do that generally have a +$5 per month plan to go to a static public rout able public Up (instead of cgnat) and unfiltered Internet. They usually are more allowing mum and dad to filter the Web so their kids can’t get too far off track. Maybe just double check on your ISP portal settings but I’m going to assume you’re not in aus.

Snowplow8861, 10 months ago

Don’t feel bad because you’re really good at using a tool that doesn’t follow your values. I use Windows during the work week and I use Linux for gaming on the weekend where I literally can’t work even if I wanted to.

For me Windows is a tool box with propriatry tools that have no Linux compatibility. That’s OK for me. People get emotionally invested but that’s neither healthy nor helpful. No point being angry at work, it’s like being angry that your work uniform is made by one textiles vendor not the other.

You get to choose what you use at home in your own time. If you feel good using Linux then, do it!

Snowplow8861, 10 months ago

I think that’s a good idea, good luck with it!

Snowplow8861, 10 months ago

100%.Or set host file entries on each endpoint to resolve the mail.domain.com to your internal ip that’s available only over vpn. Not going to be easy on mobiles.

There is an assumption though that the mail server has an internal IP address wherever you are hosting. That might not be true. I would always put the public IP on the firewall and then NAT with specific port 25 in to the private IP of the server, but who knows what this particular OP has done.

Snowplow8861, 10 months ago

I’ll give you one reason it’s used commercially: Veeam can only use xfs or refs as a deduplication enabled store using fastclone. For example I have a 60 disk nas hosting hundreds of customer backups and a petabyte. Without deduplication imagine how many extra petabytes of storage would be consumed. Each backup is basically the same image as well as the backup processing time.

Maybe they’ll get that same feature on zfs one day.

Unless you want me to use refs? But I have tried that, and I’ve lost a whole volume to iscsi volume mounted to windows and formatted refs due to corruption when a network power loss happened gradually and whatever reason, that network interruption caused the whole volume to be unmountable over iscsi ever again. I’m not keen to retry that.

Xfs is pretty good with 60 disks, I wouldn’t trust ext4 with that many but there’s nothing factual about ext4 but a feeling.

About to get a second 60 disk nas for another datacentre for the same setup as above to migrate away from Wasabi as offsite. Will build xfs again. Looking forward to it.

Snowplow8861, 10 months ago

Yeah but veeam doesn’t support fast block cloning which means you don’t need to ever recopy blocks that don’t change. From a performance point of view, fast block cloning gives incredible speed up so that in turn means more backups happen in a short time. That’s pretty important even at our small business scale. I guess larger veeam service providers solve things differently.

Snowplow8861, 11 months ago

My experience is the opposite but the same. I have been a sysadmin for 15 years in mostly Windows and Microsoft only. All my work tools are in Windows.

I actually boot to Linux when I’m not supposed to work since otherwise I just have anxiety or dread and then I’ll open teams, outlook, ncentral, prtg…

Also why I enjoy my switch. Can’t really do projects on it like I can on Linux, but I also am switched off from work.