starkzarn
@starkzarn@infosec.pub
- Comment on #FGLAE 4 days ago:
Slime mold is so god damn cool man
- Comment on Why are anime catgirls blocking my access to the Linux kernel? 5 days ago:
That’s because they just terminate TLS at their end. Your DNS record is “poisoned” by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it’s meaningless.
- Comment on Systemd Service Hardening 1 week ago:
That’s a super valid question, as it seems sometimes that some of these things are configured in a way that begs the question “why?” As far as contributing to documentation, that’s a moot point. This is already in the man pages, and that’s exactly what I referenced in writing this post, in addition to some empirical testing of course. As far as implementation goes, I think that probably lies at a per distribution level, where not one size fits all. Although I don’t know of it off the top of my head, I’m sure there’s a security centric distro out there that implements more of these sandboxing options by default.
- Comment on Systemd Service Hardening 2 weeks ago:
Excellent! There’s certainly a lot to unpack, but being able to twist all these little knobs is part of the beauty of Linux.
- Comment on Systemd Service Hardening 2 weeks ago:
Hey, much appreciated!
- Submitted 2 weeks ago to selfhosted@lemmy.world | 6 comments
- Comment on Self-host Meshtastic Metrics in Grafana 4 weeks ago:
The primary thing is rather than “dumb” flood routing, you can choose the path your message takes to its destination; as a repeater operator you can also choose the path it takes to repeat out. Its a slight compensation to people carelessly placing infrastructure nodes with poor configurations in poor places. Not perfect, but better. Adoption is much, much lower though, and the licensing is not copyleft.
- Comment on Self-host Meshtastic Metrics in Grafana 4 weeks ago:
Meshcore does address some of the biggest shortfalls of Meshtastic, but I absolutely HATE that they’re positioned to either rugpull, or setup a perpetual “freemium” model. It’s also not interoperable, so if Meshcore is to work, it needs the numbers like Meshtastic has.
- Comment on Self-host Meshtastic Metrics in Grafana 4 weeks ago:
Yeah, so far the most prevalent thing around my area has been “it’s a hobby for the sake of being a hobby.” No one does anything terribly useful or important with it. I can tell you that I would certainly never rely on it as a form of emergency communication.
- Submitted 4 weeks ago to selfhosted@lemmy.world | 8 comments
- Comment on Just.....why? 1 month ago:
It’s not about user-led synergy. The personal data market is slurped up by those that already have and are building correlations. Just because a user didn’t report anything to their insurer doesn’t mean an insurer sure as shit isn’t going to want the data if they can link it to the user whatsoever, so long as it will make them more money.
This is hypothetical, of course, but it’s the way the market of data brokers works.
- Comment on Just.....why? 1 month ago:
You joke, but I guarantee there’s a market. Consider health insurance companies that see an opportunity to charge everyone more unless they can prove their good brushing habits via app data.
- Comment on Monitoring network devices 2 months ago:
Love me some graylog
- Comment on Monitoring network devices 2 months ago:
LibreNMS, which is a modern fork of observium.
- Comment on Monitor your AREDN Node with Prometheus and Grafana 2 months ago:
Yes! Qsl cards are very much still alive and well. Some traditions will never die. The special event stations are fun to get cards from.
Super cool anecdote on the telescope thing, I’ve never heard of that.
I hope you get back on the radio, it’s a great hobby. It’s a nice stress relief outlet for me these days too.
- Comment on Monitor your AREDN Node with Prometheus and Grafana 2 months ago:
Love to hear things like that! When I first got licensed the solar cycle was utter trash. We’re past the peak now, but band conditions are still pretty good generally. A few watts and a wire will still get you somewhere with CW and some other forward error corrected modes (like FT8). I have a lot of fun with the digital stuff like AREDN, but it’s definitely a different ball game and the old school SSB-based radio still has its place in my heart.
- Comment on Monitor your AREDN Node with Prometheus and Grafana 2 months ago:
False positive what? I didn’t give any specific examples of alerts, just simply monitoring metrics. Are you referring to the note on the Dnsmasq memory leak?
- Comment on Monitor your AREDN Node with Prometheus and Grafana 2 months ago:
For any hams here, maybe this blog post will be up your alley. 73!
- Submitted 2 months ago to selfhosted@lemmy.world | 7 comments
- Comment on Xitter Pause Encrypted DMs. 2 months ago:
They misspelled “backdoors.”
- Submitted 2 months ago to selfhosted@lemmy.world | 0 comments
- Submitted 3 months ago to selfhosted@lemmy.world | 0 comments
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
Hey good for you, that’s awesome! My home network is also dual stacked.
You’re right about the apples to oranges comparison, but it’s not so wildly off, because the commentary is on adoption of new standards, regardless of bolt-on “fixes.” Unauthenticated SNMP went through three revisions prior to adding authentication and encryption support.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
And IPv6 was codified in RFCs and first addresses issued in 1999 but look where we are now. I’d bet your corporate network doesn’t use IPv6 still. It’s unfortunate, but sometimes the wheels of change are slow.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
Nagios is a premium offering. They have some open source components, but the software model is absolutely not built around the spirit of GPL.
Zabbix is the obvious alternative in my mind, and it is AGPLv3, so absolutely in the same spirit as the LibreNMS license. It’s a slightly different tool though, and less network-specific. Having used both, I prefer LibreNMS for specifically network monitoring, it’s laid out to cater more to an ISP-type entity running it, and I like that. Zabbix still gets my wholehearted stamp of approval though.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
Updated the post to reflect your feedback here. Thank you!
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
You are absolutely correct, thank you. Sadly a bunch of devices still don’t support it, even in 2025 (like my microtik switch) for example. I will absolutely add a note about that though, thank you!
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
I absolutely have and used it for a while before landing on opensuse microos primarily. I absolutely see the benefit and enjoyed the git-centric nature, keeping flakes in repos with a flavor for each machine. What I didn’t enjoy, however, was the seemingly poor documentation. Quite frankly too, the drama surrounding the community doesn’t inspire confidence either. I decided I ought to try out guix but haven’t gotten to it yet. I do actually still have one nixos VM that hosts some services for me and is built entirely on the concept of the impermanence flake. That was pretty cool.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
Excellent! Let me know if there are specific things you’d like to hear about.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 months ago:
Absolutely! I’d happily take any comments you have from running it in an enterprise setting, if you care to share.