starkzarn
@starkzarn@infosec.pub
- Comment on Xitter Pause Encrypted DMs. 1 week ago:
They misspelled “backdoors.”
- Submitted 1 week ago to selfhosted@lemmy.world | 0 comments
- Submitted 2 weeks ago to selfhosted@lemmy.world | 0 comments
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
Hey good for you, that’s awesome! My home network is also dual stacked.
You’re right about the apples to oranges comparison, but it’s not so wildly off, because the commentary is on adoption of new standards, regardless of bolt-on “fixes.” Unauthenticated SNMP went through three revisions prior to adding authentication and encryption support.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
And IPv6 was codified in RFCs and first addresses issued in 1999 but look where we are now. I’d bet your corporate network doesn’t use IPv6 still. It’s unfortunate, but sometimes the wheels of change are slow.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
Nagios is a premium offering. They have some open source components, but the software model is absolutely not built around the spirit of GPL.
Zabbix is the obvious alternative in my mind, and it is AGPLv3, so absolutely in the same spirit as the LibreNMS license. It’s a slightly different tool though, and less network-specific. Having used both, I prefer LibreNMS for specifically network monitoring, it’s laid out to cater more to an ISP-type entity running it, and I like that. Zabbix still gets my wholehearted stamp of approval though.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
Updated the post to reflect your feedback here. Thank you!
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
You are absolutely correct, thank you. Sadly a bunch of devices still don’t support it, even in 2025 (like my microtik switch) for example. I will absolutely add a note about that though, thank you!
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
I absolutely have and used it for a while before landing on opensuse microos primarily. I absolutely see the benefit and enjoyed the git-centric nature, keeping flakes in repos with a flavor for each machine. What I didn’t enjoy, however, was the seemingly poor documentation. Quite frankly too, the drama surrounding the community doesn’t inspire confidence either. I decided I ought to try out guix but haven’t gotten to it yet. I do actually still have one nixos VM that hosts some services for me and is built entirely on the concept of the impermanence flake. That was pretty cool.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
Excellent! Let me know if there are specific things you’d like to hear about.
- Comment on Monitor Your Network the GPL Way with LibreNMS 3 weeks ago:
Absolutely! I’d happily take any comments you have from running it in an enterprise setting, if you care to share.
- Submitted 3 weeks ago to selfhosted@lemmy.world | 17 comments
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 4 weeks ago:
That’s not how that works.
network_mode: hostshares the network namespace with the container host, so it doesn’t do any NAT, it only exists on the host’s IP. It would be akin to running a natively installed app, rather than in a container.macvlannetworking is what gives a container its own IP on the logical network, without the layer of NAT that the defaultbridgemode networking that docker typically does. - Submitted 4 weeks ago to selfhosted@lemmy.world | 0 comments
- Comment on Everyone knows what first aid is, but what is second aid? 5 weeks ago:
God hasn’t responded to a single one of my issues or merged a pull request since I started on this earth. Slacker.
- Comment on Monitoring OPNSense Logs with Grafana Loki 5 weeks ago:
I would love to if I had them! Haha. I’m working on the dashboard right now, which will be part two.
I don’t have a great answer on the IOPS requirement, but I imagine it’s less than something based on elasticsearch/open search based on the reindexing. I’ll try and benchmark it if possible.
- Comment on Monitoring OPNSense Logs with Grafana Loki 5 weeks ago:
Great question, I’ve asked myself the same thing.
First, in my opinion they serve to achieve different things. While openwrt is a firewall, it’d a simple zone based firewall and it designed primarily as router firmware, not firewall software.
Opnsense is BSD based, openwrt is Linux based. Those both haves pros and cons. BSD has serious pedigree in the networking world. Juniper switches are still based on BSD even. Openwrt gets the Linux traffic shaping goodies like cake though.
I chose openwrt because it’s more suited to my environment, where I have 10 VLANs, a 10G fiber core, and want IDS/IPS. Openwrt is meant to be lighter weight, but is less feature-full.
- Comment on Monitoring OPNSense Logs with Grafana Loki 1 month ago:
Isn’t it the best? Somehow all the big log and aggregation stacks are java… Elk, graylog, wazuh…
- Comment on Monitoring OPNSense Logs with Grafana Loki 1 month ago:
🤘🏻
- Comment on Monitoring OPNSense Logs with Grafana Loki 1 month ago:
Certainly! Feel free to comment on any hardships, if I notice a glaring omission or something I’m happy to fix it. This is also a pretty new setup for me, so I’m still tweaking and working through what will become part 2 here in Grafana, currently.
- Submitted 1 month ago to selfhosted@lemmy.world | 10 comments
- Comment on How to Host Headscale on a Linux Server with Podman Quadlets (Part 2) 1 month ago:
Hey, the journey is the destination sometimes. Glad you liked it!
- Comment on Recipes, Meal Planning, and Shopping List 1 month ago:
There’s no mobile app, but the web app front end is a PWA, so you can select “install” from the page in a WebKit browser and get what is effectively a mobile app.
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
Awesome! Thanks for the banter. It’s easy to get stuck in your own echo chamber working IT every day, so it’s nice to have these kinds of questions. Feel free to drop anything into comments too, maybe other readers will benefit too!
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
No worries, and I’ll accept criticism too, that’s how you improve.
Anyway, this is effectively giving you tailscale, a remote access mesh VPN solution, but with total control and ownership of the control plane server, instead of relying on the opaque tailscale owned and controlled infra. I touched on it briefly again the ‘DERP Config’ section of part 2: roguesecurity.dev/blog/headscale-quadlet-part2#DE…
- Submitted 1 month ago to selfhosted@lemmy.world | 2 comments
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
Part 2 is live! roguesecurity.dev/blog/headscale-quadlet-part2
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
No, it’s not you, the XML file isn’t including post content yet. I wasn’t sure how to do that, so figured I’d start with the simple thing of generating a list from the posts manifest for the time being. This would at least show you a link for when a new post is up, but you’re right there’s no content yet. When I have a bit more time I’ll research how can I dynamically add the entire post content.
- Comment on Traefik with Socket Activation via Podman Quadlets 1 month ago:
Realized I didn’t answer the last question here on hardening. The answer is sure! I don’t have much planned for the blog, as I was just thinking I’d take “public notes” for my tinkerings as they came. I’ve done linux administration for a long time though so I’d be happy to put together a post on baselines and hardening