2xsaiko

@2xsaiko@discuss.tchncs.de

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
True. I knew I should have left that as “NFS 4” because someone would comment this. From what I’ve read (never used it), NFS 3 is very different to 4 and also just kind of not worth using, especially just for Windows, since it has no security at all.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Please just use Kerberos instead of fiddling with uids. It’s the only sane way to get NFS access controls and user mapping. Works on both Linux and macOS (but there’s no NFS on Windows anyway).

I’d say you can run the Kerberos KDC on the NAS but if Synology has some locked down special OS you’ll need another machine for that.

Unfortunately SMB is so screwed that you can’t reuse ordinary Kerberos for authentication there, which is unfortunate if you want to have both that and NFS. I’ve yet to look into whether Samba AD can be used for both.
⁨Comment⁩ on ⁨New social experiment⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Documents and Settings
⁨Comment⁩ on ⁨New social experiment⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
nix
⁨Comment⁩ on ⁨New social experiment⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Macintosh HD
⁨Comment⁩ on ⁨Do you want the murderer of the UnitHealthcare CEO prosecuted?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
okay ❤️ yay ❤️
⁨Comment⁩ on ⁨Any tips for setting up a Mac? A 15+ years Linux user needs help⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’ve been using Linux for maybe 8 years before getting a Mac and found it to be great to use pretty much immediately. So there’s not really much I can tell you here. Except maybe to install the GNU coreutils from homebrew (and that itself if you don’t have it yet), the ones it comes with suck.

I don’t think there is a way to download Xcode without an Apple ID. The App Store also needs one though you could get by without that. You could just make the account only for downloading Xcode and only sign in in the browser for it, I suppose.
⁨Comment⁩ on ⁨Apple's controversial iPhone accessory may have been discontinued⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Can confirm it is terrible. I bought one and both of them have terrible DAC artifact noises. Should have gone with the Apple one.
⁨Comment⁩ on ⁨Post your setup. no matter how uggo⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Image

The disks are the most uggo part. They’re a bunch of old disks of varying sizes with a RAID+LVM setup to make the most use of them while still being redundant.

lsblk output of the whole thing
saiko@vineta ~ % lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 111.8G 0 disk ├─sda1 8:1 0 512M 0 part /Volumes/Boot └─sda2 8:2 0 111.3G 0 part /nix/store / sdb 8:16 1 372.6G 0 disk └─sdb1 8:17 1 372.6G 0 part └─md1 9:1 0 1.5T 0 raid5 └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage sdc 8:32 1 465.8G 0 disk ├─sdc1 8:33 1 372.6G 0 part │ └─md1 9:1 0 1.5T 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage └─sdc2 8:34 1 93.1G 0 part └─md2 9:2 0 279.3G 0 raid5 └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage sdd 8:48 1 4.5T 0 disk ├─sdd1 8:49 1 372.6G 0 part │ └─md1 9:1 0 1.5T 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage ├─sdd2 8:50 1 93.1G 0 part │ └─md2 9:2 0 279.3G 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage ├─sdd3 8:51 1 465.8G 0 part │ └─md3 9:3 0 931.3G 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage └─sdd4 8:52 1 3.6T 0 part └─md4 9:4 0 3.6T 0 raid1 └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage sde 8:64 1 7.3T 0 disk ├─sde1 8:65 1 372.6G 0 part │ └─md1 9:1 0 1.5T 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage ├─sde2 8:66 1 93.1G 0 part │ └─md2 9:2 0 279.3G 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage ├─sde3 8:67 1 465.8G 0 part │ └─md3 9:3 0 931.3G 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage └─sde4 8:68 1 3.6T 0 part └─md4 9:4 0 3.6T 0 raid1 └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage sdf 8:80 1 931.5G 0 disk ├─sdf1 8:81 1 372.6G 0 part │ └─md1 9:1 0 1.5T 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage ├─sdf2 8:82 1 93.1G 0 part │ └─md2 9:2 0 279.3G 0 raid5 │ └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage └─sdf3 8:83 1 465.8G 0 part └─md3 9:3 0 931.3G 0 raid5 └─storagevg-storage 254:0 0 6.3T 0 lvm /Volumes/storage sr0 11:0 1 1024M 0 rom
⁨Comment⁩ on ⁨Chaining routers and GUA IPv6 addresses⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Most computers with (at least) two network interfaces will do. If it’s something too crappy your throughput will be limited by CPU speed but I can’t tell you exact recommendations here. Here’s OPNsense’s hardware recommendations for example, they’re not high at all. Off-the-shelf devices that allow you to do this should probably be fine too.

I’d put Linux on it and use nftables but BSD PF seems to be very popular for firewalls (OPNsense/pfSense are built on this) which I have never used so consider that too.
⁨Comment⁩ on ⁨Chaining routers and GUA IPv6 addresses⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Not a professional networking guy either but here’s my opinion.

What I would do is use the ISP router as is, open all ports on it (except to itself, hopefully it doesn’t do that…), and put a firewall in between the router and everything else that controls the actual access to everything behind it (in bridge mode between the two network interfaces of the firewall, so you only have the one network).

Could a potential second router also assign addresses to devices in that globally routable space directly?

Devices in IPv6 assign addresses themselves via SLAAC, you just need one device advertising the prefix which the ISP router should already do. The firewall should be able to just purely be there for packet filtering. If you need fixed addresses for public facing servers I would just assign them manually to the respective boxes as you likely also need to add them to public DNS manually anyway.
⁨Comment⁩ on ⁨what do you use for screen sharing?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Huh, I thought I looked through them all when I tried it last time. I’ll check again.
⁨Comment⁩ on ⁨what do you use for screen sharing?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Do you self-host Jitsi? The public instance has absolutely unusable FPS for streaming gameplay which is pretty much the only thing I still use discord for because it’s the only thing that seems to do it well. I read somewhere you can turn up the FPS on a self-hosted Jitsi though.
⁨Comment⁩ on ⁨Peter Todd Was ‘Unmasked’ As Bitcoin Creator Satoshi Nakamoto. Now He’s In Hiding⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Irresponsible and malicious journalism like this is why I have an immediate distrust against any sort of reporter that tries to talk to me. Probably irrational but still.

I hope your balls explode.

I wish him the very same.
⁨Comment⁩ on ⁨Syncthing Android app discontinued⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Yup!
⁨Comment⁩ on ⁨NFS mount disappearing⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Never seen this before, but you can enable NFS debugging with ‘rpcdebug -m nfs -s all’ (or nfsd on the server, or rpc for the underlying protocol). It prints to dmesg.
⁨Comment⁩ on ⁨Syncthing Android app discontinued⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
IIRC Keepass2Android does have that feature.
⁨Comment⁩ on ⁨Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
What they suggest sounds like setting up a bridge interface between your LAN and the VPN interface to connect the VPS with your LAN. That’s actually a good idea since it would not need you to have a separate /64 for your local network. In this case I’m pretty sure that your VPN needs to be a layer 2 VPN, i.e. transports whole ethernet frames instead of TCP/UDP only, for this to work correctly. Wireguard doesn’t do this, OpenVPN can for example.

To make the VPS a gateway, you need to configure it to forward packets between networks and then set it as your default route on the clients (with IPv6, default route is usually published using router advertisements, set up radvd service on your VPS for that). That’s pretty much it IIRC except for the firewall rules. Here’s an article that’s some cloud stuff but is also applicable to your situation: www.linode.com/…/linux-router-and-ip-forwarding/#…
⁨Comment⁩ on ⁨Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I had the network before moving here (created it when I did have a public IPv4). Can’t test creating one new since it will only allow me to make one per IP.
⁨Comment⁩ on ⁨Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Hm, it doesn’t? I’m not behind CGNAT but I’m in a network I don’t control (university dorm) so my gateway is just another device in the local network and I don’t have a public IP which I control, which I feel like should effectively be the same thing as CGNAT, and it works for me. Maybe it isn’t the same.
⁨Comment⁩ on ⁨Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
The easy way is to just use tunnelbroker.net, that is what I currently have (this would use one of their assigned net blocks, not the one from the VPS). Set it up on the Pi, set up IP forwarding with appropriate firewall rules, make the Pi serve RA so clients can assign themselves an IP, done (IIRC).

If you want to set up the v6/v4 gateway yourself, I would do this with a /64 you can fully route to your home network like you would get with tunnelbroker.net because then you don’t have to deal with the network split and essentially two gateways for the same network (your Pi and the VPS), because otherwise your clients would assume the VPS is directly reachable since it’s in the same network when in reality it would have to go through the gateway (you would have to set up an extra route in that case on every client, I think). You’d need a second network from Oracle for this.

But it’s pretty much the same thing I would assume plus the setup on the VPS side, make the VPN route your /64 block (or use 6in4 which is what tunnelbroker.net uses), configure IP forwarding on the Pi and the VPS between the VPN interface and local/WAN respectively.
⁨Comment⁩ on ⁨Authentication for external sevices⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
You’re looking for an OAuth-compatible identity provider (personally I use Kanidm, if Keycloak does that too that works, I’ve never used it). And then set it up as the auth mechanism for Immich, and whatever else you want: immich.app/docs/administration/oauth
⁨Comment⁩ on ⁨static website generator⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
How about GNU M4 + Make (output)?

(to be clear this is a joke suggestion. but yes it is what I legitimately use)
⁨Comment⁩ on ⁨Does leaving a single board computer caseless can be a problem or not?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I killed 3 Raspberry Pis by putting them onto a metal surface while turned on (first two times I didn’t know what was happening and the third time was accidental). Do not recommend.
⁨Comment⁩ on ⁨Amazon's Monopoly of the tech industry is ruining the US economy⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I like to order tech stuff from mindfactory.de
⁨Comment⁩ on ⁨Student dorm does not allow wifi routers⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’m in a similar situation. Before I had to move all was fine, I had a single ethernet port I plugged my router into. It even had a static IPv4 (even though no IPv6 but I could just use tunnelbroker). Literally perfect.

After I moved I’m now stuck in this horribly designed network that has a stupid internet cafe tier login portal even for wired devices, unencrypted wifi, seemingly every single device from every student on the same network (I am getting blasted with other people’s broadcast packets and I’m pretty sure the network congestion from that is where my weird intermittent packet loss comes from). And now I don’t have any public IP address at all.

Whoever they hired to set this up is an absolute moron who has no idea about network security or how to make an efficient network and considering the internet cafe login portal probably likes to cause as much suffering as possible. (Not saying I’m necessarily qualified but the fact alone that I can connect to other people’s AirPlay devices means they failed at both.)

And the reason all of this is a problem is that they also don’t allow putting a router/firewall in front so I can get a sane network. Had to tear down pretty much all the infrastructure I set up in the old place because a lot of it was relying on me having control over the network. Of course, I knew none of this before I moved in, I was explicitly looking for internet shenanigans in the contract.

I now have a janky Wireguard mesh network setup with one of the machines being the IPv6 gateway. Awful but at least I have public addresses and IPv6 (and with that a bit of my own network space) again.
⁨Comment⁩ on ⁨"Concord servers are now offline. Thank you to all the freegunners who have joined us in the Concord galaxy"⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
People paid for that original game too, it wasn’t free. I don’t assume they got refunded. It was basically a massive bait and switch.
⁨Comment⁩ on ⁨Nissan develops paint that keeps cars cool in summer heat⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Just one more lane will fix traffic bro
⁨Comment⁩ on ⁨Recommendation engine: Downvote any game you've heard of before⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I’ve got it already from the itch.io page the other user posted. But thanks!
⁨Comment⁩ on ⁨Recommendation engine: Downvote any game you've heard of before⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I did not realize this game was this well known! It has a super low player peak and at least last time I looked after I first played it years ago no big YouTube channels had a let’s play of it either.