seanho
seanho
About
- Username
- seanho
- Joined
- Visits
- 739
- Last Active
- Roles
- Member, OG
- Thanked
- 139
- About Me:
- seanho.com
Comments
-
Minimize the attack surface as much as possible. If Exim is listening on port 25 and has a CVE, or you haven't updated it in a while and your old version has a CVE, your VPS will be pwned within days, or sometimes within minutes. tcp/4140 is assign…
-
Doing the rate limiting directly in zfs is probably the best. In addition, you might investigate piping it through pv with the -L option.
-
Oh man, I did a fair bit of Perl hacking, back in the day; this brings back memories. When Perl 5 came out, it was like the sky was falling -- what was a scripting language doing with OO? There was a time when I really bought into the "literat…
-
Metal detector around the trench?
-
Not fond of Authy being closed source. I've used FreeOTP for a while but it's ancient. Many password managers nowadays have TOTP built-in; e.g., KeePassDX on Android. Even with good old Google Authenticator, root the phone and use Titanium Backup t…
-
For internal KB I use hugo in a git repo with CI. I just need to fiddle with the theme a bit; blog layout isn't a good fit for KB.
-
Agent. Key represents an identity, not a host https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
-
Nowadays with Proxmox, virt-manager, vagrant, etc., it's super easy to spin up a few KVMs and/or LXC and see for yourself just how dependent the guest OS is on the host OS, and how easy it is for the host to access secrets in the guest.
-
Something to be aware of, which tripped me up a number of times: add_header declarations are generally inherited from enclosing blocks. E.g., if headers are specified in a server block, they'll propagate to nested location blocks. However, if a nest…
-
Farewell to two idlers in FR and UK, it was good while it lasted. Consolidating to dedis and home lab.
-
I looked into this with ffmpeg scripting a few years ago, but never finished it. Would you mind tossing your script up on github?
-
V2ray and caddy in-memory cache?
-
Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)
-
Agreed that VNC should not be exposed to the internet. SSH tunnel, VPN (OpenVPN, WireGuard, ipsec, etc), or SSL to a Guacamole server on the LAN. Port tcp/5900+(display number). If using TightVNC server, don't forget client must also be tight (rath…
-
(Quote) No worries, I understand why you'd want to keep it similar to the current storage VPS offerings. My use cases would be fine with just an S3 interface rather than a full VPS, and I was thinking it might spare you some headache in that you do…
-
How about an S3-compatible object storage service, with either metered or unmetered traffic?
-
Another possibility is to copy/rebase onto a btrfs filesystem and use bedup (extent-panel dedup). Then you get copy-on-write if you need to make modifications. ZFS is another option.
-
(Quote) burp is ok, not a ton of development, but not orphaned (one-man show, coming out of his master's thesis). I moved to it (from BackupPC, if memory serves me) mostly because of the Windows VSS support, and haven't looked in detail at other opt…
-
PoI's Thornhill
-
Great topic! I've been using a little-known tool called burp for several years, but may move to borg in the future. Incremental with daily/weekly/etc history. Block dedup on the server, which helps with a few Windows clients for which I'm backing u…
-
What location are you looking for?
-
FreeNAS can be installed to a USB drive; most of the OS is loaded into ramdisk, so it doesn't hammer the USB drive. If using hardware RAID, make sure you're able to procure an identical replacement card (and flash to same firmware) if/when your RAI…
-
Very. The assumption is that you'd run this on dedis, VDS with unlimited CPU usage per ToS, or owned hardware (e.g., homelab). Don't run F@H on a LES NAT VPS, just ... don't
-
The probability of not winning any of the next drawings from 2k-10k is (untested python): numpy.prod( 1.0 - 1.0 / r for r in range( 2000, 11000, 1000 ) ) So the probability of winning at least one of those drawings is 1 minus that. Comes out to ab…
-
Yep, just touch /option.netfilter and wait at most half an hour for the host cron job to pick it up. The file will then be renamed to /netfilter.enabled, container will reboot on its own, and you'll be good to go. There's also /option.fuse and /opt…
-
You are too kind, WSS! My expertise is not in hosting (nor is it surveillance!), so I have learned a lot from this community over the years.
-
I have not used solar powered cameras. Everything I've seen points to sticking with PoE. For power, the daily charge/discharge can be taxing on batteries. For data, local-only storage is useless if it gets stolen / destroyed, and WiFi tends to flake…
-
Dahua 2MP with Sony StarVis sensor. Can see in pitch dark, it's like magic. (Some of the Swanns are rebranded OEM Dahua.) Andy at EmpireTech, drop him a line on ipcamtalk or his AliExpress store; his Amazon prices tend to be higher. Also, BlueIris …