HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dxld

no profile record

comments

dxld
·ano passado·discuss
Here's to hoping, but I agree one way or another one stack needs to go :-)

BTW: Contact info is in my profile if anyone wants the inside scoop. The project just isn't fully ready for public launch yet, but we're well into the cooking.
dxld
·ano passado·discuss
I would agree with you were it not for the fact that I'm personally investing my time into a FLOSS project to make sure the growth does not slow down by making “tomorrow NOT like today”, but gets a kick in the butt once we reach the 50% deployment inflection point instead. Stay tuned ;-)
dxld
·ano passado·discuss
Good news: it's 20 years, not 100, at the most :-)

https://labs.apnic.net/index.php/2024/10/19/the-ipv6-transit...
dxld
·há 2 anos·discuss
I've been really impressed with Mox, an all-in-one monolithinc mail system written in go: https://www.xmox.nl

Trivial to setup, guides you through configuring SPF, DKIM, DMARC, MTA-STS, DANE and DNSSEC. Handles certificates by itself through ACME, comes out-of-the-box with IP/domain reputation based and bayesian spam filtering.

While I've come to appreciate how much tweaking you can do with something like exim I'm starting to see the advantage of not having to spend time doing any of that :)

Mox also has some really cool (and AFAICT) novel features stemming from the fact that it's so tightly integrated. Have a look at the "Rejects" mailbox, or the nuanced way it rejects spam at SMTP time to prevent the dilemma between causing backscatter or potentially dropping mails (like gmail likes to do). I've also never heard of REQUIRETLS before seeing it exposed right there in Mox's built-in webmail.
dxld
·há 3 anos·discuss
> And you believe that you can scare some random scammers in some random country that doesn't recognize copyright or trademarks with a US trademark?

You make my own point sir. They're not going to care about copyright either. So may as well make this proper FLOSS.
dxld
·há 3 anos·discuss
A more appropriate solution to the problem of cloned FLOSS apps is establishing a trademark.

I mean he says it right before the proprietary apologism, the problem is pointing people in the direction of the project by name only for them to find malware ridden clones. Well. The problem here isn't the software being cloned, the problem is the same name being used by the attackers.
dxld
·há 3 anos·discuss
He's calling this "Open Source" but it's under a proprietary license: https://gitlab.futo.org/videostreaming/grayjay/-/blob/master...

> [...] we grant you a [...] license to access and use the code solely for the purposes of review, compilation and non-commercial distribution.

> We may suspend, terminate or vary the terms of this license and any access to the code at any time, without notice, for any reason or no reason, in respect of any licensee, group of licensees or all licensees including as may be applicable any sub-licensees.

Bummer.
dxld
·há 3 anos·discuss
Sad to say I'm surprised the proprietary vendors are lagging behind here, but there should be no architectural reason you can't deploy a more reasonable firewall.
dxld
·há 3 anos·discuss
Well dnsmasq has --dynamic-host for this use-case. Example:

    dynamic-host=cafe.dxld.at,::cafe,lan0
Firewalls tend to support DNS, use it :)

I know for a fact nftables and pfSense allow this, worst case you need a cronjob to periodically reload your ruleset to refresh the DNS data as it's evaluated at ruleset load time (for nftables). Incidentally another TODO project of mine is a daemon to allow running scripts when RA information (such as the prefix) changes, this would come in handy here too.

For anyone interested in making IPv6 bettter come talk to me in #ipv6:ungleich.ch (Matrix).

--Daniel
dxld
·há 3 anos·discuss
You can use ip-token(8) on Linux to define a static interface-id, the part of the IP usually auto-generated based on MAC address when using SLAAC instead of making the whole IP static.

In ifupdown I usually just add something like the following

    pre-up ip token set ::cafe dev $IFACE
This way when you get a new GUA there's no need to "renumber" your network manually as everything will just happen automatically. When your router includes a new prefix in the router advertisement all hosts on the LAN generate new addresses for this prefix.

Couple of gotchas. 1) The ip-token call has to happen before the interface is marked up (as in ip link set dev $IFACE up, not link presence) so if you want to change it you have to take it down first. 2) If your ISP's router doesn't cleanly announce the old prefix to be deprecated (due to a reboot say) it may remain in use by hosts until it's lifetime expires. See RFC4192 for how renumbering is supposed to work.

FYI: I'm working on a small daemon that will monitor RA and deprecated the prefix to handle broken ISP routers.

--Daniel
dxld
·há 3 anos·discuss
I found networking/switchdev.txt very approachable. It documents all those different bridge+vlan (aware/unaware) configs you can do: https://docs.kernel.org/networking/switchdev.html

In particular I've learned from that doc that there's special handling for putting a vlan device on top of a bridge (br0.123) even if the bridge is vlan unaware.

DSA might also be relevant if you're working with hardware that supports it: https://docs.kernel.org/networking/dsa/dsa.html
dxld
·há 3 anos·discuss
OP's approach looks cool but a bit baroque. I'm also hacking around EDID issues and it turns out there's a nice GUI program to decode and (lightly) patch it: https://packages.debian.org/unstable/utils/wxedid

I have to do more involved full EDID reconstruction surgery tho since I need to add DTD entries rather than just change existing ones. So I'm looking at [edid-generator] together with [cvt12]. The latter can calculate xrandr modelines for VESA standard timings that all seem to work with my TV. cvt12 adds the option to calculate NTSC (1/1.001) timings over regular cvt which is already in Debian.

[cvt12]: https://github.com/kevinlekiller/cvt_modeline_calculator_12

[edid-generator]: https://github.com/akatrevorjay/edid-generator (thanks Kodi wiki)
dxld
·há 3 anos·discuss
Hacking the NFC comms is fun and all, but it turns out you can just rip out the orange flatflex PCB under that metal ring with a screwdriver and the brush doesn't care :)

Stops it from beeping at you when your allotted product lifetime is up though.
dxld
·há 4 anos·discuss
Sounds interesting, could you elaborate on the details? :)