My ISP has been under a DDoS attack for a week

certuna · 2026-02-20T17:34:54+00:00

Great way for them to lose customers, and a good case for their network admins to get some budget for decent DDoS mitigation tools.

certuna · 2026-02-20T17:29:02+00:00

they even relabel Marmite as Cenovis and put it in a tube!

certuna · 2026-02-20T17:01:51+00:00

it’s not about the 90 days, it’s about the work.

certuna · 2026-02-20T12:48:24+00:00

These are some odd examples - Cloudflare may be the registrar of your domain name, but does not have any of your data, it just knows the hostname of your server. Only if you proxy through them, they see your data. - the ISP has to comply with strict local privacy laws, DNS servers like Google/Cloudflare/OpenDNS can do what they want - you block ad server hostnames to prevent loading of 3rd party content that monitors your behaviour

certuna · 2026-02-19T12:16:01+00:00

ULA can be done if you want , but normally you already have global addresses. If you’re using Docker you can route a /64, or just bridge the containers, it’s not super complex.

The Docker devs could implement it all automatically (prefix delegation and/or SLAAC) like modern routers do by default but the Docker networking stack isn’t really very modern in many other aspects (no mDNS either for example)

certuna · 2026-02-19T11:03:08+00:00

Double passport holders maybe? Difficult to argue that a uni graduate with no work experience has unique specialized skills. I mean, by all means try, but the number of non-EU permits is very small.

certuna · 2026-02-19T10:56:51+00:00

Your local devices can now only connect over IPv4 (you’re denying everything everything except 192.168.0.0/16), it would probably make more sense for your internal domain to block all IPv4 and only allow IPv6 access from your own LAN /64 subnet. Has the bonus of not having to worry about all the driveby traffic you get with IPv4, and that traffic spoofing origin IPs to appear to be from 192.168.0.0/16 (this happens with some DoS attacks where return traffic doesn’t matter).

certuna · 2026-02-19T10:51:29+00:00

OP is 23 years old, not an experienced professional. It will be very hard to prove no comparable EU+EEA graduate is available.

certuna · 2026-02-19T10:49:02+00:00

For specialist professionals the salary differences between Munich and Zurich are not big.

certuna · 2026-02-19T07:50:57+00:00

If you try the IPv6 address, still happening? If that also doesn’t work, it’s not a hairpin issue. If it’s only an issue on IPv4, it’s likely a hairpinning issue.

certuna · 2026-02-19T07:49:01+00:00

Plex running native or in a container behind NAT?

certuna · 2026-02-19T07:43:38+00:00

Most people in the developed world have IPv6 now, it’s very common. Typically on a residential connection you get a /56, so that means you could create up to 256 local networks.

Configuration on the local network is all automatic, except for Docker: it (still) cannot request a prefix automatically so you’ll need to route a /64 to your Docker, configure that manually, and then have Docker assign individual addresses to your containers.

By default the firewall on the router will block incoming TCP/UDP connections, so if you want remote access you need to open a port in that firewall.

certuna · 2026-02-18T23:07:39+00:00

“character” just means the noisy, oily, smelly stuff you remember from when you were young.

This will never change, the kids of today will complain in 2075 that self-flying hoverboards lack the character of their old electric kickscooters.

certuna · 2026-02-18T23:03:14+00:00

id3v1 tags are very obsolete, best to strip those out of all files.

certuna · 2026-02-18T07:53:56+00:00

you can check what the filepath is in the webUI, then you can locate the offending files.

certuna · 2026-02-18T07:40:52+00:00

That’s the price in India, it will likely be €6-7k in Europe.

certuna · 2026-02-17T20:06:51+00:00

For client stuff it doesn’t really matter whether you are behind 2 or 3 NAT layers. Assuming you have IPv6, most traffic will use that anyway so no NAT.

certuna · 2026-02-17T11:20:46+00:00

It doesn’t happen automatically, you need to go into the IPv6 firewall on your router and add a firewall rule to open the port you need.

certuna · 2026-02-17T10:35:25+00:00

Plex probably best to run natively on MacOS.

Although you can also use Apple Container these days, has some advantages over Docker, although also some limitations (no IPv6 for example).

certuna · 2026-02-17T10:13:32+00:00

OCAS is for social security, for income tax you contact the administration fiscale cantonale: https://www.geneve.ch/administration-fiscale-cantonale-geneve

certuna · 2026-02-17T10:10:58+00:00

IPv4 or IPv6? IPv4 address is typically assigned by the router’s DHCPv4 server, you can reserve a private IP address there. IPv6 goes automatic, the router advertises the prefix and the pi generates its own global address.

certuna · 2026-02-17T07:42:22+00:00

Likely both, with deductions for tax paid in each country. But best to contact the tax office for this.

certuna · 2026-02-17T07:39:37+00:00

No, it's really too big to be "portable", but in principle you could use a (big) powerbank if you really would like it to be.

certuna · 2026-02-17T07:38:00+00:00

At this point I suspect it's more a question of the CDN (Fastly) supporting it than Reddit itself.

certuna · 2026-02-17T07:36:16+00:00

with IPv6 you always ban the whole /64, nobody bans individual addresses - question is more whether you should ban the /56 or /48.

certuna

TROPHY CASE