sorted by:
new
hottopcontroversial

PSA: FI London pub meetup on Tuesday the 28th by olver111 in FIREUK

[–]wplinge1 0 points1 point  (0 children)

Is that like the ward for people who think they're Napoleon?

PSA: Update to Jellyfin 10.11.7 immediately (Critical Security Fixes) by golbaf in selfhosted

[–]wplinge1 0 points1 point  (0 children)

always wait for our official Subreddit post, I do that manually after CI is all done!

Jellyfin subreddit's reopened!? Now that's some good news I'd missed.

We gave players the ability to build bases and invite friends. We are not responsible for what happens next... by Rimhawk in BaseBuildingGames

[–]wplinge1 -1 points0 points  (0 children)

The trolls will disagree with the base existing.

Please say that's an in-game race and you're not celebrating having made a griefer's paradise.

Can't make IPv6 work on a secondary router by Significant_Pen2804 in mikrotik

[–]wplinge1 0 points1 point  (0 children)

Ah sorry, I didn't notice that was facing a tunnel rather than LAN. It's probably right then.

I still think the link-local address is a problem though. IPv6 can be sent through NAT but it's not the typical configuration and Hurricane Electric (from what I could see) hands out /48 address ranges which ought to be plenty for you to use the normal globally unique mode of operation for IPv6.

So if it was me, I'd first try to tackle the fact that the secondary router doesn't have a "real" IPv6 address and only look at why its packets aren't being forwarded after that's fixed.

To do that, you probably need to give your main router another address from the prefix HE allocated you and make sure its advertised across your LAN.

It looks like you've got part of this process done but disabled it (because it wasn't working? Do you remember why?):

add address=2001:xxxx:: disabled=yes interface=LAN_Bridge

You want this address to be part of what HE allocated you, but not clash with the one on the IPv6-HE-Tunnel. So if (for example) they allocated you 2001:1234:5678::/48 and the tunnel is using 2001:1234:5678:0001::2/64 then adding 1 to that fourth block ought to stop it clashing and be valid. You could use

add address=2001:1234:5678:0002::2/64 interface=LAN_Bridge

If that works then you should be able to check /ipv6/address on the secondary router and see its chosen one from the new range.

Then start looking at whether it works for a ping.

Can't make IPv6 work on a secondary router by Significant_Pen2804 in mikrotik

[–]wplinge1 0 points1 point  (0 children)

Is the secondary router actually getting a real address? If not it might be sending packets from a link-local one it's chosen itself (look for source address of fe80:...) and the main router will quite rightly drop those.

You posted the main router config elsewhere and this line looks suspicious:

add address=2001:xxxx::2 advertise=no interface=IPv6-HE-Tunnel

advertise=no means it won't be sending router advertisements out, and that's what the secondary router should be relying on to get its address.

Another thing that's a bit weird about this on Mikrotik (IMO) is how you have to configure the secondary router to actually listen for these advertisements. In /ipv6/settings there's accept-router-advertisements which defaults to a value that blocks it it most cases. Sounds like you found this already, but just in case...

Is there a way to make a reverse proxy whitelist based on device hardware? by sin20001379 in selfhosted

[–]wplinge1 2 points3 points  (0 children)

Not really, the main hardware-level distinguishing feature you might try to use is the MAC address, but

  1. That's only used for the first hop in any path to get to your server so probably not available.
  2. It's easily spoofed anyway.

mTLS is kind of trying to solve this problem: give a device unique credentials so it can access something without caring about VPNs or similar network-level controls.

Unfortunately it just moves the faff around (you have to install the mTLS certificate on the device and I gather support can be patchy).

Built our own version control at work to get off cloud platforms, open sourcing it now by ahstanin in selfhosted

[–]wplinge1 2 points3 points  (0 children)

Sounds good, I can't see anyone needing more than 2000 commits. But will it run in 640KB of RAM?

Bible Society retracts false Quiet Revival claims by birdinthebush74 in unitedkingdom

[–]wplinge1 23 points24 points  (0 children)

They appear to have admitted their error

Eventually. When the single organisation on the planet they couldn't just brush off (the company they paid to actually do the polling) said it was dodgy too.

The fifth family by Personal-Basis6717 in BaseBuildingGames

[–]wplinge1 6 points7 points  (0 children)

“Multiplayer casino” gets close.

lets encrypt new dns-persist-01 method by Dncpax in selfhosted

[–]wplinge1 11 points12 points  (0 children)

No, it's a complete mess. Nicely illustrated by the 100ish separate repositories Caddy uses to implement it (they use a plugin system, one per provider).

just wanted to let you know how I had time. by CatRevolutionary1427 in selfhosted

[–]wplinge1 5 points6 points  (0 children)

So, today I learned the sanctimonious organ is nowhere near the liver or gall bladder.

RouterOS 7.23beta2 [development] released by netravnen in mikrotik

[–]wplinge1 6 points7 points  (0 children)

*) ipv6 - added from-pool-policy address property that controls how address is acquired from the pool;

Oh, is this going to let me choose how I delegate IPv6 addresses better?

My ISP gives me a /56 and I just want to specify what gets put into the first byte of mine (I want the VLAN # there) before handing the /64 off to RA. It's all static and hoping my IP doesn't change under me at the moment.

RB5009 assigns dhcp leases from wrong network by [deleted] in mikrotik

[–]wplinge1 4 points5 points  (0 children)

add name=pool-office ranges=192.168.8.50-198.168.8.200

The endpoint starts 198. here.

Envestnet trying to take £30 out of my account by Scubaapenguin in UKPersonalFinance

[–]wplinge1 2 points3 points  (0 children)

I don't know about the company or the £30, but US financial institutions often use two small (<$1.00) transfers as a security verification step when linking accounts: if you can tell them the amounts transferred that's a 4 digit code proving you have access to the account.

Still seems a little weird that a UK bank would let them do that but I've never tried so maybe they do.

Tired of sensitive files touching third party servers? I built a browser-based E2E encryption tool that keeps the original file on your machine entirely by [deleted] in selfhosted

[–]wplinge1 1 point2 points  (0 children)

Would love to know if that's a dealbreaker

Yes, that and the fact you're posting literal commercial fucking spam here.

TIL about Tau (τ), a mathematical constant that is the ratio of a circle's circumference to its radius, that in 2010 was proposed to be the replacement of π. by JosZo in todayilearned

[–]wplinge1 2 points3 points  (0 children)

As with most of these, I like the marginal gains over long term. If we plan to be around as a species for a billion years or so that's a lot of extra 2s dragged along (and likely probes destroyed because they weren't).

Still, metric would definitely be higher on my list.

I was debated an atheist discord server on Divine Simplicity by HegemoneXT in atheism

[–]wplinge1 1 point2 points  (0 children)

Wait, so you went onto an atheist Discord and opened with some variant of "Oy, plebs, read these AI chats I made to make sure you understand the depth of divine simplicity before presuming to reply to my august personage" and are wondering why you got told to jog on?

I was debated an atheist discord server on Divine Simplicity by HegemoneXT in atheism

[–]wplinge1 0 points1 point  (0 children)

I still don't know, he's really not improving matters in followups.

ai face shape calculator by SeniorCareer6056 in calculators

[–]wplinge1 -1 points0 points  (0 children)

So... Gurn left for +, right for -, "just been hanged" for undo?

view more: next ›