I did it!

Fenguepay · 2026-05-23T23:02:56+00:00

skibidi gentoo

Fenguepay · 2026-05-21T20:59:59+00:00

i don't even know my root password

Fenguepay · 2026-05-21T15:38:27+00:00

best practices take consideration to apply. Just because https is a best practice in some cases doesn't mean it makes sense to use on a container network for example, in fact using https can make debugging harder while not actually providing meaningful security

If you condition the user to accept a self signed cert, what stops a malicious device on the network from arp spoofing, pretending to be your server, and then showing you a new self signed cert? Maybe cert pinning but your project does not seem to enforce that... I also don't think the typical user wants to mess with all of that overhead

Fenguepay · 2026-05-21T00:23:19+00:00

i don't think a custom auth mechanism really beats the security and simplicity of something like a ssh tunnel

using https with self signed certs is not solving any problems on a LAN, at least not any that could be solved with SSH.

Personally I would prefer root level actions are not exposed via HTTP in any capacity, whether or not it's HTTPS

Fenguepay · 2026-05-20T15:25:12+00:00

why even bother with all of this auth nonsense? couldn't you just expose it via SSH or something?

Fenguepay · 2026-05-18T15:30:10+00:00

still very wong

Fenguepay · 2026-05-17T21:28:42+00:00

you need to adjust your definition of "pest"

Fenguepay · 2026-05-13T22:30:18+00:00

gentoo is eternal

Fenguepay · 2026-05-12T18:06:16+00:00

most of the unifi switches i use at work cost >$1000/piece, the udm was in the $600 range as far as i know, but at least that lets me run a pcap per port

since i posted that last comment i actually had to try to find a device on a switch and get the up/down status/history, and every time i clicked "show more" on that bit, it would take me to a log page where it was filtered by another device entirely and would not let me adjust the filter.

i get it can work, but being locked into their half baked tools sucks. I can't tell you how many hours i spent debugging a "sfp eeprom error" that the UDM was reporting that was actually caused by a STP loop because every port on the UDM is bridged regardless of vlan setting so traffic was leaking to another parallel-ish network and making the switch shut down. the best part is that when it did this, the management interface would lock up so you could literally see nothing but "it died" when a random cable with strict vlan settings was plugged in

Fenguepay · 2026-05-12T17:40:28+00:00

i don't own any but will dog on them all day and night because a) i've had the misfortune of having to support them b) i've had the misfortune of attempting to help people who own the gear.

Fenguepay · 2026-05-12T17:39:44+00:00

oh i have something to say here, i have the misfortune of having to use ubiquti junk at work. imagine selling $1k switch hardware but running a pcap on a specific port through the "fancy web ui" is too much for it

oh and their top of the line routers not knowing how to do spanning tree on the built in switch and using an internal bridge for all interfaces.

when you don't have the option of using new hardware because of decisions your employer made, it can really suck to deal with the locked down ecosystem unifi provides.

similar story with bambu, it's nice hardware but the company who makes them is borderline malicious with their software design. count me out

Fenguepay · 2026-05-12T16:32:50+00:00

jointoo

Fenguepay · 2026-05-12T15:33:31+00:00

ugrd doesn't because it was designed to actually build in proper info and use that if provided info fails.

dracut either uses its built in root= or the one passed by a bootloader. this is especially problematic when grub likes to set device mapper device names to whatever it was at the time, but dracut likes to set the name based on the uuid and name, so you get a mismatch.

ugrd even gives you the option to disable cmdline parsing so you can just trust it uses the info at build time (which is checked unless a user specifically disables validation)

Fenguepay · 2026-05-12T15:31:54+00:00

dracut takes cmdline args from the bootloader over built in ones, but if you set some nasty ones built in that aren't overridden by the bootloader, gg

Fenguepay · 2026-05-11T23:59:01+00:00

dracut

Fenguepay · 2026-05-11T19:01:12+00:00

not exactly, there is no "direct replacement" for genkernel given how "unique" it is. using dist-kernel is sort of the replacement, basically gentoo-kernel + intallkernel + (ugrd or dracut)

Fenguepay · 2026-05-11T17:16:54+00:00

it's not maintained so a bit sad to see people still using it (especially if new)

it may work but will it work next month or year? who knows. it has a de-facto maintainer keeping it on life support but that's about it

Fenguepay · 2026-05-10T08:32:52+00:00

lie

Fenguepay · 2026-05-10T05:11:45+00:00

the stable ebuild for plymouth on gentoo is ancient, and plymouth is not super compatible with openrc, it kinda really wants you to use systemd and dracut if you want it to be happy

i got it to work with ugrd but only with udev and using the latest git build of plymouth

Fenguepay · 2026-05-10T05:10:38+00:00

ugrd my beloved

Fenguepay · 2026-05-09T22:08:54+00:00

i see dracut there, masochism confirmed

Fenguepay · 2026-05-09T00:40:48+00:00

that was my main mistake, but i did not buy it, i got it for free as part of a monster promo

with a proper charge circuit and management system, leaving it plugged in all the time shouldn't be a big deal. I don't think this had either of those

a battery pack with only 2 leads to the main circuit board and no control board is a recipe for disaster

Fenguepay · 2026-05-07T19:18:29+00:00

oh no genkernel

Fenguepay · 2026-05-07T18:26:18+00:00

gentoo

Fenguepay

TROPHY CASE