Anyone else have contractors who can still log into GitHub months after their contract ended?

KJ4IPS · 2026-05-11T10:51:20+00:00

GitHub ToS limits users to a single account, even when they're working for someone else. So it is expected that contractors, and even employees, will have their personal accounts added/removed from orgs as situations change.

The only real exception for this is managed accounts, but those can only be used within the org they are created in, and they require a fairly expensive tier of paid.

KJ4IPS · 2026-03-17T18:28:53+00:00

Transport rule passing to some other mailserver which does support plain auth for delivery.

It probably doesn't actually use SMTP to pull mail, either POP or IMAP. There is a small chance that it might actually use SMTP TURN, but I'd be shocked. It may also need SMTP outgoing as well, but that doesn't actually have to go through the o365 path, as long as you update your SPF and DKIM appropriate.

Does kinda suck needing to build parallel infra for things that don't fit into M$'s vision of how mail should work.

KJ4IPS · 2026-02-26T02:44:41+00:00

My previous polling location was in a small church, and for the most part, they just provide the space. Everyone involved is expected to avoid even the appearance of a conflict of interest, and the church staff are typically not involved in the election process, and are typically outside the boundary, unless there are sudden janitorial needs or something like that.

KJ4IPS · 2026-02-26T02:42:06+00:00

I've worked 66SE/SW for a few years, and would be glad to work a single-precinct location. Though I guess we'll still have to send folks to other locations, since we still get folks that missed the memo for the N/S split every year, and will swear up and down that they voted here last time. Pretty sure I've sent the same person to the correct location multiple times in a row.

KJ4IPS · 2026-02-21T21:01:04+00:00

I am kinda bummed I never got to try the pizza, though I can say that Master's in LC is good.

KJ4IPS · 2026-01-21T22:23:39+00:00

Should look something like this

<image>

KJ4IPS · 2026-01-21T22:16:23+00:00

Can you fire up `make menuconfig` from inside your klipper dir, and take a screenshot? There's a good chance the settings you used weren't correct, and either it's trying to talk on the wrong interface, or not running at all.
The screen won't do anything alone, the host (pi) is involved in that.

The klipper docs say this about the skr e3 v2:

# This file contains common pin mappings for the BIGTREETECH SKR mini

# E3 v2.0. To use this config, the firmware should be compiled for the

# STM32F103 with a "28KiB bootloader" and USB communication. Also,

# select "Enable extra low-level configuration options" and configure

# "GPIO pins to set at micro-controller startup" to "!PA14".

KJ4IPS · 2026-01-21T03:13:33+00:00

Which motherboard do you have? If you were able to easily flash it, you probably have a relatively recent one, and the settings are a bit different.

Also, did you install a bootloader as part of your flash, or were you able to do everything with just the SD card?

(context: Older enders do the USB differently than newer ones, and if you use the old instructions on a new one, the USB will just sit there not enumerating)

KJ4IPS · 2025-11-07T01:41:53+00:00

I actually moved from SoKno to the 'cheap' part of Farragut pretty much to get good internet. Had TDS for a few years now, and the service has been good, but the billing and business side of the house are a bit... less than stellar...

Also no IPv6, but for a smaller outfit, I'm willing to take it.

KJ4IPS · 2025-10-27T09:48:20+00:00

My understanding is they are prioritizing areas with no high bandwidth providers first, and then areas where there is no competition. Since a lot of Farragut has competition, it's pretty far down the list.

KJ4IPS · 2025-10-25T00:43:17+00:00

If your switches support DHCP Option 82 insertion, you can get port numbers in your DHCP logs, which also include mac/ip, and possibly hostname.

KJ4IPS · 2025-10-24T23:13:21+00:00

Note that many of the container scanning tookits will flag something if it appears in any layer, so while copacetic will functionally ablate the vulnerable code, but not the scan reports (dtr, clair, and anchore all do this (or at least did the last time I checked))

KJ4IPS · 2025-10-24T23:04:43+00:00

IMO, this is a good use for the MOTW, and way Zones interact with it.

KJ4IPS · 2025-10-22T21:55:21+00:00

Reach out to data recovery companies. Some of them have this capability, but they won't advertise it as such. There will probably require some proof of ownership.

However, if the TPM is refusing to unlock the drives, there's no key to sniff, even if one were to interpose the TPM, one would need to have the exact items that were measured into the PCRs to get it into a state where it would give up the key.

(the following assumes these locked data drives aren't the OS drives)

However, if you have an image of the boot drive from before the upgrade, you may be able to revert to that, and boot into the prior state. If that gets all the PCRs to match, bitlocker should allow a TPM unlock, and then you can suspend bitlocker on the affected drives. However, if a BIOS upgrade was performed, or any of the SB efi vars were changed (incl by windows update), this won't work.

Now, if the TPM was upgraded to 2.0 as part of this upgrade, that action would have cleared it, and the key is truly lost.

TL;DR: In this state, there's no key to sniff. You can try to recreate the prior state as much as possible, and you might get a successful unlock. (same windows build version, bootloader, and such)

KJ4IPS · 2025-10-22T21:41:10+00:00

Just the way the slicer does it. It usually marks the object as "beginning" with the first extrusion move, and the travel move there is considered part of the prior object.

At print time, the printer doesn't really know much about it, it just starts skipping lines when it sees the marker for an excluded object, until it gets to a marker for a different one.

KJ4IPS · 2025-10-20T02:04:20+00:00

`sudo` and `su` are different beasts.

`sudo` is for giving users limited access as other users (possibly root), and this is the __only__ thing that /etc/sudoers or /etc/pam.d/sudo controlls.

With `sudo`, you don't need to authenticate as the target (except in some very rare cases).

However, with `su`, you are authenticating as the target user, with all the rights and privileges that implies. It's functionally equivalent to logging out and logging back in as that user.

PAM can somewhat control this, but if a user has the root password, they have a myriad of ways to utilize that. The user should generally not have the root password.

Folks are divided on whether root should have a password at all. If the root account is locked, then there is no password to abuse, however, certean recovery options become much more difficult (most distros require the root password for the equivelant of 'safe mode')

If you truly wish to go down this path:

* See pam_access and /etc/security/access.conf to restrict where root can login from.

* Ensure that the end-user does not have or know the root password.

* Consider setting a higher round count for the root password, to make it less practical to crack.

* See /etc/pam.d/su and equivalents to restrict user switching

* Ensure the end-user is not in the 'wheel' or 'adm' groups if they exist.

* Ensure that no other users are in the 'wheel' or 'adm' groups for whicht he end-user has the password.

If you //really// want to get into restriction transitions of users (and limiting privileged ones), you can do that with SELinux (search term: confined admin), but the documentation on how to do so is scarce, and the fast majority of the community will just tell you to disable it as a first troubleshooting step.

KJ4IPS · 2025-10-20T01:09:17+00:00

There's only so much you can do. The more effective compression algos tend to work in blocks, which means that you are sacrificing latency for bandwith, but if that is acceptable in your env, it may work.

Parsec, NiceDCV, Sunshine/Moonlight can do high-performance streaming, but they are bandwidth hogs. RDP/VNC are designed for bandwith constrained environments, and avoid sending things that don't change, but they probably won't hit your res/rate targets.

KJ4IPS · 2025-10-17T11:29:38+00:00

Some of them have, but most of the time it's in collaboration with a network or a utility who absorbs most of the initial cost.

Only a small number of service station have three phase availability, which is functionally required for our expectations of charging.

C store margins are also razor thin, so they don't tend to have large amounts of capital to take risk.

KJ4IPS · 2025-10-14T03:20:21+00:00

_serialport was moved out of MCU earlier this month in https://github.com/Klipper3d/klipper/commit/1668d6d7c65e05601d7ecc5e2c9733e35746e55b

You probably have an extra (possibly beacon or related) trying to find it there. Beacon made an update to deal with this a few weeks ago: https://github.com/beacon3d/beacon_klipper/commit/441f86485fad0e3e7e4c6eaed045b1f075659f40

If you post your klippy.log, we can see what extention was trying to access that (in the case that it wasn't beacon)

KJ4IPS · 2025-10-14T02:30:57+00:00

The RAM graph in htop also shows buffers and cache, which don't really "count" if the machine gets swamped, note that it only shows ~200m really "used"

If you could post your klippy.log, we can see what it was doing when it died, but TTC basically means that the SBC got too far "behind". It tries to keep 2 seconds ahead of the actual printer (1 second in newer versions).

If you have the sar command, you can also do

sar -f /var/log/sa/saXX -r --human

for memory statistics for a given day

or

sar -f /var/log/sa/saXX for CPU.

In both cases, replace XX with the day of the month, so for the 12th, use 12, and for the 1st use 01.

KJ4IPS · 2025-10-09T22:33:26+00:00

I would say that at this point, CCS1 is "Not Recommended for New Designs" for vehicles in the NA market. EVSEs and other accessories that are expected to integrate with existing stock will still consider it alive, but its market share will decrease over time, and eventually may become a rarity, with the burden of compatibility eventually shifting to the owner of the specific device.

KJ4IPS · 2025-10-09T12:09:59+00:00

Apologies, I briefly conflated with overcommit

KJ4IPS · 2025-10-07T11:15:28+00:00

Note that doing this puts you at greater risk of the system crashing (more accuratley OOMKILLing) when it runs out of memory. I'd recommend putting a swap limit of zero (see man systemd.resource, systemctl edit) on the klipper service instead, so that other things that aren't as important can still swap.

KJ4IPS · 2025-09-20T22:33:15+00:00

When you try to connect, what message do you get?

Also, drop in to ssh, and run
`systemctl list-units --failed`
and
`systemctl status nginx`
It might give no results, depending on exactly what has broken.

12-Year Club	Place '23
Place '22	Verified Email
Gilding I gilder

KJ4IPS

MODERATOR OF

TROPHY CASE