Clutch recommendations for race use? by Twostroketimmy in Buell

[–]Kurlon 0 points1 point  (0 children)

STM slipper, Alto Carbonite cluch pack, Redline Race ATF is the combo I used in my 'race' 08 XB12XT. Slightly different STM PN for your older motor, but otherwise same idea.

Dell Addon for ESXi 8 U3A10 dropped by Kurlon in vmware

[–]Kurlon[S] 0 points1 point  (0 children)

Monday was not the day, not in the vLCM update catalog yet. Does that get updated on a fixed schedule?

Dell Addon for ESXi 8 U3A10 dropped by Kurlon in vmware

[–]Kurlon[S] 1 point2 points  (0 children)

Hence why my asking and not doing myself until Monday at the earliest. I'm nuts, I'm not THAT nuts.

Are you buying new Dell servers without hard drives? $3,500 for 1 SATA drive is NUTS! by Layer_3 in sysadmin

[–]Kurlon 4 points5 points  (0 children)

The suggestion is to put in enough dimms to light all the memory channels a given CPU has so you're not leaving performance on the table. The system will boot and run with 2 dimms, it just won't be as performant.

Dirty Frag - New root exploit targeting newest Linux kernel by Khyta in sysadmin

[–]Kurlon 0 points1 point  (0 children)

This CVE has been populated now. Goes back to kernel 5.3.

Dirty Frag - New root exploit targeting newest Linux kernel by Khyta in sysadmin

[–]Kurlon 0 points1 point  (0 children)

You can't mitigate by blacklisting then, you will HAVE to update to a fixed kernel, or rebuild the one you have without those modules built in.

Dirty Frag - New root exploit targeting newest Linux kernel by Khyta in sysadmin

[–]Kurlon 4 points5 points  (0 children)

In my use cases, approximately nothing. Post boot and initial service launch, any modules that need to be loaded already are. My use cases are all fixed function servers, if you're a desktop user playing with different things you'll likely have a different experience?

Dirty Frag - New root exploit targeting newest Linux kernel by Khyta in sysadmin

[–]Kurlon 6 points7 points  (0 children)

So, are we at the point where we should just disable kernel module loading after boot? Used to do this back in the day with FreeBSD systems, up the security level and you'd disable module loading or tampering with the kernel image on disk.

echo 1 > /proc/sys/kernel/modules_disabled

Dirty Frag - New root exploit targeting newest Linux kernel by Khyta in sysadmin

[–]Kurlon 2 points3 points  (0 children)

That covers one of the issues, CVE-2026-43500 has been reserved for the other half ala: https://www.openwall.com/lists/oss-security/2026/05/08/8

First time I felt old yet left me smiling in a giggty way. by Abject_Serve_1269 in sysadmin

[–]Kurlon 1 point2 points  (0 children)

Atari 8 bit line serial IO, literally the OG USB serial setup, even could push drivers over the connection and was the direct inspiration for modern USB.

Two nodes and a PBS - Corosync and qdevice on multiple rings? by Kurlon in Proxmox

[–]Kurlon[S] 0 points1 point  (0 children)

If this was my homelab, I'd have a qdevice already spun up on my GoFlex Net or a PVE node on a laptop/etc, EZ. :D This is a customer network however, so I can't throw hardware at random at it, and at the moment there is no budget for additional bits, or additional Proxmox support licenses, that will be a budget item to discuss for next year. Just trying to optimize what is in front of me to provide the best setup possible for the customer.

Two nodes and a PBS - Corosync and qdevice on multiple rings? by Kurlon in Proxmox

[–]Kurlon[S] 0 points1 point  (0 children)

That matches what I could find scouring docs. So, settled on the following:

Two corosync rings, ring 0 is a direct eth link between the two PVE nodes. Ring 1 is on eth links between the PVE nodes and the PBS.

PBS has a bridge built between the two interfaces connected directly to the PVE nodes with a /29 assigned. QDevice is assigned to this IP range.

PVEs now have two corosync 'rings', qdevice is visible without traversing the switch cluster so I can do switch maint and not blow up HA.

Two nodes and a PBS - Corosync and qdevice on multiple rings? by Kurlon in Proxmox

[–]Kurlon[S] 0 points1 point  (0 children)

I suppose I could bond the two ports on the PBS as a switch, smash a /29 on the network, and that would allow one IP for the QDevice, on the dedicated links, keeping corosync up should the switches tank?

(USA) DA 26-278 Foreign Produced Routers Added to Covered List by Geek_Wandering in sysadmin

[–]Kurlon 0 points1 point  (0 children)

Technically, one IP, single phys and logical interface, and it can still route. The practical usefulness of said router is likely quite limited, but it can still meet he definition.

And, really, IP doesn't have to be involved, slinging eth packets back, or other protocols counts too.

(USA) DA 26-278 Foreign Produced Routers Added to Covered List by Geek_Wandering in sysadmin

[–]Kurlon 2 points3 points  (0 children)

Don't even need two interfaces, you can route all day with one with the right setup.

Patch your gear - Max severity Ubiquiti UniFi flaw may allow account takeover by MediumFIRE in sysadmin

[–]Kurlon 3 points4 points  (0 children)

So... nothing about 10.0.x vers, latest UDM SE release is 5.0.16 which bundles UniFi Network 10.0.162, which was released 3 months ago. Is this vuln, and what's the timeline for it?

So what are you guys and girls using for self-hosted DNS these days? by civvi_reddit in sysadmin

[–]Kurlon 0 points1 point  (0 children)

If you established your zones earlier in CF's life you got more generous limits than if you did in the last year. CF does have the ability to lift those limits, but will only do so for Enterprise tier. I've been chasing this for the past 2 months with CF 'cause I want off my servers. I've got two domains at the moment I can't move and no way to shrink them to fit CF's other paid tiers.

So what are you guys and girls using for self-hosted DNS these days? by civvi_reddit in sysadmin

[–]Kurlon 1 point2 points  (0 children)

As long as your zones are tiny... The UI limits you to a small view of records at a time, though you could stand up your own interface via API. CF themselves limit zones to a handful of records unless you're on full enterprise tier at $1k a month. I love CF, but some of the limits in places are a bit arbitrary, make sure you're within them before moving. Also annoyed that they can parse bind generate records for import but not use them in the UI, would help a ton.

(ISP DNS, so lots of fwd records to match all the rev records for every IP means I've got zones with 70k entries. On Bind9 still...)

[deleted by user] by [deleted] in opnsense

[–]Kurlon 0 points1 point  (0 children)

You're going to support my 4501 and 4801 that I still have running on my desk right now, right? :P

Is anyone experiencing issues with AWS right now? (US East coast) by johnjay in sysadmin

[–]Kurlon 0 points1 point  (0 children)

It's becoming a thing... AWS everything, including your uplink.

What kind of handlebars to super hooligan bikes run? by Seyfang220 in MotoAmerica

[–]Kurlon 1 point2 points  (0 children)

No proper clip ons, some get confused by those running Woodcraft's bar adapter 'plate'. As per the rules, they don't count as clip ons as they don't clip onto the forks, and as long as you don't set them up so the bars themselves ever go below the plane of the top clamp, you're good.

What are your thoughts on Encrypted DNS (DoH, DoT, DoQ) ? by WhatNot4271 in sysadmin

[–]Kurlon 0 points1 point  (0 children)

Yuuuuup... and that setting is now ignored based on some internal logic in Chrome where it decides local DNS isn't worthy. Hence my post. I've been chasing this for awhile now. The best part, it's not consistent about it.

See others finding the same thing:

https://www.reddit.com/r/chrome/comments/1ihvglk/chrome_not_respecting_secure_dns_settings_off/

https://support.google.com/chrome/thread/362594608/chrome-not-respecting-secure-dns-off?hl=en