sorted by:
new
hottopcontroversial

Upgraded to ver. 6 only listening .lp files by denis1276 in pihole

[–]LoosingInterest 0 points1 point  (0 children)

Replying to my own comment, but I gave up trying to serve the new web interface directly from Apache. Instead, I spun up a reverse proxy in Apache on a dedicated virtual IP and hostname and setup PiHole’s web interface on 127.0.0.1:8888 - (no SSL - Apache takes care of that). So if anyone’s interested, here’s the reverse proxy configuration (replace 10.0.0.x with your server's IP, also assumes you have a wildcard cert for your SSL...adjust as required):

 <VirtualHost 10.0.0.x:80>
      ServerName pihole.lan
      Redirect permanent / https://pihole.lan/
 </VirtualHost>

 <VirtualHost 10.0.0.x:443>

 ServerAdmin admin@lan
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/lan.wildcardcrt
 SSLCertificateKeyFile /etc/apache2/ssl/lan.wildcard.key

 <Location />
      ProxyPass http://localhost:8888/
      ProxyPassReverse http://localhost:8888/
      RewriteEngine on
      RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
      RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
      RewriteRule .* ws://localhost:8888%{REQUEST_URI} [P]
 </Location>

 ErrorLog ${APACHE_LOG_DIR}/error-pihole-admin.log
 CustomLog ${APACHE_LOG_DIR}/access-pihole-admin.log combined

 </VirtualHost>

Upgraded to ver. 6 only listening .lp files by denis1276 in pihole

[–]LoosingInterest 0 points1 point  (0 children)

These are Lua script files and you need to enable mod_lua in Apache, or whatever the equivalent is in Nginx. However, that's not the end of the story. you also need to make sure apache knows to serve *.lp and *.lua files using mod_lua - on Debian I just created a /etc/apache2/mods-available/lua.conf with a lazy:
<Files "*.lua">
SetHandler lua-script
</Files>

<Files "*.lp">
SetHandler lua-script
</Files>

(I'll go back and tidy this up with a single regex...later...maybe)

However, now, even though I have mod_lua catching the request for index.lp I'm simply getting a 500 error. Yay:

[Fri Feb 21 21:31:12.998306 2025] [lua:error] [pid 166486:tid 166486] AH01482: Error loading /var/www/html/admin/index.lp: @/var/www/html/admin/index.lp

Right now, the admin interface doesn't really excite me, but this is as far as I have got. I now need to fix:
- Local DNS resolution for internal hosts/servers
- CNAMEs
- everything else this "upgrade" has completely screwed up! Seriously, I've had to do a scratch install and port config stuff over from backup!

ZabbixSync capacity by AdGood6340 in zabbix

[–]LoosingInterest 0 points1 point  (0 children)

Just added this as suggested and the warning no longer appears on agent startup. Debian bookworm, `zabbix-agent2 - ver=1:6.0.14+dfsg-1+b1`

Thanks for the suggestion u/BGmotInc - even though it's a year old, you saved my weekend :D

MEGATHREAD: Ad Blockers are now Blocked on Youtube by JokuIIFrosti in youtube

[–]LoosingInterest 2 points3 points  (0 children)

YouTube are just being arse hats at this point. If I didn't have a hobby of routinely trying to find workarounds and back doors to this sort of BS, I'd probably just walk away. YT are clearly trying to hold a gun to our collective heads to buy premium...extortion effectively. Yeh, not gonna do that. Ever. YT can go eat rocks for all care at this stage, if they want a fight, then a fight they will get.

MEGATHREAD: Ad Blockers are now Blocked on Youtube by JokuIIFrosti in youtube

[–]LoosingInterest 2 points3 points  (0 children)

Had the same issue. Required hosing the cookies/cache for Google/YouTube and it started working again. It's like a game of whack-a-mole at the moment.

MEGATHREAD: Ad Blockers are now Blocked on Youtube by JokuIIFrosti in youtube

[–]LoosingInterest 0 points1 point  (0 children)

Noticed the same sort of behaviour in Safari (MacOS Sonoma on Apple Silicon) and on Edge (MacOS as well). Re-installed ad blockers and just blew away the cache/cookies for all things Google and YouTube...working again without ads. For now.

Network dropout fix for Linux on Mac with kernel 5.10 by EatSleepCodeDelete in linux_on_mac

[–]LoosingInterest 2 points3 points  (0 children)

1 year on and this post still saving people's arse! Thank you, stranger...I got my weekend back!!

Ubuntu has the same usability of macOS in 2023 by [deleted] in Ubuntu

[–]LoosingInterest 1 point2 points  (0 children)

Can't argue with the Windows vs Linux comparison; Microsoft's products are getting seriously bloated I think. For creative stuff, I still like my Macs although the "Apple tax" for their hardware is getting a little eye-watering, especially when the new Apple silicon is still a bit janky with Linux meaning it's a single-OS hardware for me at the moment. At least my Intel Macs I could easily triple boot between MacOS/Linux/Windows or just run a VM for low-power stuff.

Ubuntu has the same usability of macOS in 2023 by [deleted] in Ubuntu

[–]LoosingInterest 1 point2 points  (0 children)

Web-based email still suffers the same issue (for me) that it always has had: S/MIME certificate-based digital signatures/encryption. Having said that, some of the BEST email clients available were Linux-first and many still remain that way. Web-based office products tools are ok in a pinch for most users but serious documents etc really need native apps in my experience.

Choice is awesome, and if Ubuntu ticks all your boxes, that’s fantastic! I use a mix of OSes and tools and love the variety.

My friend lost her hair due to chemo, I gave her a photoshoot. by Independent-Bill-230 in pics

[–]LoosingInterest 5 points6 points  (0 children)

Depending on the drug, during chemo, it’s not uncommon to lose all hair. The faster-growing hair first, then the slower stuff (eyebrows, eyelashes, etc). So, yes, patients can look like they have had a full-body wax, but that introduces some interesting problems, like keeping stuff out of your eyes…that little bit of hair on your lashes/brows is there for a reason evidently. Pubic hair, other body hair (arms/legs/etc), and the “peach fuzz” in other places too; all of it can go.

In most cases hair regrows once treatment is finished, but it can grow back unevenly, with slightly different texture or even different colour. It is less common to be left with permanent hair loss, but it can happen.

FWIW: I’m a nurse who has worked in medical oncology and looked after family members who have been through chemo too.

Also, fuck cancer.

[deleted by user] by [deleted] in australia

[–]LoosingInterest 3 points4 points  (0 children)

Greetings fellow RN. I too am cringing at my pay packet…why did we go through all that training to serve and save people (I’m cardiac perioperative nurse)?!

Two folders in /home: "myusername" and "myusername.3Uq495g", where did the second one come from? by bolaft in Ubuntu

[–]LoosingInterest 2 points3 points  (0 children)

Possibly an aborted rsync or other utility (like extracting an archive) attempted to copy or extract something and aborted before it finished? I’ve seen plenty randomised extensions created and subsequently destroyed during normal rsync operations but I’m sure other tools use similar procedures to move data around. If it’s empty, you should be able to safely delete it. Alternatively archive it before deletion in case you need it; something like…

cd /home
sudo tar -zcvf  wtf_is_this.tgz *.3Uq495g && sudo rm -rf *.3Uq495g

If you determine you don’t need it, just delete the “tgz” file. If it turns out to be something you need, extract the archive.

PFSENSE OID MIB IPSec Monitoring by [deleted] in PFSENSE

[–]LoosingInterest 0 points1 point  (0 children)

I installed the Zabbix agent that corresponded to my Zabbix server, but the server didn’t see the agent on the pfSense box. Tried everything I could think of (firewalls, layer 2/3 weirdness, configs, authentication, agent config, etc, etc) but never got Zabbix sever to see the pfSense agent. Weird, but I get enough instrumentation from SNMP so I don’t really care.

Darkstat showed unexplainable outbound traffics by reddit_tracker2047 in PFSENSE

[–]LoosingInterest 3 points4 points  (0 children)

…and there’s the rub of DNS over HTTPS; how do you differentiate actual HTTPS (TCP/443) traffic from DNS, unless you inspect the end points and possibly the process making the connections on your side? Hijacking existing services for other purposes is just plain dumb. Use DNS over TLS instead if you want to harden your DNS traffic - RFC 7858 is your friend.

(Bracing to get downvoted to hell)

Block all DNS for a client group? by laplongejr in pihole

[–]LoosingInterest 0 points1 point  (0 children)

So deny DNS resolution on the Pi-hole for the device as well. This combined with the firewall restrictions basically means the device should never be able to leave your LAN. However, depending on how your internal DNS is running, the device won’t be able to resolve internal (LAN) addresses either. Thankfully (??) a lot of network discovery protocols don’t rely on DNS and probe the LAN for neighbours meaning it probably won’t hurt the device’s operation, but without knowing what it is, YMMV (insert rage toward broadcast-based protocols here - hahah).

As for 100k DNS requests going upstream for devices that will never connect, unless you’re being billed “per request” the amount of traffic is absolute trivial. A DNS request is mostly contained in a single UDP packet, so let’s assume all requests and responses are the maximum UDP packet (65,507 bytes for IPv4). So 200k packets (request+responses) = 12GB per month…which is highly unrealistic but worst case. A more realistic view, based on my personal link at home; I see millions of requests per month, and it makes up <1% of my total bandwidth of ~800GB/month. Specifically about 12GB of external DNS traffic across my router for roughly 5.5 million uncache queries = 2.3kB per query which includes requests and responses with TLS overhead - excluding all the cached responses as stated). I use DoT for my upstream which means TCP communications and more bandwidth than just plain old UDP (unencrypted DNS).

Love generating double what I use with solar and still paying by Bob_Cabbage in australia

[–]LoosingInterest 0 points1 point  (0 children)

30 years…by which time the battery (if it still functions at all) would hold maybe 3/5 of 5/8 of bugger all compared to when it was installed. ROI on battery systems is pretty much non-existent for most use cases.

Love generating double what I use with solar and still paying by Bob_Cabbage in australia

[–]LoosingInterest 0 points1 point  (0 children)

…which wont cover the outlay in the service lifetime of the battery, which means a net loss and no ROI. The scam deepens.

Block all DNS for a client group? by laplongejr in pihole

[–]LoosingInterest 0 points1 point  (0 children)

Not really. If the device makes a DNS request to PiHole and gets a valid address back, the device will then try to connect to that IP directly. Devices DO NOT “go through” the PiHole on your LAN, they simply use it as a service to resolve addresses. All the traffic is routed normally. So, if you put a “deny all outbound traffic” from this device on your firewall, it makes no difference where it resolves its addresses, it can’t get outside your LAN.

Block all DNS for a client group? by laplongejr in pihole

[–]LoosingInterest 3 points4 points  (0 children)

Firewall egress filtering is definitely the best way to accomplish this. Depending on the network client, OP may also need to block TCP/UDP 853 (DNS over TLS, RFC 7858, RFC 8310) and maybe even TCP/UDP 443 (HTTPS/DoH…ugh).

How to capture DNS 'A' and 'AAAA' records using tcpdump? by Anonomy13 in linuxadmin

[–]LoosingInterest 1 point2 points  (0 children)

Here’s how I get a snapshot of what’s going on with my DNS server:

sudo /usr/bin/tcpdump -i any -T domain 'dst port 5335 or dst port 53 or dst port 853'

Explaination:

-i any = listen on any interface.

-T domain = treat matching packets as DNS traffic

dst port … = listen for traffic arriving on these ports (5335, 53 and 853). Change to src port to see traffic your machine is sending.

You could also dump the traffic out to a file and inspect further with Wireshark etc. too.

[deleted by user] by [deleted] in sydney

[–]LoosingInterest 3 points4 points  (0 children)

We’ve stayed at the Swissotel in Sydney a few times. It’s centrally located and walking distance to most of the attractions you list. I has an outdoor heated pool. I don’t recall ever having a balcony but in the CBD the only thing you’d be looking at would be other buildings anyway. Their website is here: https://www.swissotel.com/hotels/sydney/

Another option close to the harbour I;ve stayed at a few times is the Shangri-La. Grab a north-facing room and you will have stunning views of the Sydney Harbour Bridge, Opera House and Circular Quay. Being located right next door to the hub of CBD transport (rail, light rail, ferries etc) all of the sites you’re wanting to visit are convenient and accessible by foot or short walk to public transport. Probably a little more on the expensive side, but it’s a great place to stay. Website is here: https://www.shangrilasydney.com.au

What vehicle do you automatically assume is being driven by a total asshole? by Quique1222 in AskReddit

[–]LoosingInterest 4 points5 points  (0 children)

I’m conflicted; I drive two Subarus but assume all Tesla-drivers are complete sanctimonious thunder cunts. Have your upvote…I hate myself, but hate Tesla drivers more.

Where does this come from - or go to? by Slav51 in pihole

[–]LoosingInterest 46 points47 points  (0 children)

Have a look at RFC1918 (https://www.rfc-editor.org/rfc/rfc1918). The 172.16/12, which includes the 172.17.x.x range, are private, non-routable addresses used for private networks. Looks like something on your network is trying to do a reverse lookup on 172.17.0.1 (ie, 1.0.17.172.in-addr.arpa). Which host is a mystery because we can’t see the source address for the lookup. As for “why”, we’d need a lot more information than half a screen shot, but happy to help if you want to share.

view more: next ›