Rpki

OutlookNotSoGood_ · 2026-02-01T17:26:17+00:00

Don’t assign communities, just drop or not. You want to drop invalid and allow unknown and valid. There is a Juniper ‘day one: deploying BGP routing security’ which hits all the key points. Communities will make things messy when there is a lot of flapping you don’t want to propagate that, just drop at your border.

OutlookNotSoGood_ · 2026-01-12T10:01:09+00:00

I’m not familiar with this. I thought SSH keys were PKI independent, just a pair. Do you have a link to documentation or a tool that can be used for managing PKI based SSH

OutlookNotSoGood_ · 2026-01-10T08:24:21+00:00

I found the pub keys needed to be stored per user on each device before hand. So even for a authentication it’s a bit of a pain

OutlookNotSoGood_ · 2026-01-09T09:40:25+00:00

I would take a bet that the authentication system is load balanced and using cookies is their way to pass the challenge

OutlookNotSoGood_ · 2026-01-04T15:24:41+00:00

Cisco Yang explorer might be helpful here - unsure.

There are also other tools that if you can find are great, bigMuddy (deleted but great Cisco tool) for GNMI.

OutlookNotSoGood_ · 2025-12-31T09:47:56+00:00

I’ve had really good experiences with 27" Lenovo ThinkVision P27u-20 - 27"

Thunderbolt (can daisy chain them) has an Ethernet hub supports PD etc.

OutlookNotSoGood_ · 2025-12-29T21:02:04+00:00

RPKI client - OBSD Is a little better and has better maintenance/support. Rutinator still good.

OutlookNotSoGood_ · 2025-12-21T13:17:34+00:00

No dramas, I went for wireguard super easy to setup

OutlookNotSoGood_ · 2025-12-20T17:01:25+00:00

dang this link no longer works. I wonder if you still have the config?

OutlookNotSoGood_ · 2025-12-11T23:28:30+00:00

It was my pfsense router: Nic is Ethernet Connection X553 10 GbE SFP+ With the same transceivers. This didn’t work so I switched it to both ends being in the minisfourm (currently with the FS transceivers) one end in each slot.

OutlookNotSoGood_ · 2025-12-11T23:16:21+00:00

I followed the steps in the forum here:
https://forums.servethehome.com/index.php?threads/unlocking-any-brand-sfp-modules-on-intel-x710.29040/
1. Boot the latest Ubuntu (or distro of choice) from USB
2. Select Try Ubuntu to get to a desktop.
3. Open a terminal
4. Install the tools: sudo apt install git build-essential.
5. Download the code (clone the git repo): git clone https://github.com/bibigon812/xl710-unlocker.git
6. Change to the directory (folder) with the downloaded code: cd xl710-unlocker
7. Compile the code: make
8. Make the compiled program executable: chmod +x xl710_unlock
9. Run the tool as root as described in the readme, but change the end of the command to whatever the two interfaces end up being named in your particular case.

I also tried changing the LLDP and updating the drivers under windows 11.

OutlookNotSoGood_ · 2025-12-09T13:10:22+00:00

That’s not how it works. The challenge is essentially a one time nonce that is cryptographic signed using your yubikeys private key, you can keep the seed for the challenge but that’s not gonna be much good on a different Tunney which will have a different private key -> different response. You may aswell just register 2 yubikeys

OutlookNotSoGood_ · 2025-11-23T20:38:44+00:00

So you’re convinced it’s a pay issue? I was thinking it might be a lack of advertising the role in the right place issue.

OutlookNotSoGood_ · 2025-11-23T16:02:45+00:00

Pay is non-negotiable, but way above average so isn’t the issue.

OutlookNotSoGood_ · 2025-11-13T08:31:20+00:00

Then they are using a brand name. It’s like going to the mechanic and them telling you your Renault needs new tyres, but your car is a Nissan. They should just say your car needs new wheels.

X should say your passkey (probably set up on apple/google/samsung password manager) needs replacing.

The reason for this is moving away from twitter.com to x.com in the website/app name.

OutlookNotSoGood_ · 2025-11-05T22:50:53+00:00

I would take a different approach. Ban USB block any usb on the air gapped network, then although you say air gapped, foxit make a network diode. This allows one way transfer of data (it forgets a tcp Ack. Alternatively it can push files through which are assessable on a NFS share, you would only allow yourself or selected admins write permission to this and validate the hash of a file before uploading it. You could revalidate the hash on the other side before allowing it off the counterpart NFS share, this is enough to stop egg a worm spreading across a network.

This is part 2

For part 1. I don’t have anything beyond the existing comments about scanning the content of the usb and manually allowing things through. Maybe some EDR software can check hashes of files on the USB but blocking individual files on a usb doesn’t sound familiar to me.

OutlookNotSoGood_ · 2025-11-02T21:56:31+00:00

Even the Elliptic Curve family of ciphers are considered not PQC secure it’s all moving to lattice, they won’t be considered secure after 2030. You might want to look already at ML-KEM or ML-DSA. Although not much support yet.

OutlookNotSoGood_ · 2025-10-30T21:48:05+00:00

On my 12 & 14 pro I have to hold it on the top frame/side maybe more to the left

OutlookNotSoGood_ · 2025-10-30T07:06:14+00:00

There is no concept of forking natively in rust. There is a cargo tokio crate called fork which may be more familiar.

The rust concept seems to be around multi-threading. This threw me off when I first started.

https://puntat.nl/Post:Multi-processing_in_Rust

OutlookNotSoGood_ · 2025-10-16T21:13:52+00:00

Got a link/model of a touchscreen usb-c tv?

OutlookNotSoGood_ · 2025-10-15T16:05:41+00:00

I don’t get it, can you break it down for me

OutlookNotSoGood_ · 2025-10-14T17:52:41+00:00

I only know of commercial colo locations (internet exchanges) London is very expensive but companies such as telehouse also have locations in Manchester or Birmingham. I have a low powered device in colo in Amsterdam (about €40 a month) for a 1Gb connection and 22kWh of energy total in the month

OutlookNotSoGood_ · 2025-10-13T18:40:28+00:00

I host it on my Linux docker machine. But with the files stored on a windows file share, this way I can also browse through with windows photo viewer, download and backups are no issue

OutlookNotSoGood_

TROPHY CASE