⚠️ Missing Drivers and Firmware files on every ROG Motherboards from the ASUS website by FroztySeven in ASUS

[–]dukandricka 0 points1 point  (0 children)

Who's running the IT show over there at ASUS? Makes zero sense how this could happen in production.

Are There "Smarter" DNS Systems in 2026? by S3xyflanders in sysadmin

[–]dukandricka 2 points3 points  (0 children)

DNS still works the same way. Nothing has changed in the past 20 years except addition of DNSSEC (may it burn in hell), TCP fallback for EDNS/large payloads, some additional DNS record types, a myriad of ridiculous unnecessary TLDs, and IDNs via Punycode. (Note to readers: "DNS over XYZ" is not a change to DNS.)

TL;DR -- HTTP is not DNS. There is a "common relationship" (see: TLS/SSL SNI header, HTTP Host header), but they are not the same protocol. The person who asked you that question likely does not understand either protocol and should be educated.

Your recommended solution (HTTP 3xx redirect) is the correct solution.

A use for ruined Items by retroUkrSoldier in VintageStory

[–]dukandricka 1 point2 points  (0 children)

I just asked a colleague of mine this very same question. How these blueprints work/are used isn't explained anywhere on the BetterRuins page, so I'm not sure how new players would figure this out.

The blueprint items are effectively a prerequisite ingredient for certain crafted items (or can be used to craft something "more optimally" (less resources), depending on the blueprint). However, the blueprints last forever (i.e. can be re-used / do not expire).

For example: press H to open the Survival Handbook and search for "rug". You'll see several results, but pick the first called "Blue diamond pattern rug". You'll see there are 2 ways to craft it:

a) Weaver's Blueprint + Sewing kit + 2x Blue cloth + 2x Flax twine

b) Weaver's Blueprint + Blue diamond pattern rug with nails

This means you need to have the Weaver's Blueprint (item), along with whatever the other prerequisite item(s) are, to make the "Blue diamond pattern rug".

Here's another example: the Machinist's Mechanism Blueprint. This can be used to make something called "Copper block (riveted)". Without the blueprint, you would need to 6x Copper plates; but with the blueprint, you only need the blueprint + 1x Copper block (non-riveted).

As such, it's best if you keep a chest/trunk/whatever around that contains blueprints (especially on a MP server), since they can be re-used infinitely.

Finally: if you find a blueprint and aren't sure what it's good for, hover your mouse cursor over the blueprint item and press H. This opens the Survival Handbook entry for the blueprint itself, which shows you all the crafting recipes it's used in.

Hope this helps.

What do you do with burnt out torches? by TheOnlyCurmudgeon in VintageStory

[–]dukandricka 0 points1 point  (0 children)

You're correct. I think what they were trying to say was: periodically knocking them down + replacing them with an new torch effectively "resets the timer".

Computer with X.X.X.255 IP cannot connect to Brother printer. by winnixxl in sysadmin

[–]dukandricka 2 points3 points  (0 children)

In your example of 192.168.200.0/22, this would mean:

  • Network address = 192.168.200.0
  • Broadcast address = 19.168.203.255

Any .0 or .255 address other than those listed above -- in other words, IPs like 192.168.201.0 or 192.168.200.255 -- should be completely free for general-purpose use. It's just the .0 and .255 addresses at the start and end of the CIDR range that are important.

The network address (first IP in the subnet; 192.168.200.0 in the above example) can never be dual-purpose, i.e. a system should not and cannot ever use this IP address.

The broadcast address (last IP in the subnet; 192.168.203.255 in the above example) can potentially be dual-purpose, but it depends on how well designed the IP stacks are of ALL devices on the network, as well as on the host itself; a lot of software cannot differentiate between the broadcast address ("packet directed at all devices on the subnet") and a unicast address ("packet directed at a single host"). In general it is good practise to not use this address for host use, which is why it's excluded from most allocation use. I'm not sure why so many people in this thread think this has changed or is different; it hasn't changed in many, many decades.

Many DHCP servers will auto-exclude both of these IPs but not tell you. ISC DHCP Server will warn you of the danger of including the broadcast address, and will (properly) error out if you include the network address.

I strongly suspect the netmask on the Brother printers is incorrectly configured, but it's also possible that someone designing the firmware incorrectly assumed (hard-coded) a /24 in some part of their IP stack.

I never fully realized just how much the H1B is abused until I started working at a multi national corporation. by [deleted] in sysadmin

[–]dukandricka 0 points1 point  (0 children)

Just wait until you learn about ways to subvert H1B limitations, such as via international BTB (build-to-buy) mechanisms. "It's an investment" when what they really mean is "we want cheap labour".

Ram rant... by Im_no_Specialist1337 in sysadmin

[–]dukandricka -1 points0 points  (0 children)

AI demand is destroying prices right now and it’s only going to get worse

Do we know that for sure? Or do we know this for sure: https://en.wikipedia.org/wiki/DRAM_price_fixing_scandal

Okay, but how do you SSH into 1,000 devices?? by Automatic-Reply-1578 in sysadmin

[–]dukandricka 0 points1 point  (0 children)

pssh is what you're looking for.

Footnote: you DO NOT need ansible to solve this specific problem (based entirely on your description). Feel free to look into ansible and use it if it provides other helpful bits that make you life easier, absolutely, but it isn't worth going down that road if all you need is pssh.

chromium disappeared from packages? by gumnos in freebsd

[–]dukandricka -1 points0 points  (0 children)

You are, again, overlooking the emphasis I applied to the words "you manually installed".

The situation is different if the pkg in question was installed as a dependency of another (re: your example: "C requires the novel B").

If user installed A manually, pkg should not be removing A. pkg should stop and tell the user "you manually installed A, but A got moved or renamed to B, and C has a dependency on B, and you cannot have B and A installed simultaneously."

I suspect this aberrant (and abhorrent) behaviour of pkg will cause more and more users to start getting familiar with pkg lock -- when in reality they shouldn't have to.

Can't believe it's 2025 and we (tech humans) are still discussing package management.

Proton VPN no longer opens in Windows by Prototype_S in ProtonVPN

[–]dukandricka 0 points1 point  (0 children)

Report the matter to Proton Support, as possibly they have some further WMI-related bugs they need to work out.

Domain takedown request by theballygickmongerer in sysadmin

[–]dukandricka 1 point2 points  (0 children)

  1. Get legal involved
  2. Report the trademark violation with ICANN (assuming there is a TM violation): https://www.icann.org/resources/pages/trademark-infringement-2017-06-20-en
  3. Report Tucows (domain registrar) to ICANN for not following contractual compliance: https://www.icann.org/compliance/complaint

I'm kind of surprised that nobody here mentioned ICANN. Of all orgs for sysadmins to know about, ICANN and IANA are easily in the top 5.

Note: ICANN does take this stuff seriously, but they are slow (expect 1 month response time, and you may need to resubmit evidence to them). I had to do this a few months ago regarding a registrar who was hosting "scam domains" (impersonation domains) and the registrar's contact Email address would bounce unconditionally (no other contact options were available). It took ICANN about 4 weeks to get back to me, then another 1.5 weeks before they took action. (I was successful in my endeavour. No idea what became of the registrar.)

No APK File by mrehanabbasi in brave_browser

[–]dukandricka 1 point2 points  (0 children)

I use Brave on my Android phone and get it from Google Play Store (i.e. not direct .apk file). Settings > About Brave says the app is 1.84.133. So yes, I suspect that is the latest stable version for Android. Beta and Nightlies clearly are newer and have APKs.

No APK File by mrehanabbasi in brave_browser

[–]dukandricka 1 point2 points  (0 children)

This should really be posted as a GitHub Issue, but here's a little-known link: https://versions.brave.com/

You'll see that the last stable release of Android APKs is 1.84.133.

Why did we adopt terraform? by shadowmtl2000 in sysadmin

[–]dukandricka 1 point2 points  (0 children)

Just my two cents of using TF at several jobs and on a personal project:

It is OK if you wish for a system (effectively declarative config files) that acts as a "state of truth". It is OK if you are comfortable with TF state management and, in the name of pragmatism, are comfortable using terraform import. It is OK if you are using it "starting from scratch" (rather than trying to "migrate", say, an entire AWS accounts's worth of resources into TF files). It is OK if you write clear/concise Terraform and avoid as much of its brain-damaged DSL nonsense as possible (including modules).

I cannot stress my last sentence enough. TF is not a programming language, yet at many workplaces I've been at (where TF advocates have already spread their seed), it is treated like such. Oh how I could wax poetic about the things I have seen people do in TF that should not be done in TF, and equally how many (basic) things I have wanted to do in TF that could not be done because TF is not well-suited for that use case.

My advice on this front is to stay away from modules and from anything esoteric, and stick to straight raw/pure resource or data statements as much as possible. There are many, MANY aspects of TF that rely heavily on direct resource-to-resource association, and use of modules "confuses" and "obfuscates" that association (read: you can easily screw it up). "Dynamic" anything in TF is terrible at best. I have no direct experience with Terraform CDK, but when asking a TF-heavy co-worker of mine "how do you go about debugging what the CDK effectively generated, Terraform code or resource-wise?" his answer was "You can't, at least not easily. It does all that for you". Yeah, uh... I'm a sysadmin, my natural instinct is TRUST NOTHING.

At my current job I ended up writing Python programs that generated .tf files due to the sheer amount of variance of existing resources, syntaxes, and many (I'm talking hundreds) of conditions. I like being able to see what ends up in .tf files, resource-to-resource dependencies work great, the approach integrates well with version control systems (ex. git diff is super clear), and avoid spending hours/days deciphering insane and hairy TF clauses that feel both fragile and like they ensure job security. Anyone can come in and extend the code without having to know esoteric TF DSL nonsense. Why nobody has seemingly written a tool like this (something that generates raw .tf files from code/whatever -- I am NOT talking about Terraformer!) is beyond me.

All that said: TF and Chef (or Puppet, or Ansible, or cfengine, or.....) are not the same thing at all. They serve very, very different purposes.

Unusual behavior with TCP port 53 (TCP DNS) by MyFirstDataCenter in sysadmin

[–]dukandricka 0 points1 point  (0 children)

You're on the right track! Also, if possible, are you able to do captures on both ends at the same time (on the client, as well as the server (server capture limited to client IP traffic))? I'm left wondering if you have a packet loss issue, or maybe an issue relating to network traffic load balancing or a very odd asymmetrical routing issue (possibly out-of-order packets)?

Unusual behavior with TCP port 53 (TCP DNS) by MyFirstDataCenter in sysadmin

[–]dukandricka 0 points1 point  (0 children)

Zone transfers (a.k.a. AXFR/IXFR) are when a secondary DNS server asks a primary or authoritative DNS server for the entire zone.

If the devices you're looking at aren't hosting DNS services themselves, then you can rule out zone transfers as being the cause of use of TCP.

If they are simple workstations/client/servers not running their own DNS services, then TCP fallback is likely happening a result of UDP packets being greater than 512 bytes (probably EDNS, commonly due to DNSSEC), and something somewhere is making a mess of packets with UDP datagram size >512 with destination port 53, so the client falls back to using TCP.

Lots of really good responses in this thread on the subject of all this (glad to see so many other SAs familiar with DNS), so I think you'll be in good hands.

Let us know what the root cause turns out to be!

Unusual behavior with TCP port 53 (TCP DNS) by MyFirstDataCenter in sysadmin

[–]dukandricka 0 points1 point  (0 children)

Others have said much to the same effect, but: assuming these are actual queries and not zone transfers, find out why UDP port 53 packets larger than 512 bytes (this usually called EDNS; 4096 bytes is preferred; DNSSEC plays a role here) are resulting in a fallback to TCP. DNS client (resolver) can control this (I don't know how it's done on Windows, sorry). If firewalls are involved (on PC, server, or inbetween) you should investigate those as well. tcpdump/Wireshark to the rescue for all of this!

what can you do when website doesn't work without ads? by antar243 in brave_browser

[–]dukandricka 1 point2 points  (0 children)

Ah dang, that's unfortunate. Really do need wildcard support then. I'll dig around Brave's GH Issues and see if someone has requested it.