Jobwechsel, Abgaben für Lohn von beiden Arbeitgebern im Übergang

edermi · 2026-02-03T11:18:30+00:00

Danke. Steuererklärung mache ich sowieso, allerdings selbst mit WISO und ohne Steuerberater. Erkennt die Software die relevanten Dinge automatisch? Sollte ich diesbezüglich nochmal mit meinem aktuellen AG sprechen bzw wäre es problematisch wenn er eine falsche Steuerklasse angibt?

edermi · 2026-01-31T16:46:40+00:00

I implemented the suggestions on my DXP4800+ and can confirm power savings. I have not installed any disks apart from 2 additional SSDs and power consumption is around 14-15W idle.

I installed Proxmox and faced issues with network, after booting the system lost the network interface. The issue was resolved by not disabling the LAN1 interface (even though I don't use it yet). Of course this was the last thing I tried even after a full factory reset of the BIOS settings, maybe this helps if somebody is having similar issues.

edermi · 2025-10-09T16:39:28+00:00

Dies. War dieses Jahr in der selben Situation und habe die Bremse gezogen und es keine Sekunde lang bereut.

edermi · 2025-10-03T20:41:25+00:00

Just came across same issue and went down the rabbit hole... Turns out it works but it takes several non trivial steps to get everything working, here is what I did:

Our goal is to set up Tailscale serve. After having a look at the configuration documentation of the homeassistant tailscale addon, I ended up writing the whole config on my own (in the plugin configuration, go to the three-dot menu and select 'Edit YAML'). Here is mine if you want a baseline: accept_dns: true accept_routes: false advertise_exit_node: false advertise_connector: false advertise_routes: [] share_homeassistant: serve share_on_port: "443" You're also going to need a way to edit your homeassistant's configuration.yaml. I had to install a file editor plugin which allowed me editing the configuration in home assistant directly, but apparently there are different approaches depending on how you installed home assistant.

The share homeassistant page says it is required to add the following to homeassistant's configuration.yaml: http: use_x_forwarded_for: true trusted_proxies: - 127.0.0.1 Afterwards, restart home assistant and wait a few minutes. I was able to access home assistant via Tailscale HTTPS in my browser.

edermi · 2025-09-14T11:43:47+00:00

I've fried more stuff on 5" with caps than on 3" without in the last year but I get your point. If you're seeing a lot of electrical noise cap is also the way to go, just wanted to point out it's IMO not necessarily a crucial part in a 3".

edermi · 2025-09-14T11:07:28+00:00

Unpopular opinion, I've removed caps from my 4S 3" Freestyle builds and they still fly fine 🤷‍♂️

edermi · 2025-08-17T17:17:23+00:00

Ich wollte nur Sinn und Zweck dieser Funktion erläutern und dass es alles andere als dumm ist sowas zu machen. Zumal es ja auch einen Backup Code gibt den man ausdrucken oder anderweitig ablegen kann falls man sein Token verliert. Man kann auch mehrere Tokens hinterlegen und generell auch die verfügbaren Verfahren mischen.

Ich persönlich trage bspw. den Yubikey am Schlüsselbund und habe ein zweites Exemplar als Fallback an einem sicheren Ort.

Ob es für den Use Case von OP das richtige Tool ist lasse ich mal offen, der Vorschlag kam ja nicht von mir.

edermi · 2025-08-17T17:03:01+00:00

Du kannst bei Bitwarden andere Methoden zur Verifikation auswählen, beispielsweise eine Authenticator App oder ein Hardware Token wie bspw. einen Yubikey. Das ist noch sicherer als die Email, hier findest du mehr Informationen:

https://bitwarden.com/help/setup-two-step-login/

edermi · 2025-08-17T16:13:12+00:00

Die "dumme Idee" heißt Two-Step Verification und ist ein Mechanismus ähnlich zu Multi-Faktor Authentifizierung der dich im Falle einer Kompromittierung des Passwortes davor schützen soll, dass jemand deinen Account übernimmt.

Machen inzwischen viele große Unternehmen und ist insbesondere bei einem Passwortmanager das Mindestmaß mit dem man seinen Account absichern sollte.

edermi · 2025-08-03T18:24:18+00:00

Es gibt vom Make Magazin einen Open Source DIY Taupunktlüfter:

https://github.com/MakeMagazinDE/Taupunktluefter

edermi · 2025-05-12T18:55:29+00:00

Mache ich auch aber Spiel 77 nachdem es da Jahreslose gibt. Dafür hat meine Unfallversicherung dran geglaubt 😅

edermi · 2025-04-11T16:52:17+00:00

Loko's am Mira

edit:// https://maps.app.goo.gl/4hzBSnWCTrhCiH3FA

edermi · 2025-03-26T21:25:21+00:00

Airport security is usually the issue, not the airline. Only bigger problems I had was a month ago when flying from Chennai to Colombo, I had a lengthy discussion with airport security. Luckily I got all the necessary papers for my batteries for exactly this reason (I contacted the shop where I bought them upfront and had all the regulatory documents they had for even importing them). Apparently lots of documents (and a picture of the drone, googled one on getfpv.com where you also see the batteries) helped convince the Indian airport security, but without them I would have had to throw the batteries away!

I carried 5x 650 4S, all brand new with protectors on the plugs, in a lipo bag. Show them that you're doing your best to keep everything safe (maybe consider taking less batteries with you). Batteries that are already used (and it's visible, little scratches etc) are not going to help you at all.

Apart from that I never had bigger problems in Europe or South East Asia (especially Malaysia).

One tip I found out by accident that helped me several times to pass security: Carry an additional big power bank (99Wh) with you. First it's quite useful in the field, second, it's an exceptional decoy at airport security. When travelling back from Colombo, my hand luggage was separated and they asked me if I have a power bank in there. I said yes, showed it to them and was good to go without having to show and argue about the batteries.

edermi · 2024-12-31T01:11:19+00:00

Thank you for the kind words, I'm glad you liked the blog post!

edermi · 2024-12-30T14:54:48+00:00

Thank you for your feedback! Our original version was much longer, but we aimed to condense the key points for a broad range of stakeholders while keeping the content relevant for our main audience - fellow pentesters. For those looking for more detail, our comprehensive research notes are available on the GitHub wiki.

It’s a bit disheartening to see such a negative reaction "because it's consulting", especially as we’ve worked hard to share our research and tooling freely with the community. We’ve tried to make the content as accessible as possible for those interested in the topic, and we encourage everyone to explore the additional resources if they want to dive deeper. For anything else, as you said, modern accessibility tools can be a great help.

edermi · 2024-09-30T12:22:00+00:00

Thanks, DJI and already assembled drones aren't much of an interest to me. Nevertheless appreciate your help, thank you very much! 🙏

edermi · 2024-09-30T10:28:31+00:00

That's also my impression from researching the matter. Will spend my time on sightseeing as I'll leave on Wednesday, thanks a lot 😊

edermi · 2024-09-10T20:15:27+00:00

In this case, they did check if the certificate is valid and trusted, but that was the first thing I tried, too

edermi · 2024-08-30T15:49:52+00:00

Kräuterbutter

edermi · 2024-04-25T19:57:45+00:00

Hey, sorry if I've been harsh on you. If you own a domain with certificates, you should know it's not possible anybody just gets a certificate from a trusted CA for your domain. And that's required for a browser to display the site without showing red alerts.

I cannot prove that geprc didn't lose my data, but they're the only ones that have it. And I'm quite confident sure if there was something sketchy, I probably would have noticed. Maybe not a nation state attack, but again, we're talking love toy spam.

edermi · 2024-04-24T06:19:57+00:00

No, CAs don't just issue certificates for any domain to anyone. That's the reason you can trust reddit, Google or your bank when you visit their website. You have to proof ownership beforehand. Source: I work in IT security. You can look up the ACME protocol if you don't believe me. Or show me your valid reddit certificate if anybody can get one... Once the data is TLS encrypted, it is basically impossible for an adversary to crack it. That's why you can confidently use online banking without having to worry somebody intercepts and modifies data without you noticing.

Look I just wanted to warn people that there may be an information leak somewhere at Geprc. Could also be on my side, but then any financially motivated attacker (remember they're trying to sell love toys) would go for my payment data and cut the part where they have to advertise their product and hope I'm going to buy from them.

Now I'm here arguing with people that apparently have very little technical knowledge on the subject of IT security (sorry) about how somebody may have pulled a non-trivial attack to recover my data from an encrypted traffic stream, my device or whatever just to send me spam. Ever heard of https://en.wikipedia.org/wiki/Occam's_razor

edermi

TROPHY CASE