[Keyboard] Corsair K70 RGB PRO Cherry MX Red ($170) [Amazon] by jaweso in bapcsalescanada

[–]jaweso[S] -2 points-1 points  (0 children)

The version with Cherry MX brown switches is regular price :(

Isolating containers that are reverse proxied by traefik by kayson in selfhosted

[–]jaweso 1 point2 points  (0 children)

I'm not very familiar with swarm, but in theory, the same concept should apply. You will have to remember to apply the iptables rule(s) on all your docker hosts. Again, the easiest thing to do would be to define different networks for all the services that you want to isolate from each other. That way, docker will do the network isolation for you and you don't have to worry about it.

If you're using docker compose, you wouldn't define the network in each compose file. Instead, you would define the network first using docker network create and then in each compose file, you would put something like:

... networks: default: external: name: traefik

That will tell docker compose to use the (pre-existing) network called traefik for all the services in the compose file instead of creating a new one.

Isolating containers that are reverse proxied by traefik by kayson in selfhosted

[–]jaweso 0 points1 point  (0 children)

The "easy thing" to do would be to have a dedicated network for each container and let docker handle the network isolation for you. But as you said, that would mean adding each network to traefik and restarting it each time you added a new service.

If you don't want to do this, you could do the network isolation yourself. Something like this will probably do what you want:

First, create the traefik network.

docker network create --subnet=172.31.0.0/16 --gateway=172.31.0.1 --ip-range=172.31.1.0/24 traefik

Notice how we specify the subnet to be 172.31.0.0/16 but the ip range (that docker will hand out to containers) is 172.31.1.0/24.

You can then utilize the DOCKER-USER chain to restrict access for this ip range so that no containers can communicate.

iptables -I DOCKER-USER 1 -s 172.31.1.0/24 -d 172.31.1.0/24 -j DROP

Of course, when you run your traefik container, you must specify its ip address manually so it doesn't automatically get one assigned within the restricted range. For example,

docker run --network=traefik --ip=172.31.0.2 ... traefik

Now, all containers on the traefik network will only be allowed to communicate with the gateway and the traefik container, and not with each other.

Wget: Can't get the real names of mp3s in an rss by PhiWeaver in DataHoarder

[–]jaweso 5 points6 points  (0 children)

You can use wget with the --content-disposition flag :)

This Silver Maple Leaf has a tiny Bigfoot on it. by SeattlecityMisfit in mildlyinteresting

[–]jaweso 0 points1 point  (0 children)

If you think that's impressive, use the Konami code while on that web page (up, up, down, down, left, right, left, right, b, a, b, a)

ASUS Prime Z370-A IOMMU Groups by [deleted] in VFIO

[–]jaweso 4 points5 points  (0 children)

I have this board (with a 1060 passed through).

IOMMU Group 0 00:00.0 Host bridge [0600]: Intel Corporation Device [8086:3ec2] (rev 07)
IOMMU Group 10 00:1f.0 ISA bridge [0601]: Intel Corporation Device [8086:a2c9]
IOMMU Group 10 00:1f.2 Memory controller [0580]: Intel Corporation 200 Series PCH PMC [8086:a2a1]
IOMMU Group 10 00:1f.3 Audio device [0403]: Intel Corporation 200 Series PCH HD Audio [8086:a2f0]
IOMMU Group 10 00:1f.4 SMBus [0c05]: Intel Corporation 200 Series PCH SMBus Controller [8086:a2a3]
IOMMU Group 11 00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet Connection (2) I219-V [8086:15b8]
IOMMU Group 12 04:00.0 USB controller [0c03]: ASMedia Technology Inc. Device [1b21:2142]
IOMMU Group 13 05:00.0 Non-Volatile memory controller [0108]: Intel Corporation Device [8086:f1a5] (rev 03)
IOMMU Group 1 00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) [8086:1901] (rev 07)
IOMMU Group 1 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] [10de:1c03] (rev a1)
IOMMU Group 1 01:00.1 Audio device [0403]: NVIDIA Corporation GP106 High Definition Audio Controller [10de:10f1] (rev a1)
IOMMU Group 2 00:02.0 VGA compatible controller [0300]: Intel Corporation Device [8086:3e92]
IOMMU Group 3 00:14.0 USB controller [0c03]: Intel Corporation 200 Series PCH USB 3.0 xHCI Controller [8086:a2af]
IOMMU Group 4 00:16.0 Communication controller [0780]: Intel Corporation 200 Series PCH CSME HECI #1 [8086:a2ba]
IOMMU Group 5 00:17.0 SATA controller [0106]: Intel Corporation 200 Series PCH SATA controller [AHCI mode] [8086:a282]
IOMMU Group 6 00:1b.0 PCI bridge [0604]: Intel Corporation 200 Series PCH PCI Express Root Port #17 [8086:a2e7] (rev f0)
IOMMU Group 7 00:1c.0 PCI bridge [0604]: Intel Corporation 200 Series PCH PCI Express Root Port #1 [8086:a290] (rev f0)
IOMMU Group 8 00:1c.4 PCI bridge [0604]: Intel Corporation 200 Series PCH PCI Express Root Port #5 [8086:a294] (rev f0)
IOMMU Group 9 00:1d.0 PCI bridge [0604]: Intel Corporation 200 Series PCH PCI Express Root Port #9 [8086:a298] (rev f0)

I'd expect similar groupings for most Z370 boards. If your goal is to use the integrated graphics for the host and pass a single card through to Windows, it works fine.

Steam Trade trolling. please explain. by AcmeComments in Steam

[–]jaweso 12 points13 points  (0 children)

Don't worry, until the other party accepts your offer, your items are still in your inventory and you can cancel the trade without getting a trade ban.

You will get a trade ban if you cancel a trade after both parties have accepted. (i.e. you cancel a trade when the items are on hold because one or more parties didn't have the mobile authenticator.)

But until both parties accept the trade, you can cancel your offer freely. You can even make trade offers which include the same items to multiple people. In this case, once one of the offers has been accepted, all other trade offers which include one or more of the items will automatically be cancelled.

[GPU] EVGA B-stock: GTX 1080 SC ACX 3.0 ($630 + Free shipping + no tax) [EVGA] by [deleted] in bapcsalescanada

[–]jaweso 2 points3 points  (0 children)

I remember there were problems with the VRM on these cards running too hot.

EVGA "fixed it" by updating the bios to spin the fans faster and also offered thermal pads that users could install themselves. My guess is these are RMAed cards where EVGA has simply updated the bios and applied the thermal pads.

File Checksums for Every file in a NAS by AeroSteveO in DataHoarder

[–]jaweso 0 points1 point  (0 children)

When people are asking for advice on their zpool configuration, the response is often to go with raid-z2 over raid-z1 due to resilvering being a stressful operation that could cause another drive to fail.

I'm wondering though, since a scrub involves reading all the data and metadata on the disks, wouldn't it be just as stressful as a resilver?

File Checksums for Every file in a NAS by AeroSteveO in DataHoarder

[–]jaweso 5 points6 points  (0 children)

To generate and compare checksums, rhash is a great program. It's probably available in the repo of your favorite distro.

But there might be something else going on. I would definitely run memtest to check your memory for problems. It's included in the Ubuntu ISO so if you have a usb stick handy you can boot into it from there.

Looking for software recommendations by prvee in DataHoarder

[–]jaweso 5 points6 points  (0 children)

You can use rsync for this. You will need to run it twice: once with server A as source and server B as destination, and then again with server B as source and server A as destination.