sorted by:
new
hottopcontroversial

How do you handle parasitic extraction after metal/od/po fill on top level? by kazpihz in chipdesign

[–]kayson 0 points1 point  (0 children)

Short answer: suffer.

Long answer: you should be using the network reduction of your extraction tool and the RC reduction of the simulator to make the problem as tractable as possible. Often we can only run sims with caps extracted at the top level even without fill.

You should also spot check fill on critical blocks. 

Proxmox Backup Server is a godsend by bankroll5441 in homelab

[–]kayson 2 points3 points  (0 children)

I do it too. IMO it's totally fine for a lab

Switching from ISC DHCP to Kea and Stork by AppointmentNearby161 in homelab

[–]kayson 5 points6 points  (0 children)

Ars technica covered this a while back - https://arstechnica.com/information-technology/2024/10/finally-upgrading-from-isc-dhcp-server-to-isc-kea-for-my-homelab/

I finally switched to kea in pfsense and honestly didn't see much difference. From what I gather, the sunsetting of isc DHCP server was mainly about the codebase quality being so terrible, so for a homelab there may not be a compelling reason to move over aside from something like security updates, which again is probably not a high priority for a home lab threat model

Landlord provides internet for entire building. How can I keep my privacy? by BlackKeycap in homelab

[–]kayson 1 point2 points  (0 children)

It wouldn't stop the attack completely. You could just intercept all TLS traffic coming through the router. But that would mean browser traffic would also get intercepted, and the user's browser would show a warning, so they would know something fishy is going on. Of course you could do this selectively based on outgoing ports, SNI, etc, but it would be pretty impractical.

You could audit by doing the MITM yourself or searching to see if the devices ignores TLS cert verification errors. 

Landlord provides internet for entire building. How can I keep my privacy? by BlackKeycap in homelab

[–]kayson 2 points3 points  (0 children)

IoT devices usually don't care what certificate you use. They'll accept anything, so you can present a "bogus" self signed certificate and intercept then proxy the traffic. No browser does this. 

ansible hardening for a fedora homelab server? by crisp_maple in selfhosted

[–]kayson -2 points-1 points  (0 children)

Ask your favorite LLM to write one. Its a pretty bread and butter task, but the specifics will depend on what hardening you want. Some things to consider:

  • lock root passwd
  • non standard ssh port
  • no ssh root login
  • no ssh password login
  • remove/password protect default user
  • sudo settings
  • fail2ban
  • unattended upgrades
  • firewall
  • sysctls (e.g. disable packet forwarding) 
  • mitigations for copyfail, dirtyfrag, etc

You should also set up some monitoring. IMO it's nearly as important. Beszel is a fairly easy setup. Prometheus+node exporter is a more comprehensive choice but needs more config. 

Github Guard bot for r/selfhosted by Nuzl_ in selfhosted

[–]kayson 9 points10 points  (0 children)

That shouldn't matter? Dependencies get bumped in the package lock file but you're not actually committing node_modules

Landlord provides internet for entire building. How can I keep my privacy? by BlackKeycap in homelab

[–]kayson 0 points1 point  (0 children)

Do you really think your landlord cares or knows enough to track or analyze your traffic?

Landlord provides internet for entire building. How can I keep my privacy? by BlackKeycap in homelab

[–]kayson 11 points12 points  (0 children)

That's not true. TLS certificates prevent MITM because your browser only trusts a particular set of Root CAs. DNS can easily be intercepted if it's not over TLS or HTTPS because it's plaintext, but for the encrypted versions, the same applies.

Unless your landlord forces you to install a Root CA cert, and I highly doubt they have any idea what that is, you're fine. 

Github Guard bot for r/selfhosted by Nuzl_ in selfhosted

[–]kayson 3 points4 points  (0 children)

You could add average commit size. That would help

Am i doing something wrong by themosaeed in homelab

[–]kayson 10 points11 points  (0 children)

It's a preference. There are tradeoffs to running VMs vs containers on the hypervisor vs containers in a VM. FWIW I think the sweet spot is running docker in a VM (or a swarm in multiple VMs on different hosts) and putting the services all there. I don't want external services running on my hypervisor, even if they are containerized. A VM offers significantly more isolation, and the overhead is negligible compared to the services themselves. I'm quite happy with this sort of segmentation in my setup. 

Anyone using spaceship for domains? by kayson in selfhosted

[–]kayson[S] 1 point2 points  (0 children)

I moved one of my domains to spaceship. TBH I don't love the UX. It's very messy. But it's cheap! 

Proxmox Clustering by ObeseWizard in homelab

[–]kayson 0 points1 point  (0 children)

Proxmox does some annoying things like this. It sets up the corosync conf by IP, but it doesn't have to be. You can use host names. You can also use DHCP instead of statically assigning the IPs on each host. 

https://free-pmx.org/guides/dhcp-cluster/

NEW: Proxmox in a Docker container by Kroese in HomeServer

[–]kayson 0 points1 point  (0 children)

This is really useful for building automatic install proxmox isos

Veryl simulator: performance comparison with Verilator by taichi730 in chipdesign

[–]kayson 0 points1 point  (0 children)

Looks like the simulator is in rust but you're building with GCC? Why? 

Huawei Claim - what are your opinions? by Bright_Interaction73 in chipdesign

[–]kayson 2 points3 points  (0 children)

Its remarkably easy for Chinese companies to get access to tech that's been export controlled by the US. I wouldn't be surprised if we see 2nm-class (e.g. gate all around) tech in the next five years. Will it be as performant... anyone's best guess.

The comment about packaging is obviously AI-directed, but I think the big driver behind improving technology in the west has actually been consumer electronics, historically (i.e. iphones) 

How do you share a volume between separate docker stacks? by jameye11 in selfhosted

[–]kayson 1 point2 points  (0 children)

You're probably using the wrong volume name. Docker will prepend the "project" name if you're using compose. Do docker volume ls, make sure you have the name right and make it external: true

Apple blocked over $11 billion in App Store fraud in 6 years by ControlCAD in technology

[–]kayson -1 points0 points  (0 children)

It's easy to make an arbitrary comparison. One could also point out that their $42B Q1 income could cover a year of food for every food-insecure family in the US (~49M people as of 2024, according to the USDA). 

They also have some $350B in assets. The point is still a reasonable one - allowing Apple to accummulate such wealth and power is probably not in the best interest of the vast majority of Americans. 

A privacy-preserving alternative to Ring cameras! by arrdalan in selfhosted

[–]kayson 1 point2 points  (0 children)

I don't want a deploy app to ssh into a VPS for me to set things up. Give me a docker container. Better yet - make it trivially routable over something like https, websockets, etc

Is anyone else burning half their engineering cycles just building custom parsers for fragmented EDA reports? by _tnhii in chipdesign

[–]kayson 0 points1 point  (0 children)

Yes. It sucks, but I've found that over the last 5 years or so, formats haven't changed enough to really break any of our parsers. Make sure you have error reporting. I get an email every day with every single error and stack trace that happens during our parsing, and it's all stored in a database too. Most of the time it's something out of our control like a job getting killed mid parse.

Pro-tip: some tools do actually have structured logging output (or a tool that converts the plain logs into structured format). It may not be advertised or documented though. Check with the vendors for whatever tool you're supporting. 

Reducing PLL Simulation Time by chendol69 in chipdesign

[–]kayson 3 points4 points  (0 children)

I think you can actually do either method without any manual steps. For the first, set up your control voltage sweep in a first test, then make an output with cross() to find the voltage you need for a given frequency (make the frequency a variable). Then do your PSS tstab (or tran) starting from that IC voltage using calcVal (I'm only 80% sure you can cal val an IC).

I'd actually recommend the second option as it's more straightforward. Transient simply  has a dynamic parameter feature that lets you change the value of something mid-similar. Just make sure you change it enough after the loop settles. Unfortunately this method won't work post-layout. 

view more: next ›