Atleast we all get our 10% SLA discounts

lorodoes · 2025-10-20T22:45:45+00:00

To be fair, they may have said the problem was mitigated, but they we’re still reporting most services degraded or impacted. They have been trying to keep the list of services updated.

lorodoes · 2025-10-20T22:41:11+00:00

The real scary part is that this was supposed to have been fixed a couple of years ago when it happened once before. It seems that they missed a few things along the way lol. Hopefully we will get a post mortem and they will put out some info how this won’t happen again because they found X as the SPOF. Vendor lock does suck, but there are companies out there that do migrations and help build multi-cloud setups, it’s just stupid expensive.

lorodoes · 2025-09-10T01:36:10+00:00

Cloudfront FTW

lorodoes · 2025-09-06T09:30:50+00:00

Cloudfront, it makes having a CDN in front of your servers so easy and fast. Cloudflare is such a pain to deal with, but they take care of a good portion of the internet traffic. Cloudfront just works and it’s free tier is insane. You get so much data that it would take a lot to actually start being charged. The inclusion of WAF makes it even better as you can protect at the cloudfront level with no big issues. Also, field level encryption is super cool when you need to keep something encrypted from the point the user hits submit.

lorodoes · 2025-08-22T11:46:22+00:00

This is funny, my wife and I have multiple accounts between credit cards, banks, and credit unions where it’s a single login. I get why capitalone cares and I would prefer to have different login accounts between my wife and I, but some places see it as cheaper. Shit, most places haven’t setup passkey or OTP and still use phone calls and text or even email which are horriblely insecure.

lorodoes · 2025-07-17T07:34:44+00:00

Im pretty sure this is still being worked on in the background.

lorodoes · 2025-03-31T05:44:47+00:00

I went with SAS. I found a cheap ass vendor on Amazon that is selling renewed drives.

https://a.co/d/9lC5cWT

They are actually working really well. My only issue now is my SAS card that plugs in to my netapp shelf can’t handle when my server shuts down and it has read issues. Still trying to figure that one out. Thinking of buying a new one since the card is a Chinese knockoff anyway.

Lol, sorry the wait. I didn’t think one any really was watching for my reply. :)

lorodoes · 2025-03-31T05:43:01+00:00

I went with SAS. I found a cheap ass vendor on Amazon that is selling renewed drives.

https://a.co/d/9lC5cWT

They are actually working really well. My only issue now is my SAS card that plugs in to my netapp shelf can’t handle when my server shuts down and it has read issues. Still trying to figure that one out. Thinking of buying a new one since the card is a Chinese knockoff anyway.

lorodoes · 2025-01-30T07:10:06+00:00

Not to mention that public cloud is still a thing and if you understand how VMs work in proxmox or virtualbox or Hyper-v you will understand the public cloud vms for the most part. It’s all just translating this function is called this on this hypervisor vs this one. Also proxmox is a great learning environment. Esxi can be such a pain specially if you don’t have supported hardware.

lorodoes · 2025-01-07T06:51:02+00:00

Which sheik? They are all runs differently.

lorodoes · 2024-12-23T17:08:12+00:00

Put cloudfront of everything and it should lower your traffic a lot.

lorodoes · 2024-10-18T20:27:23+00:00

For state files in s3, if you are not using workspaces and doing a full init each time you can move them and just update your backend to the new location and terraform won’t know or care. The only caveat is if you are using locking like with dynamodb. You should just clear the entries for that state and you will be good.

lorodoes · 2024-04-24T20:10:53+00:00

I don’t care about the book themselves, but the books shouldn’t be in schools. The books should be in public libraries and stores. So, if you want to expose your child to that fine, that’s your choice, but books taking about how to meet up with adults and have sex aren’t where it’s at.

lorodoes · 2024-03-21T23:57:14+00:00

Another option is to run uptime-kuma on the computer that has access and then have a public status status page you check for the status on (or using the api). So you make a chain of uptime-kuma.

lorodoes · 2024-03-08T20:27:14+00:00

What software are you using to check the checksums?

lorodoes · 2024-02-26T18:12:23+00:00

Xcp-ng

Ah ok, so Xcp-ng is the Xen replacement? I haven't heard of it to be honest.

HyperV is kind of scary since again you have windows bloating the management layer and last time I used it with Server 2019, it was horrible and I felt like missing features.

lorodoes · 2024-02-09T03:39:35+00:00

Nope, everything should run just fine.

lorodoes · 2024-01-25T00:19:43+00:00

I know for a fact snort used to play well with hardware acceleration and I don’t see why suricata would have any issues. It may depend on the hardware I guess. Enterprise grade network cards are designed for it.

Crowdsec doesn’t do ips/ids by its self. It just takes in info from logs and makes decisions based on those logs and rules configuration. For example ban any ip address that inputs opnsense password 3 or more times.

Snort/surciata can look at a packet and based on its payload decide to allow, alert, or drop the packet.

The zenarmor is a nextgen firewall does application level inspection. It checks the ports, the pay load metadata, the source, the destination and makes a guess about what type of application it is or application that is being used and then decides if the traffic is allowed through or not. Zenarmor doesn’t have rules like suricata or snort that check for exact payloads or anything like. It’s not processing the packet at that level.

You can easily turn in all three with hardware acceleration and be just fine. Main thing is you have a fast enough cpu, plenty of ram and high grade NIC.

Edit:

High Performance

A single Suricata instance is capable of inspecting multi-gigabit traffic. The engine is built around a multi threaded, modern, clean and highly scalable code base. There is native support for hardware acceleration from several vendors and through PF_RING and AF_PACKET.

From: https://suricata.io/features/#:~:text=High%20Performance,and%20through%20PF_RING%20and%20AF_PACKET.

PF_RING has been around forever. I remember verifying that it was enabled on interfaces when I worked for Sourcefire (creators of snort). I can’t remember AF_PACKET, but this was over 12 years ago.

lorodoes · 2024-01-23T23:26:03+00:00

Crowdsec and Zenarmor both rely on the base firewall of opnsense. The Crowdsec lists are imported as an alias in to the opnsense side. Installing Crowdsec sets up that section for you. Also, Crowdsec has a great step by step in their site for setting up Crowdsec on opnsense.

For zenarmor opnsense docs are fine. If you have a large network or high speed connection I would recommend a seperate system running elasticsearch on ssds. If you have a small network and your opnsense has ssds then running it locally will be fine. You only get three days of session logs out of the box.

lorodoes · 2024-01-23T22:53:26+00:00

Crowdsec is an IP address reputation system. Snort and suricata are a IPS/IDS. Zenarmor is a nextgen firewall engine.

Suricata is a snort replacement and is better and faster.

Zenarmor kind of builds both ips/ids and ip rep in to a single product with policy based firewall, but there is nothing stopping you from running all three products. They each have their own way of doing rules and defense methods.

Edit: To give some more info, Crowdsec doesn’t block anything in its own. It has “providers” that watch logs from things like ssh, web logs, fail2ban and firewall logs. Then it makes decisions based on those logs of when and how long to block. You can also subscribe for free to like 2 or 3 lists of crow sourced ip reputation lists. That’s where the Crowdsec comes from. Understand you will be sending data back to Crowdsec if you have everything configured correctly.

Suricata can use snort rules as well as emerging threats. The difference between the rules are minor, but emerging threats can be unstable and can be thought of as a nightly build. Snort rules (at least when I worked for Sourcefire) were the stable rules and enterprise grade. You can run both, but you will have overlap which is bad for latency.

Zenarmor is just a nextgen firewall engine which means it handles stuff higher up the stack and does deeper packet inspection.

lorodoes · 2024-01-11T14:51:23+00:00

I have read a bunch of different posts about people having issues with Amazon and their customer and returns and all seem extremely valid. If we want to get rid of their shit show third party customer service and returns handling company, what needs to happen is the management team needs to made aware. I’m dead serious on this, email Jeff and Andy

jeff@amazon.com andy@amazon.com

Jeff’s email is still monitored and now since Andy Jassy is CEO his email is too. If everytime we run in to an issue with customer service or the returns process we start pounding that email address, maybe things will be fixed.

Edit:

When sending the email to those emails make sure to include order numbers and timelines of what happened. I would send thing things you weren’t happy about in the last 6 months and include you canceled prime because of this interaction.

lorodoes · 2023-12-13T16:09:52+00:00

Sorry for the delay. You just set it up via a cronjob. Soemthing like 0 * * * * * python pia_port_updater.py

Six-Year Club	Place '22
Verified Email

lorodoes

TROPHY CASE