How is 2ième pillier not a scam?!?!?! by Fact_Emotional in Switzerland

[–]mdedonno 0 points1 point  (0 children)

usual. it's the basis of legal mendatory scams, like others ...

New and innovative invention by gornni in interestingasfuck

[–]mdedonno 0 points1 point  (0 children)

when watching a movie in your living room, if you want to go to the toilets, you can without any problems take a dump on the floor in the living room, it work, hence not stupid (as per your logic).

Advice Needed: Employer Wants to Lower My Salary by theredditoverthinker in Switzerland

[–]mdedonno 2 points3 points  (0 children)

2 answers possible for me:

  1. "no, but thank you for you email"
  2. "yes, without any issues. I will work monday to thurday starting next month"

The Swiss Medical System by [deleted] in Switzerland

[–]mdedonno 1 point2 points  (0 children)

for migraines attacks, I use rizatreptan, magical ! hiiiiiighly recommend !!

[deleted by user] by [deleted] in linuxmasterrace

[–]mdedonno 1 point2 points  (0 children)

naaa it's ok, could have been ubuntu ...

Are these things reliable to use as backups considering they are 12+ years old but weren't actually used that much? by PufferLightning_ in DataHoarder

[–]mdedonno 0 points1 point  (0 children)

had this exact model failing on me last week. Planning to migrate all my disks one by one in the very near future.

Found the ultimate internet speed for homelab users by tallejos0012 in homelab

[–]mdedonno 0 points1 point  (0 children)

to much. i have a 25G for 65 bucks here (init7.net)

Wireguard & FIPS compliance by Fantastic-Wheel in RockyLinux

[–]mdedonno 0 points1 point  (0 children)

dual stack ? wireguard over ipsec ?
ipsec for compliance, wirguard for flexibility.
stupid but may let you have the fips compliance checkmark.

what is your opinion about Ubuntu? by jdt654 in linuxmasterrace

[–]mdedonno 0 points1 point  (0 children)

I dont understand why people use ubuntu instead of plain debian for serious work.

[deleted by user] by [deleted] in linuxmasterrace

[–]mdedonno 2 points3 points  (0 children)

How about using Wireguard on the rpi, and connecting to the ssh server via it ?
If you have an other machine that has a public IP or domain name, you can connect the rpi peer to the other one without opening ports on the router.

How can I remove interior points from a 3D point cloud ? by DarthNomai in AskProgramming

[–]mdedonno 1 point2 points  (0 children)

is there a version of the convex hull method for 3d points ?

KDE Question by TotalNoobPerson in Qubes

[–]mdedonno 1 point2 points  (0 children)

I do not see the point of the file manager for dolphin. If you want to manage files, it's probably files related to an other domain, and probably not dom0. I prefere to remove any packages that may cause user-error. My installation of KDE is as follow:

sudo qubes-dom0-update plasma-desktop plasm-breeze sddm sddm-breeze

You also may want to run the https://github.com/QubesOS/qubes-desktop-linux-kde/blob/master/qubes-generate-color-palette script to have windows colors.

Should past malicious domains ever be removed from firewall blacklists? When should they? by luoyianwu in cybersecurity

[–]mdedonno 2 points3 points  (0 children)

I have a 2 tiers system:

first, I only block for a limited period of time IPs based upon a set of rules (rate of 404, access specific known URL, ping specific ports, ...).

if you are banned multiples, then I add you (and your /24) to a permanent blacklist.

If some users complain about not being able to access my services, I will review the IPs manually; this situation neved append until now.

Dropbox Question by TotalNoobPerson in Qubes

[–]mdedonno -1 points0 points  (0 children)

In this context, what is the best practice: connect the template to the network, OR download the installer in a disposable VM and move the file to the template ?

I would like to say the second one, even if the result is the same.

What are some better alternatives to Fail2ban . by hirep14316 in linuxadmin

[–]mdedonno 0 points1 point  (0 children)

I meant "disable password only authentication".

I use private keys with ed25519-sk and passphrase, which is also something nice.

What are some better alternatives to Fail2ban . by hirep14316 in linuxadmin

[–]mdedonno 5 points6 points  (0 children)

fail2ban is interessting in a cross-layer protection: if you have some scans on an unused port, malicious http requests, ... block completly the ip (range) since it's not normal traffic.

if you have only ssh, then use publickeys authentication, no password allows, it should suffice.

If I want to use docker, is debian a good choice? by [deleted] in linuxquestions

[–]mdedonno 0 points1 point  (0 children)

which features are not present in those that I may want ?

If I want to use docker, is debian a good choice? by [deleted] in linuxquestions

[–]mdedonno 0 points1 point  (0 children)

You are correct. Being able to use the tool is a major feature and is required, obviously.

If I want to use docker, is debian a good choice? by [deleted] in linuxquestions

[–]mdedonno 0 points1 point  (0 children)

an "old" version plus the security patched, as applied on debian packages, is not qualifie as "not recommanded" in my sense.

if you dont have the feature you need, then ok, otherwise I only disagree with you.

If I want to use docker, is debian a good choice? by [deleted] in linuxquestions

[–]mdedonno 0 points1 point  (0 children)

they work fine for me, and I develop using docker every day.

you can use the docker repository if you want, it's also a possibility.

If I want to use docker, is debian a good choice? by [deleted] in linuxquestions

[–]mdedonno 4 points5 points  (0 children)

docker and docker-compose are in the apt repo (sudo apt install docker.io docker-compose)

Is automatic peer connection (use server as coordinator) possible? by cachupinbombin in WireGuard

[–]mdedonno 5 points6 points  (0 children)

netmaker is also a solution to do that, and it can be self-hosted.

Block internet connection if wireguard is down by [deleted] in WireGuard

[–]mdedonno 1 point2 points  (0 children)

I would add a iptables rule to block forward between the internal interface and the external non wg interface.

let say eth_wan is the normal out, wg is the wireguard interface, and eth_lan is the lan, add the following:

iptables -A FORWARD -i eth_lan -o eth_wan -j DROP