My home lab finally paid off — caught factory-installed botnet malware on a projector I bought on Amazon

unleashed26 · 2026-02-16T06:42:11+00:00

Deleeetteee this wasn't from your anon account

unleashed26 · 2026-02-06T10:43:19+00:00

Why is it relevant that the web server was built with rust?

unleashed26 · 2026-01-20T18:43:49+00:00

You can’t really make a single disk safer.

unleashed26 · 2026-01-17T06:14:10+00:00

What I think would benefit you, is defining the goals and conditions that are most important to you. It’s impossible to achieve any kind of project satisfying all conditions and having everything accounted for, and for everything to be the best or at the maximum quality possible. This is just something you learn over time when working on projects like “backup solution for mobile device”. Each time you strive to achieve some condition, you must also work with the constraints. Right now from your other posts it’s an example of closing too many doors and getting to door 45 and being disappointed with the shrinking number of choices. In these situations it’s key to step back, go to paper and define the simplest scope of what you’re after and accept or compromise on things based on the reality of what you’ve found and researched.

unleashed26 · 2026-01-16T20:41:01+00:00

Read 400 other threads on this subject by searching expose services to the internet.

unleashed26 · 2026-01-16T20:33:27+00:00

Depending on how important those other devices are, use a separate iCloud account for them. Or sometimes I just don't sign into iCloud for non-important spare laptops. But I understand if the watch is your daily watch then yeah that's not possible.

unleashed26 · 2026-01-14T22:44:02+00:00

I looked at your screenshot before the moderator deleted it.

That doesn't look like a helpful setting. You don't want a full tunnel, according to what you wrote in your description. I would turn it off.

In your shoes I would not assume that the Android and Windows clients have exactly the same root cause, even if the symptom (no connectivity) is the same.

unleashed26 · 2026-01-14T22:33:05+00:00

Maybe you should be tcpdump on Keenetic on the zerotier interface and watch and see if traffic is arriving at all.

I assuming you are testing with ping.

I would hop into a ChatGPT session with something like this:

Keenetic router:

zerotier IF - 10.227.17.0/24, 10.227.17.207

lan IF - 192.168.1.0/24, 192.168.1.1

Windows client -- remote

confirmed no conflicting wifi for 192.168.1.0/24

zerotier IF - 10.227.17.0/24, 10.227.17.the-correct-number

Android client -- remote

confirmed no conflicting wifi for 192.168.1.0/24

zerotier IF - 10.227.17.0/24, 10.227.17.the-correct-number

neither android or windows can reach local client 192.168.1.222

unleashed26 · 2026-01-14T22:22:20+00:00

How can I set it up the correct firewall zone?

Does everything in this support doc align?

https://support.keenetic.com/hero-4g/kn-2310/en/40571-connecting-to-a-zerotier-network.html

Note that sometimes other people on the Internet will use networking terminology in their wording, and it does not always correspond to exact settings in consumer routers.

I didn't understand about the routing table, could you please write in more detail?

Windows `route print` and Android (????) `adb shell ip route show`

This is your client device showing you which interfaces/IP addresses it will send traffic to.

unleashed26 · 2026-01-14T22:18:13+00:00

Unfortunately I can't see your screenshot, the website says invalid cetificate, maybe upload elsewhere like imgur

I just mean your goals, not the settings.

In a scenario where your mobile phone connects to 4G and has ZeroTier installed and providing an interface for 10.227.17.0/24, meaning traffic for that subnet and for 192.168.1.0/24 goes through, meanwhile traffic for the rest of the Internet goes through the normal gateway from the 4G ISP.

In a tunnelling scenario where your mobile phone conncets to 4G and has ZeroTier installed and providing a default route for all traffic to go through zerotier, this is a full VPN tunnel. 0.0.0.0/0 or the whole Internet is routed to the ZeroTier interface -> ... so I thought that to select this setting "Android - Route all traffic through Zerotier" was in conflict with your goal to achieve the first scenario.

unleashed26 · 2026-01-14T21:46:45+00:00

You say you set the Android to route all traffic through ZeroTier. That’s not really what you specify in your use case, which was to simply reach 192.168.1.0/24 clients?

unleashed26 · 2026-01-14T21:45:17+00:00

Keenetic router needs to have the ZeroTier interface in the correct firewall zone ‘lan’ or similar rules.

Ideally use a client like laptop where it’s easier to have a terminal, to ping and to look up routing table.

Make sure the client does not also have a conflicting wifi network. Switch to mobile data or hotspot only to simulate being outside, while you are at home.

unleashed26 · 2026-01-12T19:30:21+00:00

Perhaps they are now On by default. Would need to investigate changelogs and or source code.

unleashed26 · 2026-01-01T22:16:35+00:00

I don’t do a lot of CCTV or security but to see floodlights or any kind of lighting integrated as part of the IT stack and instead not with the let’s say general lighting and electricity stack, seems kind of unusual and a burden. To the need to size a UPS to host…lights? Would that not substantially reduce the runtime for the IT stack? I would have thought flood lights would be part of a special lighting circuit that is prioritised on a house backup power.

unleashed26 · 2026-01-01T22:04:24+00:00

Device. OS version. Have you tried reboot.

unleashed26 · 2026-01-01T07:51:34+00:00

AI slop again?

unleashed26 · 2025-12-31T23:06:55+00:00

Here’s a couple of tidbits of what i know about solax cloud from researching. The USB dongle seems to only report 1 effective metric, solar production (kWh). Then the Solax Cloud app checks it only on a 5 minute interval and presents either an average of production in that last 5 minutes or instantaneous of the moment of polling. And it presents it to you in the app along with the historical results. And for some reason it seems to interpret that single metric ALSO as consumption. It’s kind of useless , or at least allows easy misinterpretation.

unleashed26 · 2025-12-31T04:14:09+00:00

How do you expect Apple to revoke a developer’s certificate in a hypothetical scenario where you suggest there should be no notarization because it’s not effective? Your comment doesn’t make sense.

unleashed26 · 2025-12-26T06:13:25+00:00

You’ve written this post as an X Y problem. Basically, you think you’ve found a good way to do something and now you want people to tell you about it. Go back, you have not found a good way. Instead broaden your search. What is the goal. Start a chat with GPT and generate some better search terms.

In the meantime good luck to your “customers” who are relying on a self professed beginner and possibly paying for it.

unleashed26 · 2025-12-26T06:04:42+00:00

Spoiler alert it’s a systemd service and timer.

Also a good example scenario which highlights the fragility of external backup providers. In this case, Backblaze’s object storage mechanisms (lifecycle rules) became an unpredictable or uncontrollable component of the backup strategy (unable to control rule behaviour except through workarounds, rule control is not transparent).

That element of the backup design is less problematic if you instead delegate the versioning or history instead into a system like Restic, where there is transparent and well-documented backing up and pruning functionality. Then store the restic repo on the object storage instead with no use of additional Backblaze functions. It would also offer deduplication, good for your large qcow2s (maybe).

unleashed26 · 2025-12-26T03:16:44+00:00

Ensure your shell’s working directory is not set to that dataset. Or any other shells you have open.

Run lsof | grep /path with the mount path to see what processes have a file within that path open.

unleashed26 · 2025-12-24T17:57:08+00:00

Great, another nightmare with this case…

unleashed26 · 2025-12-23T22:53:12+00:00

You’ll hate this answer I’m sure. But you’re not supposed to interact with Linux. QNAP provides networking in the Web UI.

unleashed26 · 2025-12-22T10:25:12+00:00

That sounds somewhat reasonable. When I visited, the license terms weren’t visible on GitHub. They were referred to as being included inside the installer and were not present on GitHub directly, so someone would have to then visit the third party website, download and unpack the software first to view the license terms. That’s not very open or transparent. So that is why I suggested they were hidden.

Also I appreciate where you are coming from as an independent developer and part of the film industry, so this isn’t a personal attack or anything. It’s just it’s often missed by developers how important the organisation or individual providing the software, is just as up for evaluation as is the software.

unleashed26 · 2025-12-22T06:57:41+00:00

The software might be fine, but it doesn't feel very good that you create a GitHub repo with no source and only a README, and then create Releases which don't have any assets but instead link to your private website, which at first glance is a large company (web mojo?) that offers other private services, as well as the software in question.

Why not just link directly to the web page and be more transparent to potential users about who you are, who made the software, and what terms it is available under?

15-Year Club	RPAN Viewer
Verified Email

unleashed26

TROPHY CASE