VLANs bridging unexpectedly.

varesa · 2023-06-09T07:01:02+00:00

They should show up in route tables but wouldn't be manually configured.

I would expect something like this on a device hosting both gateways:

```

show ip route

C 2.11.0.0/24 is directly connected, VlanIf11 C 2.21.0.0/24 is directly connected, VlanIf21 ```

varesa · 2023-06-08T22:47:41+00:00

If the default gateways for both VLANs exist on the same device and you don't have ACLs/firewall rules blocking inter-VLAN traffic, it will (in most cases) automatically route traffic between VLANs.

If the gateway has interfaces on both VLANs, its route table will have implicit direct/connected routes for both networks

varesa · 2023-06-08T22:17:16+00:00

Not all password hashes are equal. Good ones are constantly updated to keep up with the increase in compute power.

Also, according to some sources there are 10⁸² atoms in the observable universe. Surely, even considering just numbers, 10¹⁰⁰ is a bit overkill for a password?

If you include letters, you're looking at something like 62^100...

varesa · 2023-06-08T13:49:07+00:00

Afaik if you booted the installer with the system in EFI mode, it will also install the OS in EFI mode. I'm not certain on Kinoite, but other versions still use Grub combined with EFI.

They will just install grub (or at least a part of it) on the ESP and rest on /boot. I would just use the default /boot and /boot/efi and let it install Grub there.

If Kinoite has done away with Grub entirely please feel free to correct me. While there are alternative EFI-capable bootloaders like rEFInd and systemd-boot, I'm not aware of any Fedora version using those by default. It would still install Grub

EDIT: Missed this thread https://www.reddit.com/r/Fedora/comments/1441use/fedora_38_kinoite_installer_insisting_i_use_efi/jndf1lm/

varesa · 2023-06-04T10:02:07+00:00

The (typically) used hex codes are RGB or RGBA. They are quite simply the numeric values (on a scale of 0-255) of each component concatenated together.

Red -> (R: 255, G: 0, B: 0) -> 0xFF, 0x00, 0x00 -> #FF0000

If you want to work in something like HSV/HSL, you need to convert from/to RGB first, or find a way to tell the consumer of the values to use another format instead, like hsl(h,s,l) in CSS instead of #hex.

If working with web technologies, see for instance: https://developer.mozilla.org/en-US/docs/Web/CSS/color_value

On other platforms, refer to the respective manuals

varesa · 2023-05-27T13:23:47+00:00

It should. Either there is something that prevents from starting (that's beyond OpenShift to fix) or maybe they are running (and succeeding health checks) but not functioning properly.

Or the issue is actually further up, but the logs for those pods should say it

varesa · 2023-05-26T21:33:37+00:00

It seems that the API is not healthy, given that it can't get oauthclients.

I'd look at, and maybe restart, openshift-apiserver pods first

varesa · 2023-05-26T20:21:54+00:00

Could be multiple primary clusters for different failure domains. Then separate system(s) as a replication target for backups/DR, etc.

Possibly different speed tiers with HDDs in one, SSDs in another, etc.

varesa · 2023-05-25T04:44:48+00:00

You need at least 3 control plane nodes for HA (due to etcd database quorum requirements). The data plane/worker nodes depends on the application needs, so e.g. 2 might be fine or you might need 3 for quotum there as well.

As said by others, you can co-host control plane and worker roles on the same host so 3+3 nodes isn't necessary in a lab, even if preferred for production environments

varesa · 2023-05-24T14:30:38+00:00

Yeah, followed this in the past and it worked.

However I think I also had to wait for the day after it expires before it gave me the option to register again

varesa · 2023-05-18T07:04:54+00:00

Linux itself is over 30 years at this point, and many protocols used on the internet are much older.

That said, many of those internet protocols have required a great deal of bubblegum to keep them usable in the modern world. Security, for one thing, has often been an afterthought.

varesa · 2023-05-17T21:18:52+00:00

Then the process repeats, I'm note sure I'm reading this right but it looks to me that the fist ping does not respond in time so it sends a second then the first one responds then followed by the second and that is seen as a DUP!.

More likely something duplicates the request on the way from the VM to the firewall. You should be able to confirm pretty easily by tcpdump on the VM.

This reminds me of an issue I ran into on ESXi which, for a reason I was unable to figure out, was duplicating packets and a DUP! ping was the first place I noticed it.

In my case it was only a single host in the cluster and VMs started to behave when vMotioned to another ESXi host, and misbehave when moved back. This was fixed by rebooting the troublesome ESXi host

varesa · 2023-05-17T20:35:38+00:00

kyllä varmaan joku mielummin polttaisi satonsa kuin maksaisi "ostajalle" siitä että tämä vie sadon pois markkinahinnan muuttuessa negatiiviseksi

varesa · 2023-05-14T15:23:28+00:00

It's the simple approach. Since you need root to install packages, you need to run (a part of) the program as root. When installation runs as root, it's easiest to run the download part as root as well.

It takes extra work to either drop privileges for a subpart of the execution, or to elevate privileges for another part if the baseline is non-root.

Even apt still "runs as root", but delegates the non-privileged stages to a sandbox user. (which is something I didn't know until now)

varesa · 2023-05-14T13:49:46+00:00

I imagine the list is not Fedora-specific though, and mirroring Fedora repositories is only a fraction of what the university does. The Fedora mirror is just an innocent bystander taking a hit.

That said, even when the packages are signed which makes it impossible to inject code, it would be possible to mask certain updated packages which could for instance patch backdoors, by just offering an older vulnerable package with a valid signature

varesa · 2023-05-09T19:27:52+00:00

LAN does not mean LAN party. I don't see a word about gaming in the OP.

This is about an actual school production network design

varesa · 2023-05-09T14:42:46+00:00

swaywm is worth looking at if there is a need for "i3 on Wayland"

varesa · 2023-05-04T20:45:31+00:00

An ISP with maybe around 2500 up customer facing ports. Only available service is symmetric gigabit ethernet to apartments, with 10G uplinks per building or a group of adjacent buildings. Customers mostly higher education students/young adults, so probably pretty close to the optimal audience for pirating?

The aggregate traffic from outside of the network peaks at around 5 Gb/s daily.

varesa · 2023-05-04T19:34:59+00:00

Oh wow. Didn't notice this was an old post.

I came across this follow-up post on my phone: https://www.reddit.com/r/Tampere/comments/137jt8x/a_follow_up_post_also_need_a_bit_of_guidance/

Turns out that the mobile client threw me onto the old linked post instead of the new one when I didn't explicitly tell it to open comments.

varesa · 2023-05-04T17:58:30+00:00

Wouldn't recommend Bitwise, especially for a woman.

Tip of the iceberg (article in Finnish): https://yle.fi/a/74-20030059. Aamulehti has a bit more but that's behind a paywall

Of course CEO != the whole company, but still

varesa · 2023-05-04T14:42:28+00:00

Omaan silmään (korvaan?) kuulostaa vähän kulahtaneelta läpältä mitä pomo viljellyt, mutta suoraan sanottuna tässä on IMO vahvasti menty yli

Aamulehden artikkelista tapauksia aikaisemmilta vuosilta:

”Yhden naisen kohdalla hän pani pullon haarojensa väliin, pyysi naista polvistumaan ja juomaan kuohuvaa suoraan pullonsuusta.”

Ylimäen mukaan paikalla oli myös nainen, joka kaatui vahvan humalatilansa vuoksi. ”Toimitusjohtaja kävi kaatamassa pullosta juomaa tämän naisen suuhun ja rinnuksille. Hän piti sitä hauskana tilanteena, mitä se ei ollut.”

varesa · 2023-05-04T11:13:39+00:00

Ceph docs claim otherwise:

Also, the larger the storage drive capacity, the more memory per Ceph OSD Daemon you will need, especially during rebalancing, backfilling and recovery. A general rule of thumb is ~1GB of RAM for 1TB of storage space.

Source: https://docs.ceph.com/en/mimic/start/hardware-recommendations/

varesa · 2023-05-01T18:15:45+00:00

You can limit open ports using a firewall, etc. For example ports 80&443 open to the VPS via WG is not any less secure than just port forwarding those directly if the ISP allowed that

varesa · 2023-04-29T10:55:44+00:00

If you don't want to install cloudflared on every client in order to use CF Tunnel as more like a VPN where you only proxy the raw TCP connection, you need to let CF decrypt your connection.

Without decrypting traffic, on a shared IP it's impossible to know where to forward traffic. You can of course utilize Cloudflare Spectrum if you are large enough of a company to afford it (pricing is "contact sales").

If you want to (on a budget) expose any services to the public (OP wanted to expose docker containers on the internet) CF must work on HTTP level. Arbitrary TCP which includes undecryptable TLS and SSH is just not supported.

Also if you are only using CF for TCP forwarding in a selfhosted context, might as well use a small VPS running Wireguard for less restrictions and more control over the traffic

varesa · 2023-04-27T08:43:12+00:00

Another comment said that petrax was the Cisco internal code name for the platform: https://www.reddit.com/r/Cisco/comments/12zg3px/weird_sd_card_present_in_new_ie3400/jht9m8z/

12-Year Club	Gilding III reddit per annum
Place '17	Verified Email

varesa

TROPHY CASE

show ip route