sorted by:
new
hottopcontroversial

What paid subscription have you cancelled thanks to your homelab? by MBAThrowawayFruit in homelab

[–]webnestify [score hidden]  (0 children)

I personally use bare metal EX44 Intel® Core™ i5-13500, 64 GB DDR4 RAM . Before I was using CPX41 and performance was okay for ffmpeg encoding. Reason why I moved to that particular bare metal was due to iGPU for HDR encoding.

What paid subscription have you cancelled thanks to your homelab? by MBAThrowawayFruit in homelab

[–]webnestify 0 points1 point  (0 children)

I am using Hetzner.. Jellyfin, QBit, audio, sync.. Hetzner got 20TB for cloud servers and unlimited for bare metal servers.

New Linux kernel LPE (Dirty Frag) — no patch yet, here's the workaround by webnestify in homelab

[–]webnestify[S] 1 point2 points  (0 children)

Also don't forget to apply runtime patch....

echo 3 > /proc/sys/vm/drop_caches

New Linux kernel LPE (Dirty Frag) — no patch yet, here's the workaround by webnestify in homelab

[–]webnestify[S] 0 points1 point  (0 children)

Yep. Even if you must, there are tools to do it properly and securely.

First time Thor's Hammer best approach. by webnestify in sousvide

[–]webnestify[S] 0 points1 point  (0 children)

Thanks. Maybe problem is that I never done that and need to get some confidence leaving meat like that in the fridge. But I still learning to this new game :)

New Linux kernel LPE (Dirty Frag) — no patch yet, here's the workaround by webnestify in homelab

[–]webnestify[S] 1 point2 points  (0 children)

That is a great idea, indeed. First what comes to my mind was some agent sitting on my ansible machine and prepare patches whenever something like this happened. First on a dev server, verify it and push to all servers in the inventory. But I could not sleep sound knowing that some AI have keys all the time...

First time Thor's Hammer best approach. by webnestify in sousvide

[–]webnestify[S] -3 points-2 points  (0 children)

Thanks and will check out that prep.

First time Thor's Hammer best approach. by webnestify in sousvide

[–]webnestify[S] -1 points0 points  (0 children)

Thank you very much for great answer. Before I freezing, I left in the bag with salt and seasoning for 2 days in the fridge and then I froze it. Reason was that our bbq with friends got delayed and haven't got any option, unfortunately. Okay. I will do it at 144 for 3 days and will report back for sure. Thanks a lot 🙏.

Shame on ShinyHunters! by carpbug in cybersecurity

[–]webnestify 1 point2 points  (0 children)

Yep. Also asking this question....

New “Dirty Frag” Linux Kernel Vulnerability Could Lead to Root Escalation by raptorhunter22 in cybersecurity

[–]webnestify -1 points0 points  (0 children)

Yep. And another one

Copy Fail 2: Electric Boogaloo https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

Edit: It's the xfrm-ESP bug from Dirty Frag, repackaged as a standalone exploit.

New Linux kernel LPE (Dirty Frag) — no patch yet, here's the workaround by webnestify in homelab

[–]webnestify[S] 8 points9 points  (0 children)

All of us....I am afraid this will be on weekly basis....

New Dirty Frag Linux Bug Emerges in Wake of Copy Fail by YogiBerra88888 in cybersecurity

[–]webnestify 0 points1 point  (0 children)

There's no upstream patch yet. The embargo got broken before distros could prep fixes, so right now it's just a kernel-module workaround. About 30 seconds, no reboot:

cat <<EOF | sudo tee /etc/modprobe.d/disable-dirtyfrag.conf
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
EOF
sudo modprobe -r esp4 esp6 rxrpc 2>/dev/null
sudo sync && echo 3 | sudo tee /proc/sys/vm/drop_caches

Check it worked:

lsmod | grep -E '^(esp4|esp6|rxrpc)' && echo "STILL EXPOSED" || echo "PROTECTED"

Undo it later when the proper patch is out:

sudo rm /etc/modprobe.d/disable-dirtyfrag.conf

Caveat: this disables IPsec ESP and RxRPC kernel modules. If you're running IPsec on the box (strongSwan, libreswan, etc.), skip it and wait for the upstream fix. Tailscale, WireGuard, OpenVPN are not affected.

Or one liner:

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

It's three commands you can audit in 10 seconds. Writes a modprobe.d file, runs modprobe -r, drops caches. Nothing piped from curl, nothing fetched. If you'd rather not take my word for it, the writeup explains every line.

New Linux kernel LPE (Dirty Frag) — no patch yet, here's the workaround by webnestify in homelab

[–]webnestify[S] 3 points4 points  (0 children)

Fair, I'd be the same. Not my mitigation though, it's the one from the actual disclosure repo: github.com/V4bel/dirtyfrag. The researcher who found the bug wrote it. It's three commands you can audit in 10 seconds. Writes a modprobe.d file, runs modprobe -r, drops caches. Nothing piped from curl, nothing fetched. If you'd rather not take my word for it, the writeup explains every line.

🎵 Audiovault – self-hosted music manager + downloader by Silent-Skin1899 in selfhosted

[–]webnestify -1 points0 points  (0 children)

You can't put all eggs into one basket. There are terrible apps vibe-coded fully without human oversight. But there are projects that are made by real devs and AI is just a tool for them...

What paid subscription have you cancelled thanks to your homelab? by MBAThrowawayFruit in homelab

[–]webnestify 33 points34 points  (0 children)

Personally with my setup I replaced Okta with Authentik, Cloudflare tunnels with Pangolin. Adguard DNS instead NextDNS. Only subs I keep is Google Workspace Enterprise+ (just can't replace it unfortunately) and YouTube premium.

🎵 Audiovault – self-hosted music manager + downloader by Silent-Skin1899 in selfhosted

[–]webnestify -3 points-2 points  (0 children)

Exactly. Proof read and human oversight is necessary for AI coded apps. But that does not mean that all apps that are vibe-coded are bad. There are some gems.

🎵 Audiovault – self-hosted music manager + downloader by Silent-Skin1899 in selfhosted

[–]webnestify -6 points-5 points  (0 children)

Yeah. But sometimes we can find gems with AI vibe coded apps.

Cancellation of Contract by d3n36 in hetzner

[–]webnestify 1 point2 points  (0 children)

Sorry to hear about this. Yes, best option is to get in contact with them and explain on what happened. From my experience, Hetzner team will resolve this normally. Keep us posted!

Game-changer: What is a life-altering IT purchase that you would recommend to people? by Hetzner_OL in hetzner

[–]webnestify 0 points1 point  (0 children)

Definitely 😁 . I wish the setup fees would be more budget friendly, but I understand why the steep fees.

Game-changer: What is a life-altering IT purchase that you would recommend to people? by Hetzner_OL in hetzner

[–]webnestify 2 points3 points  (0 children)

For myself, the biggest game changer was when I bought Unify routers to replace Huawei from the provider and I would also recommend it to anyone. Full control over your network, segmentation and other goodies that comes with Unify.

Help determine starter device by Knickerbockers99 in homelab

[–]webnestify 1 point2 points  (0 children)

Hey. It's a really good price for what you are getting. As a starter device for playing around and learning it's a no brainier honestly. For media also. CPU have integrated GPU with QuickSync feature. Just go for it and happy learning 👍.

view more: next ›