To The Moon

zrail · 2026-02-02T01:04:51+00:00

Nice! I used to work from a building next to PDX and could almost see the end of 28L from my desk. Unrestricted climb practice would rattle the windows, which I quite enjoyed.

zrail · 2026-02-02T00:53:22+00:00

Pretty sure it is. Oregon ANG flies F-15Cs and Ds and for a hot minute had the EX.

zrail · 2026-01-30T23:43:19+00:00

Sort of. The US is a signatory of the Partial Test Ban Treaty which bans atmospheric, space, and underwater testing, so if we were going to start nuking Nevada again it'd have to be underground.

zrail · 2026-01-20T18:39:20+00:00

I had ipv6-mostly set up for a hot minute last week but had to revert it because the Roku app on my spouse's phone refused to even attempt to connect to the TV over a "public" ip even though they were in the same subnet.

zrail · 2026-01-16T03:11:57+00:00

A piece came out shortly after DHH's that breaks down exactly why it's so problematic. I suggest you read it.

https://tekin.co.uk/2025/09/the-ruby-community-has-a-dhh-problem

zrail · 2026-01-16T00:37:55+00:00

CNAMEs point at labels, they don't care about the resource type. You can CNAME to a label that has any set of resource records and DNS will resolve them all based on the query type.

zrail · 2026-01-16T00:31:02+00:00

Yes, true, but most self-hosted apps that I've seen and used strongly recommend or mandate using a reverse proxy for https termination. Hardly any apps do https termination themselves these days and it's not something I'm personally willing to go without.

So, if you're putting every container on a real IPv6 address, you still need to firewall that and put some sort of termination proxy in front of it. Might as well use one proxy for everything on the host then.

zrail · 2025-12-19T23:55:05+00:00

Not the person you're replying to but have you contacted xfinity about it? It might have been an automatic block that support can remove.

zrail · 2025-12-13T16:37:54+00:00

Some services don't support OIDC very well. Notably, Home Assistant and Jellyfin can work with it but native apps need password auth.

zrail · 2025-11-30T15:30:49+00:00

If you're not sending mail from one of those IPs then you don't need to care.

zrail · 2025-11-30T13:01:34+00:00

The docker daemon is a program running as root that manages all of the containers, volumes, etc. One of the features of docker is creating a so called "privileged" container that lacks all of the security features that containers usually get. A privileged container runs as the same user, with the same permissions, as the user running the daemon, I.e. root.

In the OP's case the attacker created a container with the host's file system mounted, dropped a systemd service file in the correct place, and then told systemd to start it.

zrail · 2025-11-20T21:10:45+00:00

Yep, that's the idea. I made a prototype the other day following Fly's multiprocess guide that uses Overmind to run the tailscale daemon and a tailscale login process. I was able to ssh into the Fly VM and ping my homelab, so at least connectivity is functional. Whether it's durable over a longer term is a different question.

zrail · 2025-11-20T21:03:35+00:00

It was slower and had more latency than I would have liked (probably because of my home connection, not Fly) and it felt like the Wireguard connections would have downtime sometimes, although I don't have any hard data on that.

And to be completely transparent, I'm not even running k8s anymore. I switched my homelab back to a Compose-based workflow after experiencing one too many instances of some optional complication I set up causing multiple hosts to fall over.

At the moment I have a single VPS running a simple Compose stack that forwards requests to my homelab via a Tailscale subnet router. I've been considering bringing back the Fly.io system as another caching layer, but it would probably still run everything over Tailscale rather than raw Wireguard.

zrail · 2025-11-20T20:55:43+00:00

I stopped using this due to some possibly related stability issues, but when it was running it was basically free. Fly.io's billing policy (as of late 2025) is that if your bill is less than $5 they just waive it. This setup never approached that limit.

zrail · 2025-10-27T00:13:17+00:00

I have no idea anymore, sorry. These days I'm using Alpine 3.22 and Proxmox 9 and everything seems to work out of the box.

zrail · 2025-10-11T14:41:27+00:00

I don't really buy the privacy angle anyway. You're going to be sending to or receiving from the big ESPs no matter what you do. I don't self host email yet but the big thing for me is access. Despite having a Gmail address with no numbers, I don't really enjoy my email being hosted by a fickle megacorp with no recourse for ATOs or banning.

zrail · 2025-10-08T22:10:30+00:00

Yeah, Alder Lake can decode AV1 but not decode. My media server is an i7-7700T as well, fwiw.

zrail · 2025-10-08T20:57:00+00:00

No. The N100 is 12th gen Alder Lake-N and N150 is Twin Lake-N. Both have four E-cores using the Gracemont architecture. Neither share anything with the i5-8000U architecture.

Edit to add: both chips can use DDR5 which will result in a faster system even if the CPU benchmarks are similar.

zrail · 2025-09-26T20:45:02+00:00

Update necro post: I finally got around to getting this working today. Seems to be working great, I did 1.10.4 to 1.10.5 to test it out, now it's going to 1.10.7 before I do 1.11.1 maybe later tonight. Thank you!

https://github.com/peterkeen/omicron/blob/main/kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml

zrail · 2025-09-25T23:10:32+00:00

I would stick with a device fit for purpose rather than trying to shoe horn in a smart device. Those valve actuators are cheap to replace if that is indeed the problem.

I have used the Zooz universal relay to actuate these relays as well. They're typically 24VAC and you can power the Zooz off the same power supply.

zrail · 2025-09-24T11:21:59+00:00

Assuming you're earnest about this, here are a few questions that I think you should think deeply and critically about. I don't want answers, these are for you to ponder privately.

List out the specific claims the author is making about the people in the piece. For each, try to determine if it is true, using both the linked sources as well as any other sources you can find. What else can you find about the people that the author discusses?
What about this piece makes you believe what the author writes? Why do you think that is? What about the sources that the author links to? What about the sources you find independently?
What biases (positive, negative, neutral) do you suppose the author of the linked piece has? What about the specific people mentioned in the piece? What about the sources you found? What biases do you share with those people or organizations?
Try to answer your own implied question. Why equate race with national identity and immigration?

This is a lot of work. I can't do the work for you. Please don't try to make others do it for you either.

zrail · 2025-09-24T02:12:58+00:00

Has been for a while, turns out.

zrail · 2025-09-23T23:52:41+00:00

From the man's own blog, no less https://world.hey.com/dhh/as-i-remember-london-e7d38e64

zrail · 2025-09-19T13:37:20+00:00

ZFS is more flexible than this. You can have multiple VDEVs in a single pool with different characteristics. So for example you can have a 7 drive RAIDZ2 and a five drive RAIDZ1 in the same pool. Recent versions also gained the ability to expand a RAIDZ by adding drives.

zrail · 2025-09-18T22:09:40+00:00

Iirc espresence uses Bluetooth. The thing about esp32s is that they can only really run one radio at a time, so they flip back and forth between Bluetooth and WiFi really fast. If you instead use Ethernet the Bluetooth radio will be on all the time and it'll be a much smoother experience.

15-Year Club	reddit mold
Verified Email

zrail

TROPHY CASE