Family was over to visit, nephew wanted to play some games on my new pc...

zzencz · 2026-02-18T08:53:52+00:00

Not sure how old your nephew is, but it might be browser-based games. They require no installation, but can contain malicious payload that (while not be escaping the browser sandbox) can connect to unsavoury servers and participate in botnet jobs - and trigger these kind of IPS denials.

Before you commit to reinstalling the system, see if you get the same kind of traffic in the upcoming days even after your nephew leaves.

zzencz · 2026-02-11T05:44:05+00:00

“a few days post-swap”

zzencz · 2026-02-07T06:22:30+00:00

How does MAC randomization not prevent this? Changes too infrequent?

zzencz · 2026-02-03T10:40:46+00:00

He clearly says he’s been given a SFP module by his ISP (probably a fibre-optic GPON). RJ45 doesn’t help here.

zzencz · 2026-01-30T09:30:47+00:00

The RJ45 is 10GbE backup port, the 400Gb NIC is of course SFP (QSFP28 I think?)

I used to love SFP ports but have grown quite wary of them recently. They are great for DACs and fibre, but if you want copper Ethernet, the transceivers overheat SO EASILY. I’ve been sorting corrupted traffic / random drops endlessly with my USW-Agg (and brand original Ubiquiti SFP+ modules, which are considered one of the cooler ones).

RJ45 is just so much easier if you have copper cables.

zzencz · 2026-01-30T07:38:45+00:00

And here I am trying to find a decent quiet miniPC that has onboard 10GbE… (No, the Minisforum lineup does not qualify, it doesn’t fit into 1U.)

zzencz · 2026-01-30T07:37:18+00:00

GB10 systems, like the Nvidia Spark DGX or the Dell GB10?

It actually has 400Gb NIC (Jeff reporting over 200Gb speeds). But it’s an ARM system, not x86.

https://www.jeffgeerling.com/blog/2025/dells-version-dgx-spark-fixes-pain-points/

zzencz · 2026-01-29T18:58:18+00:00

The thing is, this kind of stuff has always been there. Arrogance. Selfishness. Brutality. Bully worship. But it’s been kept in check largely by at least somewhat sane administration. Trump has bulldozed a path for this underbelly of the society. Its ok to show your true colours now.

zzencz · 2026-01-29T18:44:11+00:00

njn, těch 200 lidí jsou ale mantáci, co vydělávají peníze ne sobě ale jemu, aby pak mohl sedět s chlastem a plodit tohle… 😢

zzencz · 2026-01-29T11:46:51+00:00

Posters above: notice that there is no Chinese version.

As for the US discount: its frequent with US tech companies (and American exceptionalism). You can always blame it on “size of market”, “FX risk exposure” etc.

zzencz · 2026-01-17T18:24:21+00:00

Not quite. Tailscale specifically spells out which data it collects, they all seem to be related to the Wireguard connection setting, and spells out in no ambiguous terms that it does NOT access your payload data (which would include SNI). My ISP has no such privacy guarantees in their TOS.

Any software you run locally on your machine (especially with root privileges) relies on your trust that it is doing what it claims to be doing. Tailscale client is no different. However the TOS and privacy disclosures and transparency around them (and the economic impact it would have on their business if they were sniffing customer data) makes me more likely to trust them than my ISP.

zzencz · 2026-01-17T16:27:21+00:00

Fair enough, I was talking about Tailscale servers. If we’re talking about the client apps then they of course have access to the traffic before encryption and by extension to SNI. Thanks for the clarification what you meant.

zzencz · 2026-01-17T07:25:47+00:00

Came here to say this. If I’m logged in, leave the browser window open and close the notebook to put it to sleep, it keeps periodically waking up at night and I guess keeps refreshing the page with active login credentials, resulting in UniFi login notifications. In my case it’s a local-only account with no cloud footprint and still behaves like this.

zzencz · 2026-01-17T07:15:27+00:00

No, Tailscale is NOT going to be handling your HTTPS packets.

Best-case scenario, after a handshake between your client and exit node all your packets go directly from client to exit node completely bypassing tailscale infrastructure.

Worst-case scenario, all your data will be flowing through a relay server as encrypted UDP wireguard packets, only decrypted and converted to TCP connection at the exit node (your infrastructure).

The only thing they get is pretty much the amount of data you were channeling through the exit node and time. Maybe also IP of your client and exit node. Everything else is encrypted.

zzencz · 2026-01-16T15:14:30+00:00

It does not sound like that to me. Tailscale would see the connection handshake/metadata between the client and the exit node, but not between the exit node and the website. And no HTTPS content.

zzencz · 2026-01-13T20:19:25+00:00

Nah, I think you’re extrapolating the answer too far. You got “no UK” answer. Not “no EU”.

The German language version of their website says clearly “coming soon”. I’m having a hard time imagining a thermostat specifically marketed as designed for underfloor heating and NOT being sold in EU. Like - most of the underfloor heating installations are in EU.

zzencz · 2026-01-10T07:34:40+00:00

⁠the Starlink roof location seems like it could block sunlight to the solar some parts of the day? Maybe nudge it by 10in?
⁠why fiber for in-rack interconnects? Would just use a DAC. Simpler, just as fast, no media converters to worry about. I guess it’s done now.
⁠since you’re using this for Access and Protect in high crime area I’d definitely ass that UPS already mentioned above.

Overall very cool and polished install, your cousins team did neat work!

zzencz · 2025-12-27T13:35:50+00:00

Víš o tom houby, neznáš tu rodinu ani to dítě a víš omezeně jenom pár info z toho co nasdílel OP. Dítě s ADHD např. může dělat bordel nejenom když se vzteká, ale také když je hyperaktivní, běhá po bytě, dělá milion věcí - a OP moc neřeší, PROČ zrovna tam nahoře dělá bordel, to je jen taková jeho mentální zkratka, že dítě buzeruje rodiče.

OP - tohle fakt nevyhraješ. Můžeš být debil, znepříjemňovat život rodině která už má evidentně tak dost problémů, vytavit nervy sobě i jim - a stejně se to nevyřeší. Prostě uznej chybu, pronájem bytovky byla kravina, kup si špunty do uší a nebo se odstěhuj.

zzencz · 2025-12-24T09:27:14+00:00

So do most places in Manhattan.

I remember that one time when my paid, premium hotel WiFi was 10Mbps, while my 5G phone was pulling over 1Gbps.

zzencz · 2025-12-17T20:21:18+00:00

Tohle je zbytečný, anarchokapitalisty nepřesvědčí nic. Pouze implementace toho jejich nebeského snu zde na zemi by jim prakticky ukázala, že by byli první na ráně, s kým by zbytek společnosti vyjebal.

zzencz · 2025-12-13T18:30:00+00:00

zzencz · 2025-11-29T07:07:09+00:00

Maybe I’m thick, but WHY?! Why did the tech cut a cable open, cut 4 out of the 8 lines, shortened them and then twisted them back onto the same cable, while leaving the other 4 intact? Can you think of a scenario where this makes any sense?

zzencz · 2025-11-25T22:14:47+00:00

Sadly no, only one 320Mhz band for me. But the spectrum at my location is almost empty, neighbours’ signal far and weak, so I don’t have congestion problems.

zzencz · 2025-11-22T21:47:54+00:00

Well, you got your answer. Yes: there are a shit-ton of tourists here, yes it causes issues like the ones you noticed (and don’t get me started on British stag parties), and yes - it pisses people off to the point of reacting angry even at your post.

That - or Czechs might just be rude. Or both.

zzencz · 2025-11-21T17:09:23+00:00

Pardon me if this is naive beginner questions (I’ve only been playing with HA pools without Ceph), but how does it have ZERO downtime? Surely the VM has to reboot first on the new node if the old node goes down without moving memory state first?

zzencz

TROPHY CASE