seanho
seanho
About
- Username
- seanho
- Joined
- Visits
- 779
- Last Active
- Roles
- Member, OG
- Thanked
- 142
- About Me:
- seanho.com
Comments
-
All I saw is terrible cable management... ;) I have a 36U rack in my basement with a k8s cluster, five dual-E5v2 nodes plus a couple SFF desktops, 10/40Gb networking. My storage needs are not so big, more compute. My rack is nothing compared with…
-
Unraid doesn't pass TRIM, last I heard. Most folks use it with an array of spinners, plus SSD cache. For 4x NVMe, perhaps zfs pool of mirrors (raid10), depending on your needs.
-
Yes, if you're torrenting a lot it can prematurely wear out both HDDs and consumer SSD. One idea is to get a cheap, used, enterprise 10k SAS HDD (plus HBA) just for torrent/seeding; those are pretty sturdy. Enterprise PCIe/U.2 NVMe can have very hig…
-
LunaNode has load balancers, you just pay $1/mo for the floating IP.
-
Minimize the attack surface as much as possible. If Exim is listening on port 25 and has a CVE, or you haven't updated it in a while and your old version has a CVE, your VPS will be pwned within days, or sometimes within minutes. tcp/4140 is assign…
-
Doing the rate limiting directly in zfs is probably the best. In addition, you might investigate piping it through pv with the -L option.
-
Oh man, I did a fair bit of Perl hacking, back in the day; this brings back memories. When Perl 5 came out, it was like the sky was falling -- what was a scripting language doing with OO? There was a time when I really bought into the "literat…
-
Metal detector around the trench?
-
Not fond of Authy being closed source. I've used FreeOTP for a while but it's ancient. Many password managers nowadays have TOTP built-in; e.g., KeePassDX on Android. Even with good old Google Authenticator, root the phone and use Titanium Backup t…
-
For internal KB I use hugo in a git repo with CI. I just need to fiddle with the theme a bit; blog layout isn't a good fit for KB.
-
Agent. Key represents an identity, not a host https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
-
Nowadays with Proxmox, virt-manager, vagrant, etc., it's super easy to spin up a few KVMs and/or LXC and see for yourself just how dependent the guest OS is on the host OS, and how easy it is for the host to access secrets in the guest.
-
Something to be aware of, which tripped me up a number of times: add_header declarations are generally inherited from enclosing blocks. E.g., if headers are specified in a server block, they'll propagate to nested location blocks. However, if a nest…
-
Farewell to two idlers in FR and UK, it was good while it lasted. Consolidating to dedis and home lab.
-
I looked into this with ffmpeg scripting a few years ago, but never finished it. Would you mind tossing your script up on github?
-
V2ray and caddy in-memory cache?
-
Huawei corporate has also distanced themselves from it, saying it was the independent actions of a single dev (although pretty high up)
-
Agreed that VNC should not be exposed to the internet. SSH tunnel, VPN (OpenVPN, WireGuard, ipsec, etc), or SSL to a Guacamole server on the LAN. Port tcp/5900+(display number). If using TightVNC server, don't forget client must also be tight (rath…
-
(Quote) No worries, I understand why you'd want to keep it similar to the current storage VPS offerings. My use cases would be fine with just an S3 interface rather than a full VPS, and I was thinking it might spare you some headache in that you do…
-
How about an S3-compatible object storage service, with either metered or unmetered traffic?
-
Another possibility is to copy/rebase onto a btrfs filesystem and use bedup (extent-panel dedup). Then you get copy-on-write if you need to make modifications. ZFS is another option.
-
(Quote) burp is ok, not a ton of development, but not orphaned (one-man show, coming out of his master's thesis). I moved to it (from BackupPC, if memory serves me) mostly because of the Windows VSS support, and haven't looked in detail at other opt…
-
PoI's Thornhill
-
Great topic! I've been using a little-known tool called burp for several years, but may move to borg in the future. Incremental with daily/weekly/etc history. Block dedup on the server, which helps with a few Windows clients for which I'm backing u…
-
What location are you looking for?
-
FreeNAS can be installed to a USB drive; most of the OS is loaded into ramdisk, so it doesn't hammer the USB drive. If using hardware RAID, make sure you're able to procure an identical replacement card (and flash to same firmware) if/when your RAI…
-
Very. The assumption is that you'd run this on dedis, VDS with unlimited CPU usage per ToS, or owned hardware (e.g., homelab). Don't run F@H on a LES NAT VPS, just ... don't
-
The probability of not winning any of the next drawings from 2k-10k is (untested python): numpy.prod( 1.0 - 1.0 / r for r in range( 2000, 11000, 1000 ) ) So the probability of winning at least one of those drawings is 1 minus that. Comes out to ab…
-
Yep, just touch /option.netfilter and wait at most half an hour for the host cron job to pick it up. The file will then be renamed to /netfilter.enabled, container will reboot on its own, and you'll be good to go. There's also /option.fuse and /opt…