#the-water-cooler

Where is @hushed basalt when we need his arm strapped fireworks missile murica gif?

How would I go about changing the PW for my SSID in HA should I chose to change the PW?

https://media.tenor.com/images/8a12002c5a0dd7639ad53d1c5c07abab/tenor.gif

@cobalt silo ask in your installation method channel

@clear ferry that gif is accurate for my street right now

It's for all of murica every week!

my house is shaking right now and they are like 2-3 houses down

but its comign from each direction

was outside for a quick smoke and heard this loud ass boom....followed by a bunch of car alarms lol

The car alarms are the worst part

Anyone using a floorplan in HASS?

My go-to impression of Connery is rather Thank you for shaving my wife

what a waste

We’re having the bathroom remodeled and have a temporary shower set up in the back yard. I could get used to warm midnight showers under a starry sky with jasmine petals drifting in...

Damn swedes

does it really exist any smart doorbells with onvif that works with the crappy 8-12v eu transformers? all doorbells are for the us 16-24v and I dont want to change the transformer

Im impressed with this project https://community.home-assistant.io/t/diy-video-doorbell-with-voice-response-esphome-esp32-camera-dfplayer-mini/208254/16

might be something to think about

I just use a SIP Video Intercom

I have a doorbird laying in the drawer

but the video quality is so horrible I get chills

One of these guys

It goes PiP on my TV or just opens straight to full screen if nothing is playing /its on standby. You can either use your cellphone to talk or one of the sip phones in the house thats ringing. From the cellphone you can view the video too.

no need for doorbell if phones make doorbell noise too

and the price?

$300 for the keypad/doorbell > https://www.amazon.com/Grandstream-System-Surveillance-Intercom-GDS3710/dp/B071NY1BD2
$220 (Got on sale, is now $275) PBX > https://www.amazon.com/Grandstream-UCM6202-IP-PBX-Port/dp/B01LW7P8X9/
$95 SIP Phone at my desk > https://www.amazon.com/Grandstream-GS-GXP2170-VoIP-Phone-Device/dp/B019X06IFS/
$117 For cordless SIP phones across the house > https://www.amazon.com/Grandstream-DP750-Long-range-Station-2-UNITS/dp/B01LOUVYW2/
(These are all grandstream because they have an open REST/HTTP API. They are also well developed, have many features, and just work.)
$45xWhatever for extra cordless phones

The PBX and SIP Phones are also because I run a business out of my house. So they need to work with my business line. So there is plenty of value added services besides the doorbell alone

You really dont need the phones just a PBX of some sort cuz yeah sip

And your cellphone

But to achieve best ease of use, its how I did it

The ring doorbell elite which has much less features and is tied to the cloud is $349. Pro is around 200. For just ~$360 and some know how, you can achieve much more use and features out of your doorbell. If you are capable, I think its a fair price. Even if the cam quality isnt as good.

Thats my honest opinion on the take.

yeah I have the ring pro now, but im tired of the cloud connection

I even have it tied into my NVR

thats why I was thinking brushing off the doorbird as is has onvif and poe, but 720p is so bad

and sip

@late gate noice, perfect starting project for me when I get my 3d printer

Overall, I find the unit very well built and will last longer than my ring did.

Much more reliable too

@clear ferry I put out a post on hjemmeautomasjon if anyone was interessted in group buy the acryllic

I also took it apart. It was easy to figure out how the camera was wired in. I am pretty sure you can retrofit things like a 4k cam

I have yet to try

my only gripe was its logic for "Granted" "Denied" is built into the keypad. This means it has an attack vector. However the mount is pretty secure and vandal proof. I wouldve noticed all the motion alerts by the time you were even half way done taking it apart

It has a tamper alarm and even a hostage code (fucking rofl)

can you have automatic response? Like if someone click the doorbell you can have tts telling not interested in sale or put the package down in the front of the door

With SIP, if you can program it, you can have it. I imagine it would be difficult. I do run facial detection through my NVR but even then, that would be spotty and you dont wanna have it say that to your parents or something

You could literally have it call an IVR on ring

Press 1 to reach X
Press 2 if you are here to sell something

2 > Prerecord attach to extension: "Go away"

I wanna get one of these to play with the video conf tech. They also support the video chat with doorbell.

my only issue is the size of the thing hehe

Nice my Xiaomi Mi Purifier stopped working 0.112.2 just fixed it 😄

Hello everybody, I salute you from Romania!

Thank you

oof, full lock down near me right now, I might not be able to leave the house soon 😦

I like this

Someone tell me why this is a terrible idea

hole in wall for a product that will be out of date in couple of years?, sound would likely be restricted somewhat but nah I like it too

This is how I feel about it. But damn does it look nice

ublock hates them

@last plaza did you get that printer?

Anyone use Yubikey?

@rare condor Religiously

Even my PGP keys are on it

I am debating getting a Yubikey 4, I know no Fido2 but its cheap and I am student, so has to offer some advantages

Not just lack of Fido 2, but potential security issues

@last dirge nope.

There is a reason why its not really sold mainstream anymore

security issues?

ROCA vulnerability in certain YubiKey 4, 4C, and 4 Nano devices

They exchange the vuln ones for free but that offer ended on Mar 31 2019

There are 2 devices I always 100% recommend. A yubikey 5c and iodd when in IT. You can even use it as your SSH keys

bite the bullet and go with the latest version in your preffed style

I am not a sysadmin or manage anything important its just to add a little more security to my gmail is all

Based on your input I think I won't use it

The Yubikey 5c is too expensive, I was going to get a Yubikey 4c as I can afford it but not if its insecure

https://www.amazon.com/Yubico-Security-Key-USB-Authentication/dp/B07BYSB7FK/

It's all relative 😉

Fido 2 and U2F only key

Thats what you are looking for

Also, for adding security to GMail, "just" MFA is a good start

This item cannot be shipped to your selected delivery location. Please choose a different delivery location. 😦

I would want one with Type-C as my laptop and phone only have type-c

If you haven't already enabled MFA, do that

I have

Then, assuming you didn't go with SMS, you're already pretty good

there is the nfc version

for phone/mobile

I'm looking forward to the YubiKey Bio version

@clever mortar know what an iODD is?

Nope

"mini" 🤔

Slap a bunch of VHD's, and ISOs in it

And mount them as bootable

3 VHD's and 1 ISO all at once

For an MFA token, that's a little overkill 😛

It aint MFA. Just another tool that falls under top tier

Also thoughts on running ZFS as root?

Yes

Good thought

Nice Input

I've been running ZFS for my root pool for years

Then again, I've been doing that on FreeBSD. Who knows what OS you're talking about 🤷

I kind of want it so I can do snapshots and then run dd backups of those

Windows 3.1 ofcourse

Go uber mode and run your OS as diskless

Run a Chromebook, it's easier 😄

So like work is selling Yubikey 4c for $5, Yubikey 5c is $90AUD, definitely worth the 1800% price increase?

How do LVM or Btrfs snapshots compare to zfs snapshots? Is it really a unique feature?

For me, yeah. I have use for the PIV/PGP. For you, I would just try to find the FIDO only ver locally not just at amazon

BTRFS is no where near as stable for one

ZFS is much more flexible

The tools avail to control snapshots is vast too

And snapshots are not backups

hmmm.. I might get a subscription to Ars technica comes included: https://arstechnica.com/store/product/subscriber-gift-yubikey-5c/

Indeed they are not backups, I would take a snapshot, backup the snapshot and then remove the snapshot at best. Or worst case depend on it to fix stupid errors I made

Exactly, rollback periods

Akin to that of Windows System Restore

that is a nice looking yubikey

shame its usbc

Tons of things are USB-C now thankfully. Most of my stuff is now too. I keep one of these attached for whenever I need to go with USB-A.

@rare condor There is a catch-22 to things like Yubikeys though

I just use a 2015 thinkpad as my main machine currently

You DONT want to lose it.

so my 2015-16 yubikey is ok

Ayy. My main utility laptop is a Thinkpad X230 ❤️

Don't you just buy two

Correct.

Well its like your home keys, or car keys. You don't want to lose that too. And yes multiples like the other keys

and disable the one you give to your russian friend at a nightclub

or use basic otp on your phone as a backup

most services allow you to have both the U2F and OTP setup

You generally avoid doing that if you follow best practices. Or you can be like me and make it useless in that area too. Bitwarden (my pass manager) has TOTP built in but to access it... you need the yubikey

I would never use otp as a backup, if you're using yubikey. It fails the whole point of a hardware key. At that point why use a hardware key at all. Your security is as strong as the weakest link.

how much best practices mean to you though... yeah

idc about best practices tbh

Also managing large number of ssh connections and keys?

what do you for this?

My PGP Key and/or PAM Authentication with yubico_pam to my Yubikey

Well its a bit like having a 6 inch thick door with a big lock and then hiding the key under your door mat for backup. Why would you do that?

Ofc you cant just take the key and use it after stealing it either

to access the keys stored in it, it requires a pin code

https://developers.yubico.com/yubico-pam/

https://developers.yubico.com/yubico-pam/YubiKey_and_SSH_via_PAM.html

https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ PGP method

One uses the printed OTP from the key, the other will utilize the PGP Key you have stored

Its worth noting you can combine other auth methods using PAM such as user + pass then 2fa with Yubikey

or simply let it be single factor > click and you are in

You can even go apeshit with the security using a Yubikey if you ever want to walk that path. Use it for Secure Boot, Decryption, Bootup, Login, all of the above..

My laptop has a fingerprint scanner

pam is still a bit :P in that area

Rofl: DUO + Fingerprint + Yubikey + TOTP stacked

Cuz yeah fuck you thats why

I could just never get it to accept a password aswell as the fingerprint

Yet you have a PAM module?

Its most likely the series/chain of auth modules and their config/setup. PAM is a PITA at times

What are you guys talking about? What’s wrong with traditional 12345 as password? 😝

inconsistent too

Well, basicly the note applies https://wiki.archlinux.org/index.php/SDDM#Using_a_fingerprint_reader

Ok, the reason I wanted to use Yubikey, is I will be involved in a legal matter and I know the person is very smart and they will likely try to gain access to my account.

Using fprint with SDDM just stops the password working

Oh fuck its this oldaf bug

ouch

Need to get one of those yubikeys.

At least two

^

I kind of want to get a new one

Ok I will look at getting a Yubikey 5c

May have to get more as family uses shared accounts.

I spent the insane amount of money on the YubiHSM too. Dank shit having your PKI on a Yubikey like device.

I kind of want to build a door controller that supports U2F as an auth method

Lol USB port on your door frame

I have a NFC Yubi key

Well now that gets interesting..

hmm

RasPi, Z-Wave Relay, Lock System of Choice, USB NFC Reader

why use a Z-Wave Relay when the Pi is already by the door

Yeah good point no need for Z-Wave if its network connected

just use GPIO to control a relay

I would kinda want a purpose built one

super dumb af question but I rarely dabble in this stuff, once you disable password based ssh if you haven't already copied your ssh public key to the server. are you basically locked out, I assume ssh-copy-id would be impossible given password based ssh is disabled so there is no way to authenticate?

Not running potentially insecure services along side my physical access system to my house

I have my SSH servers setup to allow passwords on the local LAN, but yes, without that you would be locked out and would need to physically access the machine to fix it

@rare condor Unless you have another account besides root, Physical Access with Monitor and Keyboard/IPMI to boot into safe mode, or SSH copied, your locked out

You can restart ssh daemon while SSH'd in. Open another SSH Session and test. Just dont logout until you got it working

and for future ref: The only stupid question is the ones you dont ask

Ok, I have IPMI. but why would I need to boot into safe mode, can't I just use the normal console the SSH Daemon is affected not login via the normal console?

@last dirge even lower price on amazon. But not the Pro version.

I may go and pickup from micro center if they still have it in stock today. But I won’t be opening it until holidays time. I’d rather ride my bike in summer than sit indoors and fiddle with 3d printer.

with all the security you guys have on the passwords, it sounds like you all are protecting nuclear launch codes

I mean I do work on half of Australia's utility network

@last plaza no need with the pro version really, but get ready with an upgrade ride with creality

What specific upgrades?

Glass and circuit board?

@rare condor Preventing password login perhaps through PAM may lock you out of local console

get a prusa and call it a day, you'll save your sanity lol

It all depends on how you set it up

unless you like re-printing things a lot and tweaking to fix problems.

I have heard great reviews on creality so fAr @rain swift

I was just setting the /etc/sshd file

Yeah then local TTY's are unaffected

@last plaza go join an ender 3 facebook group for a few days

KVM and Serial Over LAN is unaffected

sweet

Tbh, I don’t have anything planned to print. I make anything I want out of wood in my garage 😀

What IPMI are you working with? HP iLO, Dell iDRAC, or Supermicros? @rare condor

stick to that lol

What is Facebook? Never used it.

Keep it that way 😄

if you like to buy pre-made sensors over DIY you definitely won't like fighting with a cheap 3D printer.

I wouldn’t talk to someone if they have FB account.

I just stopped creality and bought a prusa

used more money on upgrades than the prusa cost

^^^

prusa is good to go out of box lol

What’s your experience on prusa so far then?

Real pros have a linkedin account durr

afaik you can just slice things and send them to a prusa and they come out good lol.

prusa just works, got the upgrades you need

creality you will start with skr board, direct drive, bed mods, stability mods, fans etc

all you hear from ender people is, I printed this, and it did this, how do I fix it, and then 500 different settings and things to try lol.

the design sucks to begin with

only 1 screw rod whatever you call it

3d printer is one of those things I would want to just work

Don’t want to ruin the security conversation that these guys are having. Good stuff. We need more of that here.

Did someone say more sekurity!?

I just changed from lastpass to bitwarden

cant say I can feel any difference

Selfhosted or their hosted?

their for now

Ah

Security is endless. You can never prevent hacker from hacking your stuff. You can only make it just enough difficult, so they they go elsewhere.

lastpass ftw

security is an onion.

There is 2 main reasons I use Bitwarden. Self Hosted and built in TOTP so need for Authy/Google Authenticator/etc

the more layers, the harder it is, you don't have to be the most secure, just more secure than the guy next door.

Sorry I'm buying a Yubikey 4c, the model I am buying is not affected and it works with Google and PGP keys which is what I want

Because fuck having my passwords in someone elses possesion

the price difference is too signifcant

:/

I might move to my own server, but just wanted to try it first

Its better than nothing by a huge longshot. Thats for sure

though I felt lastpass was better with auto fill passwords

I just don't put any personal info online unless I have to, so if something gets hacked, meh, whatever lol.

better than 2FA on phone

https://github.com/dani-garcia/bitwarden_rs (With docker ofc: https://hub.docker.com/r/bitwardenrs/server);
Has the Premium Features enabled freeeeee too. Written in rust, supar fast

Autofill requires you to actually tweak and setup the autofill rules for them to work as well or better

Some effort required

I find lastpass lacks on Android, works well on iOS. Shite on PC. (In comparison)

free premium features? also free for multi user?

Yus and yus

thats a benefit

I have it synced with LDAP users

SSO with my SSO interface too

It says “Single user functionality” doesn’t mention about multi user.

I have 31 users on mine. You setup an org

Organizations support
Right under single user

Ah!

I really feel they made it hard to understand the subscription models. first premium, then org for family

31 users have access to same passwords?

No. You can share specific entries with other users or make it an org based password

IE: Netflix

Fuck you neighbor for using wifi channel 7.

what are you going to do with ch7?

Annoying others

My Arlo base station creates its own Wifi network for its cameras and is supposed to identify the the main channel you're using and piggyback on it to (supposedly) avoid interference. In my network with several Unifi APs spaced out on 1, 6, 11, it often picks 3

wifi security 🤮

Rouge ap scanning and adjusting is something I've had on my HP access points since 2005 atleast

I opted for the scream louder method

i know how to make tech so it cant be hacked by a hacker.

you take a server

and unplug everything

put it in a box.

fill the box with concrete

and then submerge it at the bottom of a lake.

Not deep enough

Marianas trench, or lob it into the sun

So I have HA running as VM that I downloade running on my server everything works except google cast I think it might be networking but I am not sure since I am new to to docker and this Vm in general what the best channel for help

its hassio actually

Cast would be #integrations-archived

For the host itself...

@clever mortar thanks

Are chiropractors doctors?

are ducks chickens?

butts

does this make my ass look fat?

My insurance doesn’t cover for chiropractor visits. I started to doubting if they are really doctors.

They range from I can move things to I know what I'm doing

@mild tapir I see you are also having issues with ISP routers being left on default settings with bad auto channel pickers

I've been to a good chiro, who really did wonders for me, and I've heard horror stories

Never been to one before until last week. After a friend’s recommendation I thought I’d pay a visit, they look like glorified massage therapists.

Well, no massage therapist I've known adjusts joints that much 😄

Apparently no one is perfect, and they take x-rays and tell people that your one leg is shorter than the other. 😂

@pure vine I make an effort to ditch ISP routers ASAP because of shit like this

Cant do shit for the neighbors tho

My one leg is 2mm longer than the other - based on x-rays

For me specificly, its talktalks routers who dont stick to the 1, 6, 11 thing

In this case hes running a nighthawk off my ISP with manual config

like hes smart or something

Despite having my own owned connection through my own ISP, I have a backup incase I fuck up the entire network and need to google shit to fix.

After 2 visits, I am having doubts and may stop going there 😆

Its through AT&T. I bypassed their damn ISP AIO Modem/Router/AP/Switch BS as soon as I could

Im kind of glad open reach here started providing their own modem stopping ISPs providing awful modem/routers combo units. and also making using your own a tone easier

Between the PON and ISP AIO, there is 802.1X Auth with Certs. The IP is specific to the PON not the AIO. So in reality, the damn thing is useless

You can downgrade the router, do an exploit to get root, extract the Auth Certs, and make your gateway do the proper auth itself with wpa_supplicant

Works on all the UniFi Security Gateways, pfSense, OPNSense, and a Grandstream PBX (rofl) so far

yikes, im glad most ISP's here use plain PPPoE for authentication

PITA for sure

Yeah, I've only found chiros through recommendations from folks who've used them. There's too many shady ones

although some hid the auth details from you, where as others its just you login info to the ISPs site

I looked up online, there are 14 chiropractor offices within 1 mile range of my home. So many of them.

would it be beneficial in a professional aspect to learn promethius over prtg?

Yes

It has way more integrations with bigdata platform middlewares

PRTG and Zabbix are older styles of monitoring

Relatively

Most enterprises use splunk or equivalent

Ive only heard of Splunk through F1 and mclaren

Time Series Databases, Graph Dashboard Platforms such as Grafana, and Exporters like prometheus/netdata/etc are how most "cloud oriented" and scalable platforms are being monitored now

TBH given who sponsor F1 a lot, i was suspicious of them untill i learned they are very commonly used

For time series databases, we’ve used Apache spark for log analytics and possible alerting

hmm i see

i just have a functioning PRTG and its what we use at work.

unfortunately my company is not very "forward thinking"

Why did they hire you for? Recommend the new stuff!

@last plaza I've been to physiotherapy, chiropractor, manual therapist, naprapathy and a few more, naprapathy is the one that works best for me tbh, chiropractor is the second best for me

Never heard of naprapathy

well they hired me because they are morons and cant figure out preventative IT practices.

only reactive repairs.

-_-

the idea of server refresh cycles is beyond them.

@last plaza we have a customer who is now implementating splunk, with object based storage as backing, 32PB of it to be honest, I'm looking forward to see the result

so when i got snmp alerts working correctly, they were like "OMG HE's AMAZEBALLZ"

There are so many adapters that can pull data from several sources into splunk. Our security team loves it - does a great job at correlating logs across systems

Lol snmp for full time monitoring, 1997 called

lol

in terms of a homelab to learn how the system works though, promethius might be the way for me to go

im not seeing much of a free option for splunk

maybe i missed it on their website.

Splunk is expensive. Free version only supports up to 10gb of indexed data.

well my homelab is 63 devices

@last plaza Ender 3 on Amazon deal of the day for 182

Splunk will give you actual value in the job market atleast

Prometheus probably won't

@last dirge yes. That’s what I shared earlier.

It is not the pro. Pro is $199 at micro center.

I saw you share the pro from microcenter

@last dirge fricking Amazon, I want it at that price

I'm debating driving up the street to MicroCenter

https://discordapp.com/channels/330944238910963714/397426163649216512/729000613203148871

I don't really use my printer a whole lot

Still 299 here for the pro

but having the bigger print envelope would be nice for when I do

I don’t have the use for a 3D printer honestly.

it's pretty damn cool

I got a new broadcast spreader for the yard and their "agitator" was just an oversized cotter pin

I am sure it is like one of those tools - after you got it, you’d be wondering how you lived without it.

so I designed and printed this

Nice! I would have made that out of wood just as easily

ehhh

it's got a 2mm hole that has to line up with the shaft of the drive system

lol. I am hardcore on wood. 🤣

if i were to get into creating stuff, i'd really want to learn how to metalwork

welding and whatnot.

I can do that too 🙂

I sold all my welding gear before I moved

because metal is hard.

xD

I had a 140A Lincoln MIG setup

I want to get welding unit. Buddy of mine has one, and he is forcing me to get one.

don't buy a cheap one

Was looking at 140MP

if I ever get another one I'll probably be looking at a $1500+ price point

Still works with 110v, can be portable.

eh

Space is problem in the garage. Way too many tools

portable is all about how much you will pay for an extension cord 🙂

lol. I have so many projects in mind, not sure if I will ever get to all of them.

you could do what I do

thats the life of any tech

start about two dozen of them

And not finish any one of them?

that's the end of the checklist

lol

lolz yeah kind of

I'm still waiting on stuff from China to finish two projects

ordered it 12 weeks ago

@last plaza you are young, you'll get around to it

when you learn to build/fix things, you always try to find stuff to do to better your own life. or people throw it on you.

problem is time

I can only find a single source for this sprocket and it sells out within minutes of me getting the "hey this is back in stock" message

Wow! I am still waiting for stuff from Italy I ordered 4 months ago. My bike accessories

and then shit changes, and you have to learn all over again

I installed 2-stroke engine on my bicycle. It was fun!

I'm converting my mower to electric

got everything but the sprocket for the motor to use the #41 chain the mower uses

Got the kit for $120 on eBay. Super easy to install it and fun.

im finally getting around to configuring my UPS webcards

its torture because ive done so many

at work

Makes a lot of noise, and leaves smoky cloud behind you 🤣

Goes up to 38mph and gives 120 miles per gallon. Not bad 😀

doing an electric conversion i imagine wouldnt be that hard to do

Electric conversion is super easy as well.

rossman always talking about it on his youtube.

If you know it, you can even make your own battery pack

I'm hoping to finish a conversion for my dad tomorrow

Super easy

Electric?

Yeah

electric....what? bike?

car? recliner?

lawnmower?

xD

Guitar

ah cool beans my dude

Old bicycle that we had laying unused. Got one of those Chinese electric kits for it. Took a while to arrive as they ran out of stock in Europe

well i hope he enjoys it. the worst is when you put alot of time into a project like that and it just ends up in the garage

You are missing the “learning” part. That’s the most fun part.

Yeah building random things is fun

Either the e-bike or the Chinese carbon fiber bike I also built for him will end up in the garage

I've had a lot of fun/frustration learning how to manage a Linux server lol

You’ll do it in sleep next time.

Did someone say frustration? May I introduce you to Intel vPro, Outdated KVM Video Frame buffers that are not signed so UEFI fails and falls back to CSM, and The pile of shit MeshCommander is?

"WHY A KERNEL PANIC!?!" could be a nightmare.

xD

Fack you ASRock and your buggy af bios'

hmm wonderful. i have a asrock server board i was planning to swap out in my homelab

that sounds like fun

-_-

anything but

/s

I know but its pissed me off enough i had to say it anyways

for sure sounds like a pita

idk why I am playing with this thing

Im about to toss it

i'll take it xD

you dont want it

i am always that dude that has rando/weird computer issues

Im into one-off tech shit myself and quirky stuff but this isnt that...

so when i fix them up, they are typically bulletproof when im done

its...

A pile of terrible engineering

or in the trash

xD

This is why I dont wander out of supermicro builds

Debian appears to have been serving me well

Gotta be able to get it installed first

supermicro is very solid. but their memory compatibility is less than desired.

They have tight tolerances thats for sure

but dear god

once you get them running

But ive never had an issue with keeping to their certified list

they are like volkswagen diesel motors

nothing kills them

I have all of mine running diskless rn

ive got a c612 asrock dual socket board. seems to be doing alright

but i havent updated bios

and i dont have secureboot on it.

but that uefi issue sounds like a nasty one

Yeah its basically made this board useless for any secure applications

I was just fucking with it but im done

I got 58 1029P-N32R's (X11DPS-RE Boards) with Dual Xeon 8260's, 4TB Of RAM (Some 2 TB), And 4TB of DC Persistent Memory running in k8s cluster all netbooted.

I forgot how to pull from NVRAM for a moment there

holy moley, thats alot of boards.

Its giving me 2784 Cores, 5568 Threads, 216TB of RAM, and 232TB of Intel Optane DC Persistent Memory to play with

i mean i know folding at home can become an obsession.....lololololz xD #teamlinus

Despite being picky about its RAM, it allowed the processors to support 2TB instead of 1TB of ram each. I have like 6 or 7 I havent moved to 4TB RAM yet

what type of workloads do you put on them?

When I did some MDM work I was doing PB scale SQL Server processing. I also run some development projects for Machine Learning and such. Ofc I have my plex server, the home assistant, file servers, so on so forth personal services running on the cluster.

gotcha. that is one big homelab.

Costed more than the house

rofl

but I wont run out of processing power soon

if you did...you need to live at a serverfarm

xD

i mean you practically have a small one going on right now

most certainly. I do have some colocated things just for geo-replication and distribution

yeah i dont think i'll ever get to that point

while cool. dont think ill ever have that much money to invest in a server farm.

Its my career to deal with shit like this. Its already paid for itself at this point. You really need to stretch to justify it

THE DREADED STALL

Hey guys! I created a mega theme pack! There are 10 modern colors, totaling 40 themes!
And as an extra, it also teaches how to implement a theme selector in the interface using Node-RED.

Link: https://github.com/orickcorreia/ha-themes-pack-2.0

@modest valley the forums would be a better venue for things like this

The forum would be better for this tbh

Ha

Cool themes tho

@modest valley what about dark theme and Media Control Card when it media player is turned off

it's all grey then, hardcoded

@modest valley the forums would be a better venue for things like this
@wet pilot Ok... Thanks!

You'd get a lot more eyes and a better conversation there. Things don't live very long here

You'd get a lot more eyes and a better conversation there. Things don't live very long here
@wet pilot all right

?

?
@midnight adder I answered the wrong message! haha ha

Very cool!

@midnight adder If I got it right, I think it can be created.

doss, dole, nmbome

who likes dancing lol

@modest valley the forums would be a better venue for things like this
@wet pilot https://community.home-assistant.io/t/themes-pack-2-0-by-caulecriativo-com/209436 🙂

ü õ ä ö 😎

my jungle love OH WE OH WE OH

Awh yeah

I always wanted a fission reactor networking appliance

That also heats up my SFP+ connectors and breaks them because of some bug

fREEEEEEEEEkin trash

Cant even downgrade

https://community.ui.com/questions/UDM-Pro-issues-10G-modules-showing-very-low-speeds-Crazy-temperature-readings-/04d6ba31-df0a-4d9c-8f7f-5d4f01df78c5

lol @ 5 month old post

Heres some OC

5 months old, 5 months still a problem

Taken 2 hours ago @ exactly 4:20. The UDMP be blazing it up with me

JPEG_20200704_142028.png ಠ_ಠ

Blaze et

Looks like that was fixed in 1.6.5, so you'd only see that if you were not on the latest stable: https://community.ui.com/releases/UniFi-Dream-Machine-Firmware-1-6-5/f932ad24-4298-4fb7-9772-5b94b071f87b

the OOBE auto updates to latest stable, so either you're attempting to downgrade or just haven't upgraded in months

It was brand new out of the box

ran first upgrade

Latest everything

latest is 1.7.2

it doesn't stairstep

Ok then what does it upgrade to when you update it?

1.7.2

unless you're trying to force it back to an old firmware

Its been out of the box for a few hours

I havent even gotten that far

good luck with getting tech support involved from ubiquiti

xD

My version of tech support is: putting it back in its box

Shipping it back

thats the most common with ubiquiti lolz

https://community.ui.com/releases/UniFi-Dream-Machine-Firmware-1-7-2/0fc1565d-50e0-4474-a5f3-1017a6728f4d is the latest stable. i just set one of these up last week, the auto update in initial setup ended up on this version

"Fixed"

how many virgin children did you sacrifice?

pretty sure the udm-pros need at least 3

xD lololololz

lol

you're probably right

shit I only had 2

but in my case, 0

Ill just go snatch another

Throw them into the flaming ball of sun that this thing says it is

@mild tapir i thought you said that the only reason some ubiquiti equipment is sold as high as it is, is due to the community being cult-like. are you telling me you are apart of said cult?

At this point I love fucking with it

Have you ever fucked with something so bad it was so hilariously fun?

😂

My main network is Arista

ubnt has a nice interface i can say that much.

but the problems i have run into have been strange. typically with equipment just dying out of the blue with no indicators

Accelerated EOL

we dont venture into their network management products only wifi.

some of their wireless modules can be within operating temp range but die. that texas heat is no joke.

Usually I have to do something stupid to break it

This thing is so smart

It does the stupid for me

so sometimes outdoor equipment is not ready for outdoors lolz

Sometimes production equipment is just dev/test with consumers as QA

thats the same model most VMS systems follow!

Onssi comes to mind... xD

@obsidian geyser 👋

fancy seeing you here

lots of overlap in networking / homelab discords

yep

Even slack servers are the same

ikr

Quite a few people here in the Juniper slack

everyone keeps the same username

admin/admin

root:toor

lolololz xD

i really need to get more microsoft certs.

They are $15 a piece rn

on sale

im one of the few that can stomach microsoft.

^and this is why i should.

most net admins are like pfft, microsoft is a joke.

Weeeeeeeeeeeeeeeeeeeeelllllllllllllll

and to some degree they have good points

it doesnt scale well

especially to your focus rouing

xD

Microsoft literally cant scale. As much as they try

NT kernel whoop ass

nods

in the video surveillance world though, the only players in linux that i can think of is S2 net VR's

You mean like linux NVR's?

yes

https://shinobi.video/

OpenCV for Facial/Object Recog

opensource

https://hub.docker.com/r/shinobicctv/shinobi/ dokar

interesting its very young

started in 2016

https://www.bluecherrydvr.com/
https://zoneminder.com/
https://felenasoft.com/xeoma/en/

Thats about all of them

I prob missed like 1 or 2

https://www.ipconfigure.com/products/orchid yeah I did

blue cherry looks like it can only handle a max of 128 cameras

so thats worthless for majority of my clients.

ZoneMinder is quite old

shinobi doesnt look like it allows h.264 recording which has been a staple for video for like 10+ years

so thats out.

Wait what

Im using H.264

zoneminder "USE ANY CAMERA!" i highly doubt that.

it doesnt list it in the supported features

Yeah H.265 or H.264

nods maybe the website wasnt updated

Input Type: H.264 / H.265 / H.265+. yeah its all over the place

https://hub.shinobi.video/articles/view/w8azEAI2peYeNul All the way at the bottom they describe this

And Yeah ZoneMinder kinda does a MITM to use any IP or Coax Cam

https://shinobi.video/features

h264 not listed but yeah. thats a VERY good thing to have

so im glad they got that feature hammered in

Heh in fact

My H.264 Encoding is being done on CUVID

with nvidia gpus

nice

Shinobi is def young

Isnt all quite there

But for me its the fastest sprinter forward

the client appears to need some UI work from what i see

https://shinobi.video/docs/supported here it is!

List of Stream types

Xeoma looks decent

Only issue is that its russian software

Although they have been known to make some damn solid shit out of that country.

motioneye or blueiris and be done with it

Sure lemme just find a trash tier Windows OS VM to stick it on ohhhhhhhhhh wait

Milestone is good for under 8 cams

on Windows

milestone is solid

its free for under 8 cams lolz

their corporate stuff is very unforgiving. but it works well.

if i was doing a new install for a client, it'd be avigilon all the way

https://www.networkoptix.com/nx-witness/ I have my eyes on this even though its paid

xeoma needs to work on their compatibility

Someone was having fun

wow lots of red flags from marketing pops up when i saw the video

"one click instant updates"

https://www.youtube.com/watch?v=NcIYYUX-QCc

I like the UI. Thats for sure. Its simple.

and i for one dont like the idea of video going "cloud" but maybe im an old foggie on it

"Gun Detection"

huh

Oh the Nx Cloud?

i like to keep access to VMS to be within network

thats just like UniFi's Cloud Access system almost

It all runs local, but they have a Cloud UI you can sign into

yeah i know thats the direction everything is going

still doesnt mean i like it

webrtc ❤️

the UI is very clean though ill give ya that

i saw someone spreading FUD on the UI subreddit claiming that having cloud access enabled is a defacto backdoor into your network

its just annoying to hear consistently "our vms supports 90% of cameras out there"

you know why its so easy to do that?

ONVIF!

I mean you sign in.

Terms and Conditions Apply

even through the cloud portal you're still making a direct connection to your controller

even if you catch people that have unauthorized access, if they leak video content, damage is already done.

it's just brokered p2p

at least within network you can have some physical security.

pulls shotgun

^exactly

hands off my hard drives

ooooooooooo

that orchid VMS has ARM platforms

that might be cool.

ohrly

thats something to play with later

the client appears to be browser based

i know certain clients will get all pissy about that

Just wrap it in electron

and call it a day

/s

😄

i've heard of avigilon

is it linux based?

Yeah they are pretty big in the enterprise are. Owned by Motorola IIRC

hmmm

avigilon is full of bastards iirc

because they wont work with other VMS providers on their cameras

They give you appliances

they have self branded cameras

a lot of the AI stuff happens on the camera itself

I think they got server software too

yes they sell server software to work with their cameras.

but say you just dont like their interface

HDSM SmartCodec

and want to switch to another VMS

iirc they dont play nicely with say milestone

You are buying into an ecosystem

You know what you are getting into

or should

^

there should be flexibility

if ecosystems change.

to their credit

my city is covered in their cameras

They have started on the open interoperability initiative

So there be hope

maybe they will change their ways?

who knows.

never buy a product based on what it could be

For the cost of that eco system

I better see some serious demos

systems change and licensing changes

i can put say a sony camera on most VMS without issue

Welcome to Software as a Service

you can use onvif on it

saying a whole system outright should be pre-planned to the T is unrealistic. majority of the time you have leftover cameras from a previous system

Be hella gimping its full capabilities you paid a premium for

ideally yes, replace all the things

but this eco-system argument, naw. thats gonna be a no from me dawg.

I dont agree with it

Just the way it is

Its def not for you or I

but companies who dont have the time to sit around and design something like this

its a cost saver in the long run

looks at meraki cameras

yikes

or verkada

or rhombus

all dumb

um. thats another negative for that argument.

Those meraki cams get HOT

Like burn you hot

it is SOOO much easier to split the platform for ACS and VMS than it is to have everything be compatible in one central system

Anti-Vandal/Anti-Theft Feature! Torching the offender

parts availability, etc.

price also comes into that picture.

lol

i burned myself on a cloudkey the other day

turns out using the casing as a heatsink isn't fantastic

They pulled a macbook

but companies who dont have the time to sit around and design something like this
@mild tapir thats the problem. customers need to have existing cameras be functioning while ANY work is done.

Mine gets fairly hot af also

I might stick little heatsinks on it and give it googly eyes

a cloud key?

lolz nice

g2

yeah

ubqituiti cloud key a usb device iirc

you're using both a ck and a udm pro?

?

Nah I was switching between them to give the UDMP another shot

not usb on the ck

well you can power them via USB

I mean it HAS a usb

yeah

But

Power only

https://www.reddit.com/r/Ubiquiti/comments/9vil1y/unifi_cloud_key_gen2_plus_heat/

lolololz

there was a person in the UI discord a year ago who was using a ckg2+ as a print server

...

wait

what?

yep

Thats one expensive print server

https://jon.party/s/nF9Y5dHn96.png

can't make this shit up

i mean hey if it works shrugs

i mean, sure, until you try to update the firmware and it nukes everything you've done

^^^^^

lolz

treat appliances like appliances

Jfc

He thought he had a mini server there

he was also a self admitted drug addict

so uh

Not-a-NUC-Cloudkey

hey he needs his network monitored for his....transactions....

important BIZNESS!

I mean admitting it is the first step

Now........

Saying "hay guize, I snort meth and amps" on discord

probably not a good idea

since discord has proven they will leak any and all the things to authorities

You supposed to have a problem with that..... not be like "kewl shit brah"

he had a meltdown

Heh he aint worth the oil it would take to cook him

a fool and his money is easily parted with

i have no problems with the government being a thug patting him down for idiocy in this instance. js

Or its shoved under the mattress

but it probably wont happen

just wishful thinking

he ended up sending me a drunken rant (30+ messages) calling me a POS for banning him from the server (i didn't)

why you gotta be such a dick jon?

lol

😄

drunk or high?

or both?

prob both

ever seen someone on bathsalts?

he just assumed i did because i said once "i thought you were above begging for free gear"

because well

he was begging for free gear

lolz

and i thought he was above that

gib money to my drugaddict ass pls

Snorts a fat ass rail off desk

AHHHH YEEEEEEEEEEEAAAAAAA

i'm usually a pretty nice guy

Quiet

i'm going to go ahead and assume that was a typo

😂

😄

I mean ur kinda quiet

in comparison to the background noise

not be quiet rofl I just realized

that jon guy is such a quiet dick.

lolololz

Just wait until he starts humming pumped up kicks

haha

i will say the linux based VMS you listed have alot of analytics

like identification wise

Its easy to stack on top of too

foods time

coming soon for me as well

fiance is making turkeyburgers with bacon

proof of rant: https://jon.party/s/h5x2qVHkJY.png

and of course apple pie

#murrica

TIL jon is a quiet, tiny dick. 😄

yeah man

cuz u didnt give the drug addict free shit

man im sorry you had to deal with that cray cray

i hate that sort of drama

i'm a sucker for drama
but not when it involves me

Discord Mods: Volunteering for Bullshit

Foods done, eats time. bbl

i deal with a ton of bullshit

discord itself is bullshit

that just comes with the industry

and discord xD

yeah, tell me about it

i have to deal with my old boss next week as a coworker.

so yeah. thats going to suck major donkey balls.

Been a mod for years now, never had to deal that level of crap. Usually the person gets kicked out before he said the second line.

@ancient anchor that looks like a DM to you.

that was in PMs, but yeah

i just let him rant a bit to have enough data to send to the discord abuse team

usually we only ban people in the UI server for spam

Discord won’t do anything. Do they?

they didn't

lol

Of course!

we also ban for rule breaking, excessive lying, etc

despite being a server for 3 years, we only have 43 bans

Excessive lying? Ah, the discord lies! We see that here a lot. Most folks don’t realize or Can’t sniff out the BS from reality.

¯_(ツ)_/¯

not really worth getting into

I simply ignore. I guess it makes them feel good.

usually the right move

i finally got all of my switches in HA as of yesterday

the WAF is much higher here when things are consistent lol

Secret in keeping WAF score high is to read breaking changes thoroughly before upgrading.

laughs in unplanned downtime

now that i'm all caseta

switches > bulbs

https://jon.party/s/Qv8EUMlYMY.png need to get a few more pi zero w units

this makes all of the effort worth it though: https://jon.party/s/XJGCpdEFuv.png

hvac on -> tv vol up

Ha, I have a similar automation

my condo's hvac stuff is all inside my loft, the compressor is loud AF

to the point where it's almost impossible to have a normal conversation while it's on

Does anybody have any experience setting up some sort of http to mqtt gateway via docker? I found one, but I can't get it to work.

Anyone working for verisure here?

No and no. Happy 4th 🤣

@molten osprey Sorry for late response, What are you working with

@mild tapir https://github.com/MiGoller/docker-http-mqtt-bridge

can't get it to work

it has a total of 4 commits, the last 2 years ago ... so perhaps ... it wont 🙂

Whats handling the MQTT and whats handling the HTTP at the other end

I've not been able to send off HTTP requests yet, but I'd use curl or wget

MQTT is the Mosquitto add-on of Home Assistant

MQTT server, i should say

So the HTTP Server will be digesting the MQTT Messages into a format you intend to use curl/wget/nc to translate and ?Post? into that HTTP endpoint

Just checking I am right here

@molten osprey

No, I think what happens is I fire off an HTTP request, the contents of which gets parsed and an MQTT message then gets fired off.

Other way around

heh gotcha

Its basic at its core, it should work despite not being updated

So how do you have it currently setup in your environment?

And have you read this through? https://www.home-assistant.io/blog/2017/03/28/http-to-mqtt-bridge/

I have a mosquitto server running, and installed this docker container alongside it. I have no username or password for the MQTT server set up and accept both secure and unsecure connections (insecure?)

insecure, yes. Right the 2nd time. Ok. You got docker-compose running this?

i have not. but ... if i need to run it on heroku, then its a no-go for me anyway.

or are you running it right from the docker command

i am

can you paste the command for me?

obv anon it

    -p 5000:5000 \
    -e AUTH_KEY=912ec803b2ceXXXe4a541068d495ab575 \
    -e MQTT_HOST=mqtt://mqtt.lan:1883 \
    migoller/http-mqtt-bridge```

I've also tried mqtts and port 1884

https://pastebin.com/CPsUfizw

from the log

oof

thats an https lib fail

the open ssl libraries are not up to date in the root container that container uses

node:8-alpine AS build

yeah thats an old container alright

the source is even archived

and i dont even need ssl 🙂

booo!

You need to write the docker file, edit/update it, and build it

https://raw.githubusercontent.com/MiGoller/docker-http-mqtt-bridge/master/Dockerfile this thing here

yeah

maybe one day 😄

Just copy it into the server, docker build command it, then docker run it

FROM node:8-alpine could prob change to node:10-alpine thats still in support

if it was originally developed with v8, then why does it now no longer work?

docker build - < Dockerfile

the alpine container node 8 was built with is an old outdated SSL

My guess is the MQTT is trying TLS to see if it will work

but then why would it have worked in the past?

Im not sure the max TLS version that alpine container supports or how high (if tls 1.3 is supported with MQTT shipped with HA) but the newer protocol freaks out the server.

cant understand

You said its accepting secure and insecure

so itll default to secure

my server is

i think you tell the container to use secure or non-secure through the URL you define ... mqtt:// vs mqtts://

copy the docker file over, change the line from 8 to 10 then run docker build - < Dockerfile, docker run the command you used on that image

I will try at some point. I'm kind of sick of docker at the moment, i've been trying to get a samba container working for hours now 🙂

even better fork it and update it

yeah i'd do that

Samba v3?

https://hub.docker.com/r/dperson/samba

whats the client

macOS

You reallllllllly like the hard shit eh

how is that?

I've had this image working before, but forgot to document it 🙂

sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba -v /mnt:/volumemountImade -p \
            -u "root:toor" \
            -s "public;/volumemountImade;yes;no;yes;all;root;root"

hit IP of said host with root as user toor as pass

the -u are for samba users, not container/host users

check its example

sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba -p \
            -u "example1;badpass" \
            -u "example2;badpass" \
            -s "public;/share" \
            -s "users;/srv;no;no;no;example1,example2" \
            -s "example1 private share;/example1;no;no;no;example1" \
            -s "example2 private share;/example2;no;no;no;example2"```

it creates 2 users

yeah

and uses them in admin/user slot

its the user/login

it could be robdejonge:dockergivesmeaheadache

right, it can be anything. i was just responding to the root as thats a system-level account.

change root at the end to make you admin + write to readonly to that user

Ohhh

I used as example

the -v you use i've not tried though

First unix user to come to mind

because the example doesnt

but i guess i must, as ... how else 🙂

-v mounts a volume that passes through /mnt from the host to that folder in the container

hang on, let me give that a try

so you can have the stuff perm stored

in a folder or volume

yeah

to the end they show it

sudo docker run -it --name samba -p 139:139 -p 445:445 \ -v /path/to/directory:/mount \ -d dperson/samba -p

but there they dont declare a share 🙂

yeah bad documentation

which kind of defeats the purpose of running samba! 🙂

it was lazy example unfinished

anything you put in /mnt on the host should show up in that share and vice versa

Without a mount/volume after container is gone... your data would be gone

I figure any issue you will actually run into would be permissions

thats the next phase 😉

version: "2.1"
services:
  samba:
    image: dperson/samba:armv7hf
    container_name: samba
    environment:
      - TZ=Asia/Bangkok
      - USER=khunlob;password1
      - SHARE=Staging;/srv/Staging;yes;no;yes;khunlob
    volumes: 
      - /srv/Staging:/srv/Staging
    ports:
      - 139:139
      - 445:445
    restart: unless-stopped```

does not even create a share into smb.conf

Ah

I see your problem