#off-topic-tech

He's not gonna be ok... is he...

and this is why you don't immediately trust every plausible explanation on the internet
https://www.youtube.com/watch?v=kY2YeM5fNDw

@lucid flint safado

if sodium is a light metal, then Magneto should be able to move people around

my destruction powers strike again

this time i have broke task manager

everything is at 0 or not updating

and there she goes

I think i am going insane

Granger causality cannot look the same if I shift signals even by 1, right?
like... come on

i think i am going insane trying to understand what you have been talking about for the past few weeks

so at least i am keeping my progress consistently uncoherent. great

ok, insane question

is there a way to jankily double the bus width on a GPU

🤣

im going to go with no but i have no clue

average Finns should come to the US & become high paid professional drivers

anytime really. american drivers suck

you'd laugh at the amount of testing we do to get a license

oh definitely

in my part of the US people forget how to drive when it rains 🤣

i'm just glad i've never gotten a ticket or been in a wreck

yes 🤣

i can even drive stick

i have a fair bit of offroad experience, but had to stop cuz my back can't take it anymore

yeesh

tired is as bad as drunk

i had to drive a gas car a couple weeks ago & i had completely forgotten what it feels like 🤣

oh if we had decent mass transit here, i'd probably still have the car, but only because it's an EV. i'm good with never owning a petrol car ever again

🤣

sadly we're way too spread out here to make any kind of mass transit efficient or worth the tax money

digging equipment comes here to die 🤣

oh i'd love to see a TBM try here

we don't have dirt, it's half clay & half rocks

the big mountain range in california are the Sierra Nevadas

the rockies go from canada down to mexico tho, that's definitely the big one

of course we do why wouldent we

well thats when you get the snow blower out and get to work

what's a snow blower?

unless its frozen then you get a old fourtrax or something and send it across the top

a tractor with a spinny thingy that yeets the snow everywhere

the only snow shovels we have here are for shoveling bird shit off of rooftops 🤣

oh i know 🤣 but i'm in the phoenix area, which would shut down if a snowflake fell

fair

we have the opposite problems of everyone else 🤣

we aint stopping for no snow

i've experienced midwest snow, that's enough for a lifetime

we have our snowblowers ready year long

i do kinda like the russian approach of using MiG engines

i always laugh when people say it's so pretty here. it's all dead and brown

i mean its literally in the name phoenix's generally represent fire

then better get looking for that X

you might just find some treasure

just don't get caught driving in it

the bad ones you can't see across the street for ~20 minutes

we're the test location for those 🤣

waymo

for some reason they use Jaguars & Porsches

mostly flat, and hilariously straight roads everywhere

either that or they're Toyota vans

we also have those bicycle cart things where like 8 people get on & pedal while drinking

it'll hit 50

air temp

you can bake biscuits in a car if you park outside

central air is 100% required here

we're like a mini australia

temp differential is too much here for it

remote start for cars is really nice here so that you don't hop into a car that's 70 degrees

oh we have a lot of solar here

but we also have one of the biggest nuclear plants in the world

it's possible, just declared to be too expensive

not surprised cause temps reached 42C here up north last summer

crazy hot summer

but it was fun

what really pisses me off is that we could basically power the entire US with solar if policies would change. right now you can't just have rooftop solar as a "normal person" in arizona, it has to be tied into the grid & then you get a discount on your bill

you can't even tie rooftop solar to a local battery for outages

that and its also not really cost effective right?

a bit, mostly local though for tesla supercharging

cost has dropped a lot

still expensive tho

takes like 5-8 years to pay off

and plus arent solar pannel only 20% effecient or something

like only 20% of the heat is actually converted into energy

the old infrastructure is gonna be hard to get off of, and there's no middle step to do it

eh, most places have at least some of that

so long as it's paid for idc much

they're slowly working on tying it to the rest of the US grid

oh 100%

ngl tho as an american i like the UK power plug

the ground pin being coated & longer than the other 2 is brilliant

oh the fuse can fuck off

longer ground is great

i wish the US could do a double transition to a longer ground pin, plus going to 240V

🤣

yea, the cords can be really thin

US already has 240V, just not used much for the usual home gadgets

yea but i mean as primary, not just for EVs & appliances

i'd kinda like to see a split, where 12v gets put inside walls too for low-power things to replace chargers

true, but the whole US system with it's split phase transformer thing is kinda weird from any three phase country viewpoint

TC's rants are great

ooooooh what about mandating solar, tying it to an in-wall DC 12V system so you wouldn't need an inverter for it

usually everything has at least 3x400V/230V at 16A

typical 25A per phase

easier to use

local battery storage with a DC system tied to it would keep the efficiency high

12V DC is nice for very short connections or very low power

cable loss is an immense factor at 12V

what kind of distance?

figure a water heater with the typical 2300W at 12V...

190A

no difference between AC and DC here

HVDC is used because you have way less capacitor losses

maybe do solar into battery in the current/normal way, then have a transformer to drop it to 12v for distribution

12V is useless for distribution, you would need AWG 0 cables or bigger for this.

confuse it for water pipes 🤣

12V is okay for anything with low power

at least we're not japan with its batshit crazy 60hz/50hz split

i understand the history, but good god just vote to go with one

15kV 16,7Hz it is😉

germany, austria and the swiss share this

why not the dutch?

i like that central france "fuck all of you" section

London has (had?) 690V for some trams

modern trains can operate everywhere. well, as long as the rail width fits

Vectron❤️

but for me the Taurus will always have a special place in my heart

first search result

Steam is nice, but oh sooo much work to keep them up n running

had the pleasure to travel with some historical trains and talked a bit with the guys that maintained them

that one looks great 😃

skill can be learned if motivated and dedicated to keep something running, but yeah... who wants to do the work?

usually pensioners maintain and operate those things

when you like what you have grown up with 😉

i think its because steam is simply so much more impresive

i have no clue how steam developed so much sooner despite being so complex at a large scale

I see myself fixing PCs from the 1995-2015 area in 20 years

the first steam engines were horribly inefficient, but did work good enough for it to be worth investing further research

big boy? more like steaming speedy steel moloch😁

the big boy is about the only train i still care about

4468 Mallard is cool though

probably not enough space to get up to speed with more then the locomotive 😉

looking at the shinkansen I would imagine that the costs are a major issue

you talking about windscale?

oh, yeah. the best at what, lament the status quo?😁

as much as I like the technology behind trains I dislike travelling with a bunch of loud people...

Whee, new stable UEFI, need to go and actually install it, before Asus puts out another Test one.

That 2704 hit Test last sunday, and was still Test yesterday.

So during last Taiwan workday it got promoted to Stable.

let me guess the cable management is a big part of why its become a chore

i guess maintenece too depending on how much you want to keep your systems clean

Did someone say Vectron?

Vectron is popular here

https://youtu.be/pOC42oN-3Qw?si=veJ9C9PKvZ8-dvB7

I still love the 'melody'

Sound on 😁

"After a successful four-year run, Czech carrier RegioJet has made the strategic decision to discontinue its seasonal Prague-Croatia railway service."

they are a great piece of technology

I think it's the same model from the video

ÖBB, so should be 15kV

Damn... Memory Context Restore doesn't seem to work with Gear Down Mode off and 1T command rate.
Need to do some more checking to confirm, to see it isn't just that with 1T, the stability is too marginal for MCR to work.

Meanwhile Newag:
https://youtu.be/8OB2NqcSDXQ

Just realized the pun in the video title regarding Newag, took me some time 😅

No, just too marginal on the voltages I input at 6000MT/s.

Need to look into that more... and I don't want to!

9950X3D on ECO mode probably.

(Lowered max power)

But unless you do number crunching, no use getting any of the dual-CCD parts.

it shouldent?

my 13700K dosent kill performance and can do almost gigabit speeds no problem

Ok, MCR works fine with GDM off 1T, but RAM needed 1.40V VDD/VDIMM, and not just 1.35V.

So just stability margin on the training being so small that MCR didn't work.

Still here?
Just that external USB connected units have mostly replaced the internal cards, for those that want something better than MB integrated.

CX31993 USB-C adapter

Don't bother with sound cards, get a proper DAC.
It's the same shit with a different connection - and external DACs have seen more development than internal PCIe soundcards

Actually, what difference even is there between external DAC and external sound card?
Just marketing? Maybe some QOL features?
Actually curious

Same thing, different form factor.
DAC = Digital to Analog Converter.

Any sound card has to contain a DAC.

And if you want actual highend:
Shiit Modi (can also add Shiit Magni as an amp for hard to drive headphones)

So just marketing.
Someone wanted to differentiate from "sound cards" and then everyone jumped on the train.

Shiit has good shit indeed

I know both of those, just wondering if there's an actual differentiation between the two terms even if they're functionally similar/identical

If looked at very narrowly, DAC would be much more limited thing than Sound Card/Sound Adapter.

DAC is usually marketed as high(er) end stereo solution

Only doing pure conversion, without any amplification after etc.
And absolutely no modification etc.

While a sound card usually does more things than just a DAC, the term DAC also includes usecases that soundcards usually don't/can't handle - like video

Soundcard is more targeted at gamers

Yeah, should have clarified that on audio realm only.

The term soundcard comes from the time when audio DACs for PC use were sold as PCIe add-in boards

Audio interface is for the (home) studios and streamers that need mic pre amps

Because you bought a card that handled sound

Again just different term for same thing.

yeah, but I still see the term thrown at USB stuff from creative

Audio interfaces include an ADC and usually some form of control, maybe extra connectivity

I know the differences, but marketing has their own language

Quite a difference from a regular DAC

Because no-one is using the terms straight, and it is almost purely marketing.

Yes, usually the USB DAC sold things don't have inputs.
But some do, just crappier than the ones sold as Audio Interfaces.

Because creative became big with their internal PCIe soundcards - Soundblaster X was all the craze

my 8 bit Soundblaster was cool, way better then the buzzer😁

How can a DAC not have an input?
Or do you mean it doesn't act as an input to the connected device (PC, etc)?

DAC is an output, ADC is input

Cuz without the D there is no A to C to

when you make yourself feel old

DAC takes D as input from device and Cs it to A as output to equipment
ADC takes A as input from equipment and Cs it to D as output to device

Basically if something is sold as DAC, it shouldn't have any adjustments, even volume.
And no inputs.

Actually, let me rephrase, ADC takes all the farm, overextends, gets killed once and runs it down

When looking from the PCs perspective.

usually that's the way to go, but there are some who play live with their synths

Yeah, in an ideal world the PC should not get anything from the DAC except the info that it's there

PC outputs digital stuff to DAC, that converts it as is to analog and outputs that as voltage signal.
Amplification to line level would probably still fit.

If needed, probably not.

oh, there are quite a bunch of performers who work without a DAW

If the "DAC" has op-amps on it, it isn't a DAC anymore.
As the Op-Amps are as the name says, operational amplifiers.

There's a lot of variance.
Some use an actual DJ set with turntables and records that they mix/master against each other live on stage, others spend hours in preparation for creating remixes/mashups/transitions/etc and then there are those that just put on a Spotify playlist

My neighbors listen to good music.
-# whether they want to or not

But that battle was lost many years ago when that "DAC" term was commandeered by marketers for external analog audio output devices.

tbf tho, a well-crafted playlist can go a long way.
If the songs naturally blend into each other, their mere selection already does a lot of heavy lifting

Sound Card is just power source, control chip, bunch of op-amps, DACs and ADCs and output and input connectors, on internal extension card form factor.
And when you move that to be external thing, you get DACs, Audio Interfaces, External sound cards etc. as marketing names.

Depending on which part you want to emphasize.

It's also a matter of expectation.
When I'm at a friend's birthday party, a good Spotify is already more than enough.
When I have tickets to a Lost Frequencies live show, I'm expecting a much higher level of skill and effort

It's actually incredible how much of an improvement that simple $10 CX31993 USB-C DAC brought compared to the onboard chip - tho I've noticed that the most on a borrowed pair of DT880s

have a look at 'look mum no computer' on YT, he does some wacky stuff with modular and other stuff like a furby organ or Gameboy orchestra

Dirt cheap, simple USB-C to 3.5mm DAC, just the included USB-A adapters were shit

Seen him on Maker's Secret Santa. I'm not really into the audio/modular stuff, but I like his wacky stuff

Might be higher amperage or voltage output to the headphones, making the driving more accurate.
Might be the interference caused by rest of the system on the low voltage signals between the DAC and op-amp on the MB integrated solution.
Might be interference from the long runs between the op-amps and the actual connection plugs.
Might be better op-amps etc. used.

All are usually crap on MB integrated, even when they would not need to be.

Same for phone jacks I presume?

Yes.

But yeah, nowhere near a Modi, still one hell of a tool to have

Placebo

And placebo effect that despite there being no actual difference, the expectation of a difference still makes you experience one

you know your onboard is crap when you can hear it when you scroll a website😁

And idk what I'd call it when people just want to avoid buyer's remorse so they'll convince themselves that the overpriced crap they bought is actually good

Some form of confirmation bias maybe?

So normally the MB sound chip lives on the lower left corner.
And in this case there are no op-amps at all, the outputs use the chips own driving, so headphone use will be absolute crap.
And the filter capacitors that are supposed to filter the very EMI filled normal MB power for the sound chip are pretty minimal...

And then the audio output is either via the MB panel, way up.
Or on the front panel, via the header on bottom.
And then the unknown quality case wiring etc.

i suspect that only boutique stuff will be any thing different besides green, brown, or black

it's probably the cheapest

This board has two separate MOSFETs, and those 6-legged chips at the bottom might be op-amps.
But if they are, way away from the chip.
And it might just be using those MOSFETs as the headphone amplifier, instead of proper op-amps.
(ASUS ProArt Z890-CREATOR WIFI)

i'm personally waiting for translucent PCBs that we can RGB

i don't even know if it's chemically possible

clear PCB that could allow lighting to pass thru it?

yea but what a pain in the ass to cut out & fit around all the SMCs

B650 LiveMixer, Z790 LiveMixer

Only type letters, only use wasd, nothing else

Can't wrap my head around it either

i still love having a numpad

Oh and secondary layer

Number row

Numpad is dope for macros

Never used by most ANSI-US users

nope

hyper 7

$500

I only use numpad for large amounts of purely numeric entry.
But still wouldn't get a keyboard without it.

(keycaps separate)

mechboards.co.uk/products/hyper-7-v4?variant=41911394926797

i could see it being useful in so many places

machinery control

for that price it better be fucking nice 🤣

plus another solid $100 for keycaps

i'd like to see modular attachments become a standard on keyboards

would love a left side panel

Anyways.
Still need to check if tRAS and tRC will work lower.
IIRC had some problems with tRC below that "normal minimum in sane usage" value.

And see about IF/FCLK.

🤣

But I need to run now some testing to see that the current set it stable.
Testing like Y-Cruncher, Memtest, Satisfactory, Prime95, etc.

someone should build a standard stress test in SF for tech youtubers

Why...

i mean, who's their competition 🤣

Very small sales numbers raising the price, which lowers the sales numbers again, raising the price.
In a loop.
When that thing has lot of custom plastic parts which have very high setup costs to manufacture.

Ah, steel case, not plastic.
But again high setup costs for small runs.

so the handle is very real

i do miss the days of chunky electronics

sadly no

still on win10

yea but they're gonna nuke it this year

there is no real actual difference

not just ending support, but making Office365 incompatible with it sucks

windows 11 is basically windows 10.1

wdym ?

what kind of issues ?

yea, i grabbed PowerToys to grab some of the win11 functionality

I know about the bloatshit ones

but system is basically same

I dont have that issue

yea i'll be stripping win11 down when i get it

ngl I fucking slice windows down before even actually installing it

then 10 and 11 are basically same but with latest updates

10 not stripped to hell is a bug fuck

11 is too

but for me it's not going from 20 to 50
but from 1200 to 1500
not so huge of a difference once you strip it the hell down

dont use ms account for pc wide

that's always calling for shit

I know microsoft done a great job mixing the two

but having an ms account registered for apps, is not the same as registering it for pc wide

2 button to click, one is wrong one is okish

https://www.intel.com/content/www/us/en/download/15084/intel-ethernet-adapter-complete-driver-pack.html?wapkw=complete

Point was that recent LAN adapters aren't supported in Win11 installers, and for long time it didn't give option to load drivers when it wanted internet connectivity.

So it wanted you to connect to Internet, but didn't allow you to load drivers for your LAN.

hm

just dont

24H2 finally IIRC added that functionality.

the trick is to load it at disk driver discovery step

you can load any driver there

it will keep it later

technically not easy, I simply got used to it, and worked out a whole fucking meticulous procedure for it

I dont hate microsoft for no reasons

I keep saying it's shit

I simply dont agree with 11 being significantly more shit than 10

I'm like

first time ?

gif are disallowed ?

sorry I dont know "mych" what does that mean ?

the ifi go link from my friend is a nice USB to 3,5mm headamp

wow, how was my massage delivered just now and not when I sent it? maybe mobile network problems?

the funny part is when you start getting the insights
it's pretty much like what grey market is
you gotta have the bounds with the right people to work around the stuffs

for instance, intel support on windows "client" is none

it wont install drivers

but you can go grab them manually and load the windows server 2025 drivers cores on the windows 11

it's like, "officially it's not supported" but if you hit the right doors you know

it's also made to work by the people actually making the stuff

no I meant the official relationship and marketing relationship from intel microsoft etc.. are clown

behind the scene you can actually load it, the back door is opened for some "reasons"

the reasons being it must actually work, even though officially everything is made to save the juicy shady corporate contracts

this is basically obscurity

no this is much more silly than that

it's actual sabotage for instance when win10 get eol

but to make it simple : in the end, intel and microsoft engineers need a working computer
so the working set actually exist

it's all marketing bullshit and obscurity

https://www.youtube.com/watch?v=i0IRYjPNzxs
at least there's accurately-looking map of seismo sensors

btw...
the presenter on that vid i mentioned claims results of https://en.wikipedia.org/wiki/Kola_Superdeep_Borehole to be an argument against plate tectonics predictions and in support of Hydridic Earth model

wut?!

Why

pwetty

you see
results are presented and interpreted withtin plate tectonics
in my understanding, this creates bias

Well, that's how science works.
New data is compared to the current best models: if it fits it's seen as confirmation, if it doesn't fit there needs to be further research to figure out how to adjust the model

Also, do you even have a comprehensive and easy to understand explanation of how the hydridic earth model even works?
It's impossible to have an educated discussion without a common ground to start from

Good, because I don't want to.

LOL

i knew it

So bursts to 150% of normal power.

under 200%, yes ( ATX 3.0 and 3.1 standard)

Older PSU's might struggle I read. (ATX 2.51)

I disagree on the 'best models' part since there's still a huge influence of authority, funding and media on what becames talked about and compared to.

Okay, and? You're just regurgitating conspiracy talking points.
Sure, science is flawed, everybody knows that. It's still the best system we have to make sense of the world.
You have a better model for a given field? Present it, show how it's better, make it known, make it accessible.
You may not have immediate success but sooner or later people will pick up.
Alternatively, your theory may have more holes than it attempts to close (example: expanding earth violating the laws of thermodynamics and being incapable of explaining sea fossils on land)

https://en.wikipedia.org/wiki/German_Continental_Deep_Drilling_Programme

what the fuack?

fueakc*

sorry hard to type

[intentionall typo]

this is not a typo
this is not a fuck

looks like it's going to be another night with time series...
So, i'm tinkering with various statistical tools for correlation
I have a random signal, the testing combination of 2 sine waves, and distorted version of it.
what bothers me is that both of them show up on cross-correlation, and Granger just doesn't behave when I change lag

might as well ask here too: anyone know any good terminals for mac? I'm switching to one for work. I do love Konsole from KDE so a similar design option to this would be great.
A SSH manager would be so great since I do switch from server to server a lot
it also assigns a random color to each window which makes it great for having a lot of terminals open
especially when you don't want to accidentally rm -fr /* on prod

tabby.sh/about/features

SSH and the kitchen sink
A built-in SSH client with profiles, SFTP, key management, jump hosts, X11 and the rest.

Split tabs
Freely rearrangeable split panes which you can also save as a profile.

looks nice 😄 I'll give it a try. Will get my new mac on tuesday

Tabby (formerly Terminus)
ah yeah I know them

i like orange cats

is that you maxeek?

Oh shit it's spreading

You get a new Mac

I’m jelly

Did the company pay for it?

upgrade to the fucking latitudes

yeah ofc it's theirs

Ok, yeah. Would 100% do the same 🤣 Upgrade everything I need.

im just going to leave this here to brew

but I am still root 😄

The best of the best.

It can be annoying to work on locked down machines.

yeah being IT is great

I had to ask permission to get access to certain repositories.

first step to working on something locked down is ask to be able to unlock it

if the answer is no do it anyway or refuse service

Yeah, not doing that again. Just not efficient.

they sadly pay you to not refuse service you know

bro tbh, I'm really happy everyones machine is restricted to shit

you can't even comprehend what people do

I understand it from your perspective.

But from developers perspective, it's different.

I'm not saying I already experienced the worst already, because next week I swear someone is gonna try some shit and fuck over everyone again

I'd forbid them using a keyboard if I could

system runtime of multiple weeks on a fat client, I've seen Windows do the weirdest shit because of that

if you need permission for example, to update your frameworks (java, python, typescript, angular, whatever)... it's just not efficient. Or to even install them. It really depends on how the machine is locked down. And what the purpose is of the machine (office work, developement etc)

To me, it's a balance between security (which I 100% understand in a company) and beeing able to do my work efficient.

yeah but then they install the bitcoin-miner-email-scanner-AI-9000

Haha, there are those too. But not everyone is like that.

I'd rather not take chances

yeah

I don't know. I hated it and like I said, it was inefficient.

even some devs (WHER YOU USUALLY EXPECT BETTER) tend to make the most batshit insane decisions

Working on unlocked machines is way better.

yeah but then your company doesn't fulfill certain standard and you won't get certain certificates

people that think they know but don't are far worse than gullible users

apart from it just being dumfuck insecure

well, you mean your unlocked machine is dumfuck insecure too then?

nope

because I actually know what I'm doing

my machine is quite insecure, yeah - if I ever fuck up, everything's fucked

I just don't fuck up that easily is the thing

just don't fuck up lol

🧠

it's easy to do when you mainly work with servers, because you barely do anything on your machine anyways

For example, I would never log into public networks on a machine that isn't secure and has company value.

only thing I do locally is spin up some test VMs/containers and change some /etc/hosts entries for testing

I didn't mind the ones that had a VPN. I like that.

you are way too far man

we're talking plugging random USBs you found into it

that's just stupid?

we're talking running random scrips they found on some github

ok, yeah. Fuck all that 😄

welcome to IT

fucking welcome

and I can't even say only 1% is dumb like that

because we're in the double digits

we're talking "job application" email attachments

I think your company needs education on security and not doing dumb shit.

we do

and even if that were the case - you only need 100 employees to expect at least one fuckup to happen

everyone does

or atleast the people who fuck up need to get special class or something.

they do.

Because double digits doesn't sound good.

that can only go so far. technological and organisational restrictions are far far more effective than education

I agree. But all 3 are even* more effective.

And then they're a sales person that makes 25% of the companies money and you can't do shit

because people will not understand it or ignore it or forget about, etc

I know. But still, you have to try at that point.

restriction and raising awereness to not plug in random usb sticks.

still means you won't get an unlocked machine

almost every company does at least a yearly infosec course

that's just what I want. It's fine that it's your company policy. I just wont work for such companies.

and most important of all: a no-shame culture. the only thing worse than an employee getting hacked is that employee not telling you about it

just know that companies that do give you a fully unlocked device, do have a really incompetent infosec/IT team

because that's really really not a good sign

either that or it's a super high risk environment - in the sense that whatever hazard there can be, they just gamble on it not happening

and if they're that negligent on infosec, one should wonder about their data protection standards or their workplace safety protocols

Or, it's just a small company 😉

after all, they got an employee file about you somewhere, you wouldn't want people to access that data, would you?

Building websites for example.

And just selling them. Hosting not our concern.

as I said, high risk environment. but instead of gambling on the risk, they just can't afford protection

10 men companies don't even have a info sec team.

then it's usually the head of the company that'll be held responsible for any infosec fuckups

same for data protection

I do agree in general, there is just some nuance to it.

liability nightmare

what data protection?

You don't host the website/data.

You just sell websites.

customer info
employment info
financial info

the main reason why you're safe in a small website making company isn't for any actual safety measures, it's simply because the company isn't as attractive of a target as other companies

True.

Like I said, nuance.

...

imo there is very little nuance

you too are taking a risk, just like the company

0-trust means 0-trust

coming from two people with unlocked machines I assume.

https://tenor.com/view/hmm-suspect-gif-22611582

I did work ~2 years with a locked down thin client when I was in health insurance

I know how it feels, but I also know why it's absolutely necessary

my work laptop is a thin client, can't do shit on it without the password that's only in my brain

and even if you got your hands on it, you only have so much time until the next internet access bricks it

yeah our windows clients are also locked down. I needed to use a script to disable all our hardening to be able to even enter an admin PW

and those were the IT admin devices

mine isn't even Windows

yeah I'm on linux too lmao

next week on mac

fuck windows for server work

I'm ditching linux because we use MS accs

and teams is a nightmare

Teams is a nightmare

My job requires me to use it but I also have to work on my personal devices and I refuse to install teams

So I use the web version

And still want to cry

voluntarily?

CTRL-SHIFT-ALT-WINDOWS to the rescue

yuuppp

i'd need a paycheck before doing that

tl;dr
windows sucks like in general and even more if you do server admin
linux sucks because we use microsoft products and have compliance policies which (again) microsoft sucks at and can't do correctly on linux
so what other choice is there?

I understand it.

If the job requires it, you use what you must.

and the os of Mac isn't that bad.

And I already use a macbook privately so I know the workflow

I think my Windows is break
Some time ago it's windows key wouldn't do shit and search wouldn't pop up.
Now settings app permanently took over the focus...

https://www.youtube.com/watch?v=B_fGlVqKs1k

recommendation to only use it when base frame rate is 80

watch as nvidia makes some new super path tracing shit that runs at 20fps, multi frame gen to 80

this is also what most people without 5090s will be doing

garbage

pure trash

While most people hate when their packages are late, I am one of the few who actually love it. Reason? This:

I should keep buying products from Amazon where I know the specific courier who is going to deliver late package so I can keep claiming refunds

I hope Amazon doesn't ban me since it's not customer's fault if the courier keeps missing delivery deadlines according to Amazon ToS

i think it would be fine at 60fps

HUB Tim always has high standards

it looked like COMPLETE AND UTTER GARBAGE going from 30 to 120.......imagine what 20 to 80 would look like

they're gonna do it, mark my words

the next black myth wukong big dick path tracing game

or worse; people with a 5060 will use it on their 120Hz monitors for most games

or even 60Hz

that's what it will be used for most of the time

not 240Hz singleplayer games by a 5090 owner

Anyone ever heard of ecosia?

it's a search engine that plants trees.

I noticed it's a default in firefox.

i dont think it will matter in the grand scheme of things

Also interesting that firefox makes it a default 🙂

Probably to spread awereness for people like me, who think "wtf is Ecosia" and investigate it.

Even has "AI" chat

the fu

"yeah we're an eco friendly search engine! now use the fossil fuel powered AI"

you remember when words, like... meant something

If it's free you're the product.

Meta wants to own 1.3 million GPU's this year for AI.

📈

The AI bubble have to burst soon...

1.3!

it will, but nvidia will have made their money by then

nvidia already made their money.

yis, but still some billions to make!

And, yes I know this. I just found out about Ecosia. Found it a interesting angle they had and wanted to share 😊

Interesting as in; I've never seen a search engine trying to be ecological 🤣

and they'll just tell tsmc "yeah no more orders, we'll still buy what we're contracted to, but after that we're good" then sit on the unsold stock to maintain scarcity and value

I went AMD for a reason.

AMD will do exactly the same thing, they're also on the AI shit

Apple assigned Kim Vorrath as head of AI today or yesterday I think? Because they struggle.

So, companies are still going 100% for AI. Bubble isn't burst.

not yet, but I'm gonna put every popcorn company out of business when it does

So i bought 2 new fans, 120mm, i have 1 old fan, 90mm, and connected them to a arctic hub, connected the arctic hub to the sys_fan1 in the motherboard and they are SO, LOUD!

Should I do it like this in the msi motherboard settings?

yeah that should do it

Set it up, nothing really happened (?), the fans are still loud af

You need to switch that fan type selection on left from PWM to DC, if your fans only have 3 pins.

And you don't even seem to have any fans connected to the System 1 and 2 headers.
Only the CPU one.

So which exact Arctic fan hub?

Because at least the 10 fan one (which is only one currenctly listed), only works with PWM fans with 4 pins.

Everything else will just run 100% all the time.

@cedar lance So with 2 and 3 pin fans, the speed control is by varying the voltage by external control.
With 4-pin PWM fans, the control is done on the fan itself by pulse width modulation signal on that fourth pin.

That Arctic 10-fan HUB doesn't pass motherboards DC control onwards, only that PWM control signal.
So any 2/3-pin fans behind it will run at 100%.
Same if motherboard wouldn't provide that PWM control signal, then even PWM fans would always run at 100%.

Text is on Serbian btw, it has 4 pin connectors, but the fans have 5.

Yeah, that is the one that only works for PWM fans, not DC fans.

And I really don't believe you having 5-pin case fans.

So did i fuck up or?

Should be 3 (DC) or 4 (PWM)

My fans are 3 pin, and the hub has a 4 pin connector..

Yeah, so you have DC fans, and that fan hub is only usable for PWM fans (4-pin), if you want speed control.

3-pin DC fans connected to that hub will always run at 100% speed.

Oh noo so what do i do?

Thats the only hub that there is, no other options

Need to connect the fans direct to motherboard.
With y-splitter cables if needed.

Yes but i have 1 rear exaust and 2 front intakes, the mobo has 2 connectors only, so idk what to do other than to return the hub?

Also where do you get the y splitter cables then?

There are others in the world, but most don't do DC fan control splitting either.
Just cables direct to MB is usually the best option.
You can split one MB header to usually at least 3 fans each with just passive cables.

Same place you got the HUB from, or any fan extension cables etc.

Should be 3-5e each or so.

I ordered the hub off a website tho (Gigatron, the only tech store, there might be others that are also trustable)

3 or 4 pin ones both are ok.

So something like this (1 to 2, 4-pin splitter)

Mhm, but i have no idea where to get them tho

I don't know the language, I cannot search for you.
You have to try to translate that pc fan splitter / y-cable to local language and search?

Ill try but they sometimes dont have even the simplest of items but for a TECH store they have baby stuff 😭

Anyone really good with Gpu's

Cause like
My gpu liked to Shutdown when i play roblox for 0 reason
But every other game i play even satisfactory, never have that issue

So what happens?

Black screen, computer on until manually shut down?
Black screen, computer turns off or reboots after a time?
Blue screen of death?
Computer automatically reboots without black screen wait?
Computer automatically turns off without black screen wait?
Something else?

Ask magicz

He's good with gpus

Computer just goes black and i have to manually turn it off

Like its only roblox that gives me the issue lol
Like ik its roblox but still

Try removing GPU drivers with DDU and reinstalling them after.
https://www.wagnardsoft.com/content/Download-Display-Driver-Uninstaller-DDU-18090

Cant i just presses reinstall on nvidia app

No.
That does almost nothing.

Even the Clean Install toggle in Nvidia manual driver installer does almost nothing.

I will do it later tonight,
Im gaming with some friends rn

i still dont understand...why roblox though

No idea, but that type of issue points to GPU drivers or the GPU itself as issue.
And first thing to try is to get full cleanup and reinstall of the drivers to see if that helps or not.

Do you have multiple monitors by chance?

Only 2 and have made sure they are supported

do you use suround for anything

And shouldn't have anything to do with something like this, even more so if both are going black.

because if so its the entire problem

suround has been absolutely windows corrupting as of 24H2 or whatever the hell were on

I dont use suro7nd

it has bricked my pc like 3 times

one of the times it even starting yelling morse code at me

That you have issues isn't anything weird.
Cannot find any mention that Nvidia Surround would have broken in general in Win11 24H2.

I have win10

Yeah, but point was that MagicZ has unique issues all the time.

And this was very bad joke to make to someone who isn't regular.

I'm pretty sure magic would recuse himself

Should i even turn on the game boost feature?

No.
Don't.

But I might need to try to do physical shorting test for ECC error reporting tomorrow...
To see if ECC reporting is actually working or not.

Kk, also, i just replugged the 90mm and 1 120mm fans into the motherboard, disconnected the hub from the mobo, left one fan unplugged, temps are fine, could be better, and im gonna buy new pwm fans tommrw probably

Poking an empty RAM slot with needle while the system is running to short right pins together...
Something I would like to skip.

baldur

what the fuck are you doing

Fortunately any two neighboring pins between pins 130-142 will work, when one side ends at 144, and the two last pins are unconnected.

Trying to get reported ECC error from RAM.

there must be better ways

When software methods don't work even with Disable Error Injection set to False.

why do you even want an ECC error

Not really, basically shorting data line to neighboring ground line so it always reads one way.

To see if the error reporting is working or not.

just... believe. Not even a company is doing that

There are special test devices for that.
And in server systems that error injection is working when set to be usable, to intentionally write bad data.

And that is how I was able to test that the ECC is working on the ASRock Rack X570 MB.

It did report any software injected errors back.

So would just need to short any neighboring two of those pins together.
(This specifically only for one specific MB, with DDR5, as key location isn't visible)

And the two at the bottom are non-connected, so not dangerous to touch.

And the lowest 10 on other side are good too.

Sorry, only 283-287, with last 288 being another non-connected one.

Well, seems I would need to run some Linux Live with RASDaemon on it to see.
Either MemTest86 Pro 11.1 doesn't actually support reading of AM5 ECC RAM errors, or the error reporting isn't working on the MB.
Caused several uncorrectable errors by going too far up, contacting two separate data lines to ground, causing computer to reboot immediately.
Which again is the wrong thing for it to do, but that cannot be disabled on AMD consumer platforms.
Should inform OS and cause that to panic and stop everything.

Now to bed, set the computer to run Memtest with ECC disabled for the night.

RASDaemon has been demonstrated to be able to read ECC RAM error reports on AM5 on MBs where it actually works.
MemTest86 hasn't and the theoretical support was coded before any MB AM5 had working ECC RAM support yet.

Bro

Just ditch windows

If you don't play riot games games or destiny you'll be fine

Try ubuntu, its esay to learn anf after half a year you'll know enough to pick your actual distribution

Windows is fucked. It's too late to try and fix it

It would be funny, if it's not windows fault. But just a crappy scanner

Is it a well known brand of scanner?

We're so close to Microsoft inventing their own file system that is only usable on windows

like, you read it on microsoft blog? Or your gut feeling?

Gut feeling

They're getting really really selfish the last few months

all big tech are in my opinion.

It was always bad, but sonce recall they made one bad decision after another

Yeah recall was really one I couldn't comprehend wtf they were thinking.

Either they wanted the bad PR, because it's still PR. Or they are really stupid. Or they dropped the ball. Or they just don't give a rat ass about QA. I don't know what happened.

but the backlash could have been prevented by just handling the recall feature smarter.

for example; before putting it in a preview build or whatever, check with cyber security teams for feedback.

Or maybe that was their plan, just release it in preview build, and let the QA be done by others on the internet for free.

Because apple OS does shit better than windows OS.

👆 And for all the apple haters out there, I said OS. Not mentioning Apple hardware being overpriced.

thats what ntfs was, linux just reverse engineered it for the ntfs driver (which is a bit jank due to ntfs being bad anyways)

I never consider it evil. The dumbest shit they did was making everything compatible for iOS and OS. So one code to rule them all. Now we get fucking app looking things on our macbooks. Like the settings.

Same reason they axed iTunes for music.app. One code for both iOS and OS I believe.

apple is going to enable AI by default though. In a few months.

not for EU (unless it changed).

iOS 18.3 en macOS 15.3 will have standard AI enabled.

So opt-out instead of opt-in 🤮

omg, I didn't know they called it "Apple Intelligence"

Haha, actually that shuts everyone up who says: "It's not AI, it's ML/LLM" 🤣

I don't know. I know my phone would explode with AI.

So I don't want it.

those still didn't arrive? I send some last year.

Anyways. Give linux. A try. No better time than now

herg turned into a linux preacher.

I have some doubts maxeek will install linux to get a scanner to work.

oh btw herg, this popped in my feed a few days ago, you might find it interesting:
https://www.youtube.com/watch?v=IXBC85SGC0Q

I'm not that deep into it. I just fucking despise windows at this point

Me neither, but still found the video interesting.

break the chains

be free

invest effort in something that makes you happy

into something that.. maxeesks you happy

then a week learning that basics of linux isn't that bad is it?

you do know there is a small security risk with linux right?

smaller than windows

almost neglectible, but it's still there.

windows seems to have an insane 0day every week

Oh right, it was the University of Minnesota that* got banned

linux:
yeah so rsync is able to be used to access files outside of its scope (you need to be able to access the system with it in the first place)

windows:
you can get an admin account by sending an email

linux:
developers can push in sus code.

can is carrying a lot of weight there buddy

90% of the internet is running on linux server but still windows has the most exploits by far

first, I know only of one incident, and that is the University of Minnesota being banned. So I know it's nothing major.
Second, that doesn't mean it cannot happen, that's why I said it can happen.

Quishi Wu and Kangjie Lu at the Universe of Minnesota decided to submit buggy patches of the Linux Kernel and see what happened. To their credit they ensured that none of these would actually end up in Linux by having a system in place to fix or remove the patch if it was accepted. When they tried it none of the patches were rejected for introducing dangerous bugs, more on that in a bit.

1. Linux 2. Mac. 3.Windows when it comes to least* exploits?

But it's hard to measure since only 1% or something uses Linux.

Trying to google for data that has an overview of operating systems and breaches. In total. Servers and normal computers.

Ms can too, and there's nobody to notice until it's a problem 🤷‍♂️

chances are lower than open source (is my gut feeling)

Microsoft as a company hires developers, they interview them etc. There is a whole process. And then you have all the regulations and goverment bodies keeping an eye on you.

and in both cases, chances are very low and almost non existing because of the systems that are in place.

I like to know Linux use is under reported and even then it's few percent at least

btw Windows made offline install update packages more complicated by making security update report error 404 on normal update channels

So you have to manually download them
but then people think they have to runtime install them
.. but actually not at all
simply slap it in offline update patch cache and it gets detected

My main issue with "usage reporting" is yeah maybe 10000 people are using windows amd only 10 Linux, but of those 10 Linux, 5 are servers at least 8000 Windows users are connecting to

out played

That's what I am not sure about?

Most of these answers don't mention servers.

i did and im not swaping

yeah because linux overclocking is harder

prohibits you from breaking shit

i broke it before even reaching the desktop

since i dont have a password setup terminal is softlocked

where is the other ~30%??

macos server???

Not sure. When i click on the link I get this:

tbh I'd rather have 100 unsafe clients than 1 unsafe server

depends on the traffic on the servers and the data I guess

nah

not depending on anything,

karls homelab hosted blog better be secure

🤣

add crowdsec or something similar to anything explosed in your homelab. You'll be surprised how many people are probing your shit

I know ...

that's why I don't want to expose my NAS.

that's why you set up a reverse proxy (traefik) with crowdsec

And also use a VPN for your nas

Just buy a raspi man

mhm not bad idea

have to look a bit more into how crowdsec works.

crowdsec is pretty sick. Public IP blocklist + WAF

I need more servers maxeek

please give me more rackmount cases

I am just trying to figure out how to set it up on my syn if possible.

you don't

you will need 2 extra servers

you can set it up in docker

one for running traefik + crowdsec middleware and one runnig crowdsec

use seperate hosts

trust me

at least spin up a proxmox

docs.crowdsec.net/u/getting_started/installation/docker/

was more looking intot hat

yeah run it in docker

on its own host

excrypt communication to the traefik middleware

TLS

go hard or go home

in the trash

we're spinning up servers like nobodies business

we have 3 raspies, 2 servers, 1 nas
we have 16 VMs

we don't fuck around maxeek

you have your windows firewall

we have 2 firewalls, 1 DMZ, 3 web application firewalls

every transaction you send is checked, tls inspected and encrypted

you want secure, our name is secure

we have infrastructure you couldn't even dream of. We're redundant. Our Postgres is running in docker swarm, accessing redundant NAS'. We have 4 nginx running behind 2 traefik instances

You cannot keep up with us

we will end you

But i have the power of friendship!

So Nvidia got rid of hotspot temp reporting on rtx 50 series.

There's gotta be something up there then

if you start playing thick of it and talk tuah on loud speakers it will lower the hotspot temps by 80c (as long as you eat lunchly with it as well)
(me at my lowest shitpost level)

Desktop PC is dead. Looks like I'll be doing an unplanned PC upgrade.

fun

just in time to go for the 9950X3D & 5090 combo!

would not call that suffering but ok

beats a 4790k

not anymore

i had a 6700, not far off from it tho

i'm still glad that even 3dvcache CPUs don't really suck down intel levels of power

iirc it can still suck down like 250W

160W stock

so 190+igpu

i don't think i've ever seen my 5600X break 90W even when i tried to OC it

Oh my, docker swarm in 2025

mews?

probably getting a 9700x

i have a tight budget on this

the 7800x3d was another option but i doubt i'd benefit from the 3d cache that much personally... unless i upgrade video card which won't happen soon

i'd imagine i'll be gpu bottlenecked by a 6750 XT long before I hit the 9700x's limit

I have made one do 130w

5.3ghz all core on air.

i don't trust my mobo to put that many amps thru it 🤣

I did it on a sketchy 6 phase b450

...

It held. Surprisingly

yea, think that's what i have

sketchy gigabyte b450

Mine was msi

& i wanna be able to give it a 2nd life when it comes time to upgrade, so i've been playing it safe

B450M bazooka

I was able to do alot of wattage on my 5600's

i got to do the "dear god" bios update on it to go from a 1700X to the 5600X

I'm replacing an aging 3700X

3700X still ain't too bad

Was a great CPU in it's time

Yeah it still holds up... or did

definitely aging, but still usable in a 2nd platform if you need it to

Well I have to figure out what's wrong with that system I think it's a dead PSU but I have no good way to test and it's time to upgrade

throw it in a NAS or a cheapo streaming pc hooked up to the tv

bypass those garbage TV UIs 🤣

I'll be able to go pick up all the crap from Microcenter, getting erverything short of GPU

i still can't believe microcenter hasn't set up here

there's 5 million people here, along with heavy tech outside of CA

Not sure if I'll make it to pick up tomorrow but Mon for sure

They have unbeatable combo prices for mobo+cpu+ram

and ram prices for ddr5 are dropping fast, finally

"AMD Ryzen 7 9700X, Gigabyte B650 Gaming X AX v2, G.Skill Flare X5 Series 32GB DDR5-6000 Kit, Computer Build Bundle"

429.99

wow, that's downright reasonable

And the best part is, really, their pricing is competitive with ordering from Amazon

The ONLY problem is it's about 1 hour 15 min drive from here, and that's if i don't hit some nasty traffic

make a day trip out of it, hit any other shops nearby that you don't have closer to home

That's what I'm gonna do, just make the journey and look around while I'm there

The PC parts will be waiting for me if I get lazy though haha

I probably shouldn't look around I really can't afford to spend more than I am on this rig

just don't cheap out on the PSU

Super Flower is the one currently on the list, 850w

never heard of that brand

i hadn't either but apparently they 're good

although I might go with my standby Seasonic, it's more expensive though

do they have CE label?

or something like 80+

Seems to have all the certs I'd expect, 80+ gold

I'd looked into them quite awhile back and they were supposed to make good hardware

Known as NTFS?
Which took very long before any other OS had any kind of support for it as the spec was closed and protected?

Or all the delays in getting FAT32 fully free (took until MS software patents ran out)

As MS acted as patent troll: "If you want to use FAT32, you must pay us for the right", even if the implementation was free to get from some other party.

intehesting......

Or ReFS?

ReFS is kind of new try, but it still isn't going anywhere fast.

MS still not devoting enough resources and will behind it to actually try to switch over from NTFS.

And it really doesn't currently work properly if you don't use it as layer over Storage Spaces with at least some redundancy.

Large part of the long delay between XP and Vista was trying to invent completely different type of file system.
Which IIRC also had name of ReFS, but has almost nothing to do with the current iteration.

Windows Neptune

Lol https://www.reddit.com/r/technology/comments/1i9gwqt/frustrated_youtube_viewers_seek_explanation_for/

uBlock origin was working on chrome but is having issues recently. On firefox it works fine but youtube loading is slow which I suspect has something to do with google

Nvm, loading youtube video works fine on firefox. Haven't checked it for a while

Picking VPN 🤪 🔨

Wireguard is faster (994.5Mbps) than nothing 992Mbps. The hell?

This looks better.

Within test variance.

looks weird. maybe the CPUs didn't support encryption acceleration?
modern CPU should be able to de/encrypt at multi gigabit speeds, a VPN should add maybe 1-2% overhead then
or something else is a bottleneck? DPS/IPS, firewall, etc

agree

regarding picking one:
wireguard is a bit harder to understand at first. but then relativly easy to implement, but you need to be able to open ports on at least one side and public IPs
tailscale is pa solid pick if you don't have control over firewall/portforwearding and/or don't have a public IP, but it'll cost you for more than 3(?) devices
afaik OpenVPN makes administration easier if you have many clients

but i only used wireguard myself and heard from tailscale from L1Techs, so take my opinion with a huge grain of salt

yes. most common usecase is probably for work
many use it to get a conenction to their home networking
circumventing geoblocking is a popular use-case

everything you hear about "improving your privacy" in VPN ads is a scam

Yeah, reading documentation as we speak.

don't visit sites without https, use a public DNS and you should be good.
ISP will always see what IPs you connect to, be they the sites directly or a public VPN

tailscale seems too much overhead.

and overkill.

raspberry 4 + wireguard might be a good start.

was reading reviews for pi 5, but doesn't look good.

tailscale needs the overhead to traverse NAT and non-public IPs probably

"people isp"?

Keep in mind wg is p2p VPN. if you want a "client-server" structure you need some firewall/routingtable rules on the "server" side

ok

I wanted to deploy it on my NAS, but after some more reading up. I read somewhere that the attack vector of docker is larger than having services on a system behind a port.

And after thinking about that for a bit, it makes sense. So it would be better to have a pi or a mini computer handling it.

The PI have the trouble of not being able the handle large internet speeds, so the suggestion is a mini computer for 100 bucks or something.

And herg basically said the same last night.

No?
Both just expose the specific service on a port.
And you can directly only attack that service.
With possible further attack service in whatever libraries etc. are in the container.
Then you have to attack the container service to break out to the main OS.

Not at all.

Just taht with Docker or like, you don't have full control on that container contents, and have to deal with what the maker of specific docker image included.

No.

And you need to make firewall rules between the Docker container and rest of the system and general LAN.

Docker itself is an architecture. It's way more complex than you think.

And has a larger attack vector.

Hey, but you do you If you want to throw it all in one docker container, go a head.

If you want to run it all on one system with docker. Also good.

That includes those

With possible further attack service in whatever libraries etc. are in the container.
Then you have to attack the container service to break out to the main OS.
Steps.

But the general consensus seems to be; don't do it. Get separate hardware.

We are talking security here so.

separate HW is also good if the docker host goes down and you need to remotely troubleshoot it

That is attacking the Docker.

Which is easier than then attacking the other machine remotely.
But still needs that first step to get in anyways.

Docker has a larger attack vector than seperate hardware, with only a single service and a port opened.

i guess it depends on your use case, if you want to handle large amounts of data then maybe, if it's just to get access to your private network it should be fine

With separate NAS and separate VPN host:
Attack VPN, get control of the host, attack the NAS over LAN, get control of NAS.

With NAS with Docker for VPN Host:
Attack VPN, get control of container, attack Docker, get control of NAS.

If that attack NAS over LAN or attack Docker on NAS is harder depends on firewall rules etc. between the LAN and the NAS.

Yeah, that's something I am thinking about atm. How to set it up. And where in my LAN.

you sure the pi isn't fast enough for you?
www.reddit.com/r/WireGuard/comments/eeafds/wireguard_throughput_on_raspberry_pi_4/

Here they explain upload speed got axed by raspberry

weird, why should one direction be (so much) slower?

Maybe the guy is tripping.

Docker is not foolproof either. It has a higher surface attack vector than just hosting the ports with the underlying services. And if you don't configure the firewall properly to work with Docker, you'll be surprised to know how it works by default (hint, it sucks). I love Docker, but it's got caveats.

I'll probably get downvoted for not parroting the most newb friendly option, but really, if you actually care about security, you have to consider these things. If you don't care, great, but don't pretend like you're mitigating threats. Blocking IP's or countries is not security. VPN's are a thing.

just saw some post pointing to the cipher and mtu settings. so maybe it's a config issue

Point is that docker lives behind the hosts firewall anyways, and to attack it you need to first get into one of the services.
Yes, by default there is no firewall.
But that is the case for "just service" too.

We are talking (adding layers of) security here.

Point is to limit what gets into the LAN, then what gets into whatever host that has something port forwarded to it.
And then limit on how stuff can get out of containers to the host running them, or from compromised host to any other computers in the LAN.

Which using container services usually does, over running raw services.
As there is extra layer that needs to be cracked.
As the host running the containers CAN limit how those containers can talk to the host, or with each other, or the LAN.
Until the hacker who got access to one of the containers breaks out.

And like herg said: "one for running traefik + crowdsec middleware and one runnig crowdsec"

Docker running those 3 on one machine... well I don't have to explain that do I?

Usually running services in containers is seen as more secure to running multiple services on same host without containers.
Yes, often having separate computer for each is better, but even then you are better off running the service on container, just one container per machine.

Docker is fine. But when it comes security. Don't be dumb.

It's not because it's in a docker container, it's magically safe for everything.

And to get real security with separate machines, you would need to make lot of firewall rules to limit how you can move laterally in the LAN once one host has been compromised.

That's wasn't even the purpose of the technology.

No, just additional layer, other ones still need to be there too.

Which was scalability, efficiency, cloud solutions etc.

swarm behavior. All the cool stuff.

And like I said, you don't have as much access to make sure the services, libraries etc. inside a ready made docker image or like are up to date with security fixes, and that the image doesn't have useless extra crap in it etc.

That's why I don't want it on my NAS.

Containers are just VM-lite with larger attack surface from the container to the base OS.
Over from VM to hypervisor OS.

I barely have control over the OS of it anyway.

Right now, pi 4 + linux + wireguard seems like a good start.

Ah, this was about Synology or like NAS running container services.

or www.crowdsec.net (have to start somewhere).

That is more about the implementation on the two largest NAS makers OSes for those container services.
Where having enough control over the other security stuff might be hard or impossible.

Yeah, me and herg were talking about security last night and opening up your NAS to the scary outside world.

he told me to get crowdsec to see how much I get probed and shit.

If I put Pi in front of NAS, non of that is an issue.

Just get to make sure my NAS keeps functioning

Yeah, but point is that the whole NAS isn't exposed, just that VPN service in container.
Like with Pi, only the VPN service on the Pi will be exposed.

After that, if you would have access via that VPN to the NAS, it is already about as exposed as if the VPN was running in container on the NAS.

Compared to that separata PI as VPN server, if the Pi is hacked via that VPN service, to the container run VPN service getting hacked on the NAS.

But that was not what we were discussing.

Having VPN + crowdsec + reverse proxy + ... + ... all in containers on ONE system.

vs

spreading the services in your LAN on different systems (pi's, servers, routers, ...) with layers of security between communication of such systems.

Also, wtf is crowdsec even?

CrowdSec is an open-source and participative security solution offering crowdsourced server detection and protection against malicious IPs. Detect and block with our Security Engine, contribute to the network, and enjoy our real-time community blocklist.

It sounds like a firewall. But call themselves a server detection and protection system?

Intrusion Detection and Prevention system.
Basically monitors whatever traffic firewall let through and tries to notice actual attacks in that traffic via protocol analysis etc.

Comparing to known attacks and attack sources.

And then blocking the detected ones.

What's difference between that and a firewall?

So, just a firewall with rules based on open source (a.k.a the people/users).

Firewall logs what it stops
Crowdsec logs what the fw does not stop

Firewall is set of static rules based on just ports, base protocol type (TCP, UDP), source and destination IPs etc.
IDS and IPS do more in depth analysis, but takes much more CPU power.

Complementary.

Ok. You have OS firewall. If I put my own firewall (rule: block all) behind the OS firewall.

I get the same result?

No, as IDS/IPS also monitor outgoing traffic etc.

Because my own firewall will report everything it's blocking, which first one allowed.

firewalls work for in/out going traffic

Deny all incoming firewall just prevents new connections from outside to come in.
But to have VPN service, you always need to allow that in at least.

Ofc, else shit no work.

And if you have one that blocks everything in and everything out, you could just remove the network ccable.

That's not what I said.

I said you get same result. The second firewall will log everything FIRST ONE MISSED.

Point is that IDS monitors and warns if that allowed traffic contains known attacks.
And IPS also then tells firewall to drop it right away.

Only difference here, is that crowdsec is community driven.

So people report malicious IP etc in a big db. crowdsec uses that. A bit like that windows thing.

No.
Firewalls don't do protocol analysis etc.
IP based lists are just part of how IDS or IPS can work.

Ok, and that.

Mhm.

Think firewall as rules to say if specific person is allowed through a door.
And IPS/IDS is security person checking the bags the person tries to bring in, or take out when he/she uses the door.

I think crowdsec works on synology, but I have to feed synology logs into crowdsec.

which I don't want to do.

I think I will start with VPN. And look into reverse proxy + crowdsec later

What

That's the whole point

But Crowdsec seems to be more of add-on service to firewall to get dynamic IP blocklists etc. based on if those IPs seem to be doing probing etc.
When everyone involved has their logs analyzed for the data.

Yeah, the point of that is to get massive amounts of firewall transit data to see if someone seems to be doing mass attacts or probing.

Crowdsec does:
Log analysis
Global IP blocklist
WAF

And then everyone using the service provides to that detection via log scanning locally.

Doesn't help as much against targeted attacks, but does against general ones.

I kinda disagree

It does filter out the majority of known exploits and is able to detect weird access types. You just need to properly configure it to use appsec and not just use the general IP blocking

Herg, you misunderstand me.

I do?

I don't trust the logging of synology OS.

so I don't want crowdsec, to be dependent on synology OS.

I want to run crowdsec on linux on a PI.

decoupled of synology OS if that makes sense?

Thats why I told you to use traefik and install crowdsec as Middleware. You aren't dependant on log then, but do scan every access

Yeah, but point was against kind of targeted attacks that just don't happen against individuals, but specific companies etc.

🙂

Then buy

I am still reading up on how it all works.

That Crowdsec etc. will help even high profile targets a lot, but doesn't help that much against real targeted attacks by nationstate actors etc.

if China wants into my NAS. They can.

if US wants into my NAS. They can.

if EU wants into my NAS. They can't. Because they are silly gooses.

Just saying, most of us are f'd if a goverment comes after us 😄

Good tool, but just another tool.

Yeah, I can follow now 🙂

Traefik for the actually traffick. Those logs go to crowdsec and analyses those logs. But... so it's traefik who is in control of allowing traffic?

Which is part of why I need to finish configuring Nagios on my firewall.

Because crowdsec just answers to traefik to let it go through or not?

NO LOGS

Oh, ok it's proxy.

you need traefik, the middleware for crowdsec in traefik and crowdsec. Every access will get checked before it even gets to your server

log analyzing always happens after the first access

Sorry, not Nagios...

I can imagine it now, after I set this all up, the only service that runs behind it all, is a "Hello world" 🤣

Meant Suricata

a honeypot!

I think that's what it's called.

https://youtu.be/zcr_xQFV--4?si=zyFLz9VU7sW_TutQ
Good ta)k points on scientific method
Also interesting channel
Also he forgot to do double-blind

you strictly define growing procedures
then you put one enclosure with sound and one enclosure without
interleaving seeds and enclosure having the same location and light exposure
done
you can then simply do growing measurements

"can't be proven" : fake

literally any growing field have arrays of exact same enclosures with same orientation and equipments
which are empty part of the year

it's not costly to do

And third to test would be some fans for airflow.
If the "Sound" is just moving the air enough to matter.

^

I remember recently seeing something about adding fans...

Also people study how plasma exposure helps

Yeah that was a phrase to segway into discussion

Though i doubt audible sound counts as movement of air. I think he used like 4khz frequency

But that was a good step - not test with music but just sinewave

Sound is specific type of movement.
Point is that it might be giving enough extra energy to the air to make it mix better near the leaves.
Where they take in CO2 and output O2.

Which changes the balance in air locally, so any extra mixing might be helping.