In a release posted to X on Thursday, March 5, Fishback shared a statement saying that “this morning, Waffle House abruptly revoked our permission, and criminally trespassed us from all of their Florida locations.”

They don’t…“criminal trespass you”. They tell you that they don’t want you on their property. At that point, you need to leave. If you enter after that point, then you might be charged by the state with trespassing.

I don’t have a specific service to recommend, but you might look at lowendbox.com, which specializes in listing inexpensive VPS services.

It wouldn’t be effective, because it’s trivial to bypass. There are many ways one can do a DNS lookup elsewhere and get access to the response, as the information isn’t considered secret. Once you’ve done that, you can reach a host. And any Computer A participating in a DDoS such that Comptuer B can see the traffic from the DDoS has already resolved the domain name anyway.

It’s sometimes been used as a low-effort way for a network administrator to try to block Web browser users on that network from getting access to content, but it’s a really ineffective mechanism even for that. The only reason that I think it ever showed up is because it’s very easy to deploy in that role. Browsers often use DNS-over-HTTP to an outside server today rather than DNS, so it won’t even affect users of browsers doing that at all.

In general, if I can go to a website like this:

https://mxtoolbox.com/DNSLookup.aspx

And plonk in a hostname to get an IP address, I can then tell my system about that mapping so that it will never go to DNS again. On Linux and most Unixy systems, an easy way to do this would be in /etc/hosts:

5.78.97.5 lemmy.today

On Windows systems, the hosts file typically lives at C:\\Windows\system32\drivers\etc\hosts

EDIT: Oh, maybe I misunderstood. You don’t mean as a mechanism to block Computer A from reaching Computer B itself, but just as just a transport mechanism to hand information to routers? Like, have some way to trigger a router to do a DNS lookup for a given IP, the way we do a PTR lookup today to resolve an IP address to a hostname, but obtain blacklist information?

That’s a thought. I haven’t spent a lot of time on DNSSec, but it must have infrastructure to securely distribute information.

DNS is public — I don’t know if that would be problematic or not, to expose to the Internet at large the list of blacklists going to a given host. It would mean that it could be easier to troubleshoot problems, since if I can’t reach host X, I can check to see whether it’s because that host has requested that my traffic be blacklisted.

The urethane pleather on my headband started cracking on my xm4’s. A replacement headband was half the price of a new unit.

https://www.walmart.com/ip/SOULWIT-Replacement-Headband-Pad-Kit-for-Sony-WH-1000XM4-WH1000XM4-Headphones-Easy-DIY-Installation-Silver/16417371960

This is third-party, but it’s $19.

It’s also just the pad, but I assume that that’s what’s failed, if you’re talking about pleather.

The older headphones there don’t look like you can rotate the pads, yeah? I mean, it’s that rotating hinge which failed here.

I guess one could say “well, I don’t want headphones with rotating pads”, but it’s that rotation that lets the XM5 headphones fit into a fairly-flat carrying case.

I will say, though, that the XM5s probably weren’t going to last over 30 years, if for no other reason than because they use an internal battery…

It’s possible that the video had surround sound, say, 7 channels or something, and that the commercials didn’t. Or that the video bitrates for the movie and ads are different.

I have, in the past, wondered how practical it would be to take a highly-directional antenna and a camera mounted on a computer-controlled tripod head and then pan the thing around for a bit and create an image with a heat map overlay showing where the signal is strongest. I was thinking about making a map showing WiFi networks.

If you have some fancy RDF antenna array, which I imagine that military signals intelligence people do, might not even need to do the panning.

Not what you asked, but regardless of whatever else you’re doing, I would take any really critical data you need, encrypt it, put it on a laptop or other portable device, and bring it with you. Trying to throw together some last-minute setup that you rely on and can’t easily resolve remotely is asking for trouble.

Another fallback option, if you have a friend who you trust and can call and ask them to type stuff in – give 'em a key before you go and call 'em and ask 'em to type whatever you need if you get into trouble.

I feel like we should expect at least the occasional sí or señor in there for flavor too. C’mon guys. Hollywood can manage it.

It should be noted that the Pokrovsk axis became one of Russia’s main effort directions as early as the second half of 2024, yet since that time, Russian units there have advanced only about 15 kilometers," the intelligence overview says.

That’s about 15 kilometers in eighteen months.

Or 1.1 meters per hour.

The common garden snail does about 48 meters/hour.

If it happens again and you have Magic Sysrq enabled, you can do Magic Sysrq-t, which may give you some idea of what the system is doing, since you’ll get stack traces. As long as the kernel can talk to the keyboard, it should be able to get that.

https://en.wikipedia.org/wiki/Magic_sysrq

You maybe can’t see anything on your monitor, but if the system is working enough to generate the stack traces and log them to the syslog on disk (like, your kernel filesystem and disk systems are still functional), you’ll be able to view them on reboot.

If it can’t even do that, you might be able to set up a serial console and then, using another system running screen or minicom or something like that linked up to the serial port, issue Magic Sysrq to that and view it on that machine.

Some systems have hardware watchdogs, where if a process can’t constantly ping the thing, the system will reboot. That doesn’t solve your problem, but it may mitigate it if you just want it to reboot if things wedge up. The watchdog package in Debian has some software to make use of this.

You have to have a thin client device to access the servers out on the Internet, which is…kind of what a sub-$500 low-end PC or budget smartphone would be.

I suspect that it’s more that a lot of people are going to defer upgrades at the low end of the scale, use an older device for longer than they otherwise would have.

Might not be great for security; smartphone OSes won’t get security updates after N years, and Windows 10 is EOL.

The HC1 chip doesn’t load model weights from memory. It etches them directly into the transistors. Every weight becomes a physical circuit.

That’s one way to avoid memory bandwidth constraints!

I don’t know of a pre-wrapped utility to do that, but assuming that this is a Linux system, here’s a simple bash script that’d do it.

#!/bin/bash

# Set this.  Path to a new, not-yet-existing directory that will retain a copy of a list
# of your files.  You probably don't actually want this in /tmp, or
# it'll be wiped on reboot.

file_list_location=/tmp/storage-history

# Set this.  Path to location with files that you want to monitor.

path_to_monitor=path-to-monitor

# If the file list location doesn't yet exist, create it.
if [[ ! -d "$file_list_location" ]]; then
    mkdir "$file_list_location"
    git -C "$file_list_location" init
fi

# in case someone's checked out things at a different time
git -C "$file_list_location" checkout master
find "$path_to_monitor"|sort>"$file_list_location/files.txt"
git -C "$file_list_location" add "$file_list_location/files.txt"
git -C "$file_list_location" commit -m "Updated file list for $(date)"

That’ll drop a text file at /tmp/storage-history/files.txt with a list of the files at that location, and create a git repo at /tmp/storage-history that will contain a history of that file.

When your drive array kerplodes or something, your files.txt file will probably become empty if the mount goes away, but you’ll have a git repository containing a full history of your list of files, so you can go back to a list of the files there as they existed at any historical date.

Run that script nightly out of your crontab or something ($ crontab -e to edit your crontab).

As the script says, you need to choose a file_list_location (not /tmp, since that’ll be wiped on reboot), and set path_to_monitor to wherever the tree of files is that you want to keep track of (like, /mnt/file_array or whatever).

You could save a bit of space by adding a line at the end to remove the current files.txt after generating the current git commit if you want. The next run will just regenerate files.txt anyway, and you can just use git to regenerate a copy of the file at for any historical day you want. If you’re not familiar with git, $ git log to find the hashref for a given day, $ git checkout <hashref> to move where things were on that day.

EDIT: Moved the git checkout up.

My consumer broadband router (which acts as a WAP, modem, and router) looks like it’s rated for a 36W power supply. Putting a Kill-A-Watt wattmeter on it shows it currently using about 14W.

Is this worth the effort?

In terms of electricity cost?

I wouldn’t do it myself.

If you want to know whether it’s going to save money, you want to see how much power it uses — you can use a wattmeter, or look up the maximum amount on the device ratings to get an upper end. Look up how much you’re paying per kWh in electricity. Price the hardware. Put a price on your labor. Then you can get an estimate.

My guess, without having any of those numbers, is that it probably isn’t.

I imagine that whatever shipping service the shop is using will work it out as long as they’ve got a non-ambiguous street address for delivery.

The Democrats already had four years to prosecute and convict this sack of shit

The Democrats would require a two-thirds supermajority in the Senate to convict without at least some Republican senators. They have not had that and are unlikely to get that.

You would typically want to use static ip addresses for servers (because if you use DHCP the IP is gonna change sooner or later, and it’s gonna be a pain in the butt).

In this case, he controls the local DHCP server, which is gonna be running on the OpenWRT box, so he can set it to always assign whatever he wants to a given MAC.

except that all requests’ IP addresses are set to the router’s IP address (192.168.3.1), so I am unable to use proper rate limiting and especially fail2ban.

I’d guess that however the network is configured, you have the router NATting traffic going from the LAN to the Internet (typical for a home broadband router) as well as from the home LAN to the server.

That does provide security benefits in that you’ve basically “put the server on the Internet side of things”, and the server can’t just reach into the LAN, same as anything else on the Internet. The NAT table has to have someone on the LAN side opening a connection to establish a new entry.

But…then all of those hosts on the LAN are going to have the same IP address from the server’s standpoint. That’s the experience that hosts on the Internet have towards the same hosts on your LAN.

It sounds like you also want to use DHCP:

Getting the router to actually assign an IP address to the server was quite a headache

I’ve never used VLANs on Linux (or OpenWRT, and don’t know how it interacts with the router’s hardware).

I guess what you want to do is to not NAT traffic going from the LAN (where most of your hardware lives) and the DMZ (where the server lives), but still to disallow the DMZ from communicating with the LAN.

considers

So, I don’t know whether the VLAN stuff is necessary on your hardware to prevent the router hardware from acting like a switch, moving Ethernet packets directly, without them going to Linux. Might be the case.

I suppose what you might do — from a network standpoint, don’t know off-the-cuff how to do it on OpenWRT, though if you’re just using it as a generic Linux machine, without using any OpenWRT-specific stuff, I’m pretty sure that it’s possible — is to give the OpenWRT machine two non-routable IP addresses, something like:

192.168.1.1 for the LAN

and

192.168.2.1 for the DMZ

The DHCP server listens on 192.168.1.1 and serves DHCP responses for the LAN that tell it to use 192.168.1.1 as the default route. Ditto for hosts in the DMZ. It hands out addresses from the appropriate pool. So, for example, the server in the DMZ would maybe be assigned 192.168.2.2.

Then it should be possible to have a routing table entry to route 192.168.1.1 to 192.168.2.0/24 via 192.168.2.1 and vice versa, 192.168.2.1 to 192.168.1.0/24 via 192.168.1.1. Linux is capable of doing that, as that’s standard IP routing stuff.

When a LAN host initiates a TCP connection to a DMZ host, it’ll look up its IP address in its routing table, say “hey, that isn’t on the same network as me, send it to the default route”. That’ll go to 192.168.1.1, with a destination address of 192.168.2.2. The OpenWRT box forwards it, doing IP routing, to 192.168.2.1, and then that box says “ah, that’s on my network, send it out the network port with VLAN tag whatever” and the switch fabric is configured to segregate the ports based on VLAN tag, and only sends the packet out the port associated with the DMZ.

The problem is that the reason that home users typically derive indirect security benefits from use NAT is that it intrinsically disallows incoming connections from the server to the LAN. This will make that go away — the LAN hosts and DMZ hosts will be on separate “networks”, so things like ARP requests and other stuff at the purely-Ethernet level won’t reach each other, but they can freely communicate with each other at the IP level, because the two 192.168.X.1 virtual addresses will route packets between each the two networks. You’re going to need to firewall off incoming TCP connections (and maybe UDP and ICMP and whatever else you want to block) inbound on the 192.168.1.0/24 network from the 192.168.2.0/24 network. You can probably do that with iptables at the Linux level. OpenWRT may have some sort of existing firewall package that applies a set of iptables rules. I think that all the traffic should be reaching the Linux kernel in this scenario.

If you get that set up, hosts at 192.168.2.2, on the DMZ, should be able to see connections from 192.168.1.2, on the LAN, using its original IP address.

That should work if what you had was a Linux box with three Ethernet cards (one for each of the Internet, LAN, and WAN) and the VLAN switch hardware stuff wasn’t in the picture; you’d just not do any VLAN stuff then. I’m not 100% certain that any VLAN switching fabric stuff might muck that up — I’ve only very rarely touched VLANs myself, and never tried to do this, use VLANs to hack switch fabric attached directly to a router to act like independent NICs. But I can believe that it’d work.

If you do set it up, I’d also fire up sudo tcpdump on the server. If things are working correctly, sudo ping -b 192.168.1.255 on a host on the LAN shouldn’t show up as reaching the server. However, ping 192.168.2.2 should.

You’re going to want traffic that doesn’t match a NAT table entry and is coming in from the Internet to be forwarded to the DMZ vlan.

That’s a high-level of what I believe needs to happen. But I can’t give you a hand-holding walkthrough to configure it via off-the-cuff knowledge, because I haven’t needed to do a fair bit of this myself — sorry on that.

EDIT: This isn’t the question you asked, but I’d also add that what I’d probably do myself if I were planning to set something like this up is get a small, low power Linux machine with multiple NICs (well, okay, probably one NIC, multiple ports). That cuts the switch-level stuff that I think that you’d likely otherwise need to contend with out of the picture, and then I don’t think that you’d need to deal with VLANs, which is a headache that I wouldn’t want, especially if getting it wrong might have security implications. If you need more ports for the LAN, then just throw a regular old separate hardware Ethernet switch on the LAN port. You know that the switch can’t be moving traffic between the LAN and DMZ networks itself then, because it can’t touch the DMZ. But I don’t know whether that’d make financial sense in your case, if you’ve already got the router hardware.