Monkey With A Shell

Stop selling disposable vapes, this is not complicated. I’ve since stopped but first encountered vapes back when they called it e-smoking and the devices where really crude. After a few years they finally got something decently reliable and reusable down and people had their personal device.

I’m not even sure when disposables became a thing but the notion of use one and discard electronics is nuts. The whole industry could do well to come up with some standards so you don’t have to search out some specific model of atomizer to fit a certain piece, but it’s not impossible.

What you might call a stateful NAT is really a 1-1 NAT, anything going out picks up an IP and anything retuned to that IP is routed back to the single address behind the NAT. Most home users a many to one source nat so their internal devices pick up a routable IP and multiple connections to a given dest are tracked by a source port map to route return traffic to the appropriate internal host.

Basically yes to what you said, but a port forward technically is a route map inbound to a mapped IP. You could have an ACL or firewall rule to control access to the NAT but in itself the forward isn’t a true firewall allow.

Same basic result but if you trace a packet into a router without a port forward it’ll be dropped before egress rather than being truly blocked. I think where some of the contention lies is that routing between private nets you have something like:

0.0.0.0/0 > 192.168.1.1 10.0.0.0/8 > 192.168.2.1

The more specific route would send everything for 10.x to the .2 route and it would be relayed as the routing tables dictate from that device. So a NAT in that case isn’t a filter.

From a routable address to non-route 1918 address as most would have from outside in though you can’t make that jump without a map (forward) into the local subnet.

So maybe more appropriate to say a NAT ‘can’ act as a firewall, but only by virtue of losing the route rather than blocking it.

NAT in the sense used when people talk about at home is a source nat, or as we like to call it in the office space a hide address, everyone going to the adjacent net appears to be the same source IP and the system maintains a table of connections to correlate return traffic to.

The other direction though, if you where on that upstream net and tried to target traffic towards the SNAT address above the router has no idea where to send it to unless there’s a map to designate where incoming connections need to be sent on the other side of the NAT so it ends up being dropped. I suppose in theory it could try and send it to everyone in the local side net, but if you get multiple responses everything is going to get hosed up.

So from the perspective of session state initiation it can act as a firewall since without route maps it only will work from one side.

Assuming it’s not a 1-1 NAT it does make for a functional unidirectional firewall. Now, a pure router in the sense of simply offering a gateway to another subnet doesn’t do much, but the typical home router as most people think of it is creating a snat for multiple devices to reach out to the internet and without port forwarding effectively blocks off traffic from the outside in.

The way the maga crowd hates Disney lately for being ‘woke’ pissing them off might encourage pushing a rule like this through.

Indeed they do use 11x but it’s still a possibility to cause issues. It’s entirely possible to manage a fleet of IPs across a net but it takes a solid plan organization plan. My company is big on the acquiring companies game where IP overlaps are a perpetual challenge when merging sites in and you need a mess of snat/dnat conversions to keep routing from getting in a knot.

While handy on a personal net, on a larger corporate net this isn’t practical and even adds a security risk. By having servers request leases you run the chance that someone gets into a segment, funds the ARP association for an IP/MAC combo and can take over a server’s spot simply by spoofing their own MAC to match at the time of lease renewal.

In the post above about setting a static address in two spots that in itself isn’t required either. So long as there are no duplicates you would just set the static address on the end device, then the network will sort it out with ARP ‘who has’ requests in local segments, or routing in the case of distinct subnets.

Edit: the duplicate I suppose could be referring to putting names into a DNS registry, in which case yes you would need that double entry, or just reference things by IP if the environment is small enough for it to be practical.

I’ve used plenty of them with no problems for years. Just so long as you have redundancy in place like a good RAID setup there’s little risk of losing anything.

Did you happen to unplug the external drive when it was moved? Could wonder if the device ID got changed and the server can’t find the old location for the library any longer.

Internet culture is a leaky thing. A major chunk of meme and comic formats where born in 4chan and they’ve been adopted virtually everywhere on the web despite coming from a place that takes a certain level of self hate to stomach for any length of time. Lemmy is functionally a clone of reddit right down to the logo similarity. Trying to claim that somehow it’s a different unique corner of the web and exercise in futility.

This needs a theydidthemath comm to post to. 🙂

Jammie Rasset got tagged for $1.9M for sharing 24 songs, so if we extend the per instance to this case I’m pretty sure Meta owes more money than has existed in human history…

Generally yes, but it can be useful as a learning thing. A lot of my homelab use is for purposes of practicing with different techs in a setting where if it melts down it’s just your stuff. At work they tend to take offense of you break prod.

I’ve used MinIO as the object store on both Lemmy and Mastodon, and in retrospect I wonder why. Unless you have clustered servers and a lot of data to move it’s really just adding complexity for the sake of complexity. I find that the bigger gains come from things like creating bonded network channels and sorting out a good balance in the disk layout to keep your I/O in check.

ShredOS, lovely little USB boot system that you can use to wipe a drive like that. I would usually go with a 3 pass cleaning. Another option can be to use something like veracrypt to do an in place whole disk encryption that’ll make anything on it unreadable.

If it works as a basic post bot I guess there’s something to that, just seems and odd extra step when you’re already using a phone/computer that likely already has some kind of weather widget built in.

Why tho?

What’s the use case for a ActPub based weather info service that wouldn’t be adequately addressed by a basic API on an existing service?

In my org a lot of it can come down to having someone to demand fixes from. If something becomes a critical component of the workflows there has to be someone with an enforceable SLA held over them to get things fixed when needed.

About 700 watts, it makes for a decent space heater in the winter.

Like others said, self signed or internal only domains work. Really though for the minimal cost of generally less than $20/year you can make it a lot easier by just buying a domain.

From a pure security stance it could be argued that a personally owned CA is more secure than any public one since it’s possible for others to create a trusted cert with a public entity. Cloudflare ends up doing that for any domains you register with them, but that’s really only an issue for things facing the web and using self signed certs will typically cause problems for any pre-compiled client apps you might use.