My Unifi Dream Machine Pro's ad-blocking was doing more than I expected
https://lemmy.world/post/40942447
My Unifi Dream Machine Pro's ad-blocking was doing more than I expected - Lemmy.World
I have a small homelab that’s not nice enough for /r/homelab but is a bit more
than just self hosting. Since I’m a decently knowledgeable sysadmin and network
engineer, my goal is to build an enterprise-ish environment for myself to tinker
around and play inside. This means a lot of my setup is more complicated than it
needs to be and I spend a lot of time troubleshooting and debugging my
overengineering, so when something breaks my first assumption is that it was
something I did. I usually build my stuff to be relatively aelf sufficient when
I leave it alone. But this weekend and today I simply couldn’t find what I
broke. I was attempting to move a clunky lets encrypt cert renewal job off of my
DNS server to somewhere I could better manage it. Why was it on my DNS server?
Because for a while now, dynamic updates only half worked for me. My bind9
server was fully capable and I have a custom nsupdate cronjob to update my DDNS
records that I installed on my UDM-Pro. But for whatever reason, as soon as I
entered my home network1 it wouldn’t work. Since I thought it better to manage
my certs from Proxmox or another internal service, I needed to figure out why
this was. I looked high, I looked low, I looked in /etc but there was no
configuration error that I could find. I tested the same TSIG key on another
machine in my VPC and on my UDM-Pro but there it went without a hitch. The error
was weird — NOTIMP — and I couldn’t find anything relevant online. As a last
resort I turned to ChatGPT2, but all this confirmed was that there should be no
errors with my configuration. It’s conclusion was that it had to be networking.
So i scoured the configuration of my UDM looking for any filtering or traffic
rules I had, but nothing was clicking. This wasn’t a connection issue, this is
the server telling me that updates were not allowed for this zone. I was clearly
hitting the DNS server, right? Well there was nothing in the update logs on the
server, so I suspected that for some reason the requests weren’t making it
through. So I spun up wireshark on my UDM and on my DNS server, and saw for
myself that the dynamic update requests weren’t even reaching the bind server. I
would see the update come into the router, and a response from the bind server,
so what was responding? This was either some crazy filtering from my ISP — which
i knew to be false because updates from the router worked — or my UDM doing
something. Finally after some sleep I came back and looked at the UDM cobsole
again and it hit me. Ad block. I quickly paused it and lo and behold it was
blocking my dynamic updates. There was no record of this in the Insights tab; it
was just silently absorbing my dynamic updates and masquerading as my name
server. I can understand masquerading as name servers due to what its supposed
to do, but I have no idea why it would steal my dynamic updates. I wouldn’t
think what DNS filtering that enables is fail closed. For being a prosumer
company, Ubiquiti’s features always feel halfway implemented to work in most
scenarios but never actually developing full support for things. Yes, I brought
this onto myself for enabling ad-blocking (it was good while it lasted, I’ll
have to reimplement it in a non stupis way) but the fact that it does zero
inspection of the DNS opcode before forwarding requests feels dumb. — 1I have
two “sites”, my homelab and a cloud VPC; critical infra like DNS and mail is
hosted in the VPC. 2I minimally use AI for troubleshooting as a last resort to
either turn me on a new path to the solution or as a sanity check before I blame
a different component.
For my fellow Americans, when is enough enough?
https://lemmy.world/post/21705895
For my fellow Americans, when is enough enough? - Lemmy.World
I will preface this by saying I understand that I am more radical,
revolutionary, and extreme of a leftist than most. Despite that, I still ask
that you actually engage with this as I’m asking in good faith. When is enough
enough? We have elected a fascist into the highest office and handed the keys to
him and his friends. Is now not the time to actually get organized, involved,
and armed? In my opinion, the time for peaceful, democratic means of avoiding
fascism was before the election. But we have failed to do so, and as such there
will soon be a tyrant in power. Are we going to wait until troops are rolling
down the street to stage any form of resistance, because by then it’s far too
late. Now I want to be clear that I am not advocating for random acts of
violence or an insurrection like January 6th. But is this not a point of
radicalization? Is this not where we start organizing within our communities and
getting involved in mutual aid and resistance? How much more do we need before
people are actually ready to stand, fight, and maybe even die to avoid
continuing down the path that we are on? Fascism is not on the horizon, it is
here. Are we really to do nothing about it as a society except lay down and
accept our fate? Because that doesn’t jive with me. That makes absolutely no
sense to me.
Can we have a discussion about the rhetoric in this community?
https://lemmy.world/post/19989131
Can we have a discussion about the rhetoric in this community? - Lemmy.World
I often see people in the comments acting like having a fast or loud car
immediately makes your dick smaller or that you have ED. And people talk about
owning a car as if they’ve never gone above 40 MPH and are terrified to do so.
For context I live in a city with actually ok mass transit, don’t own a car, and
prefer to bike/take the train whenever possible. Trains, trolleys, bikes, and
feet are the best forms of transportation imo. That being said, body shaming or
making fun of people with physical or mental issues (that may be no fault of
their own) is just shitty. It makes this community look shitty. I hate reading
comments about “loud car small dick this” or “fast car ED that”. It’s
unnecessary. You can shit on asshole drivers without having to stoop that low.
Secondly, some women enjoy cars as well; be more creative. Finally, don’t act
like cars can’t be fun. I’m all for phasing out the automobile and
revolutionizing transport by returning to the ways of olde, but cars are fun. I
understand some of you are grandparents and don’t like someone revving their
straight pipes mustang down your block on a Saturday morning. That’s completely
reasonable. But my god does this community act like you can’t have fun in a car.
I absolutely enjoy loud and fast and powerful cars, because that’s an incredible
work of engineering and it simply can be fun. Going fast can be fun. Being in a
car that purrs like a lion can be fun. Going offroading or drifting or racing or
anything in a car can be fun. We won’t convince people to see our side by
shitting on the things they enjoy. We convince people to try and see things from
our point of view by actually looking through their perspective first, and
acknowledging that while cars can be fun they are not sustainable.
What do you prefer to selfhost? - Lemmy.World
I’ve been around selfhosting most of my life and have seen a variety of
different setups and reasons for selfhosting. For myself, I don’t really self
host as mant services for myself as I do infrastructure. I like to build out the
things that are usually invisible to people. I host some stuff that’s relatively
visible, but most of my time is spent building an over engineered backbone for
all the services I could theoretically host. For instance, full domain
authentication and oversight with kerberized network storage, and both internal
and public DNS. The actual services I host? Mail and vaultwarden, with a few
(i.e. < 3) more to come. I absolutely do not need the level of infrastructure I
need, but I honestly prefer that to the majority of possible things I could
host. That’s the fun stuff to me; the meat and potatoes. But I know some people
do focus more on the actual useful services they can host, or on achieving
specific things with their self hosting. What types of things do you host and
why?
Recommended containerized CardDAV/CalDAV solution?
https://lemmy.world/post/17420091
Recommended containerized CardDAV/CalDAV solution? - Lemmy.World
Hello! I am migrating some services from an old cloud instance to my homelab.
The cloud instance was running NextCloud and as I don’t really need the entirety
of NextCloud, I’m moving to individual services. It’s now time for me to move
the most important thing from this NextCloud instance: my calendars and
contacts. I’m looking for a good containerized service to run this. I’ve taken a
look at both Baikal and Davis, but both seem to have issues running rootless. As
I have Kerberos throughout my network and am storing the persistent volumes on
an NFS share, I prefer to run all my containers under dedicated service
accounts. This also means that I would like the DAV server to have LDAP or IMAP
authentication. I am also using podman quadlets rather than docker compose, but
I can figure out the translation on my own. Worst case scenario here is I just
run Davis and talk to the dev about the issues I have (which will probably be
done anyways), but I’d like to get something up and running sooner rather than
later. Any solutions would be greatly helpful. If there isn’t a good
containerized solution, I’m also willing to make an LXC or VM but I’d prefer to
stick to containers. Thank you!
FreeIPA & Proxmox - DNS selectively doesn't work
https://lemmy.world/post/17105547
FreeIPA & Proxmox - DNS selectively doesn't work - Lemmy.World
So this is an interesting one I can’t figure out myself. I have Proxmox on a
PowerEdge R730 with 5 NICs (4 + management). The management interface is doing
its own thing so don’t worry about that. Currently I have all 4 other interfaces
bonded and bridged to a single IP. This IP is for my internal network
(192.168.1.0/24, VLAN 1). This has been working great. I have no issues with any
containers on this network. One of those containers happens to be one of two
FreeIPA replicas, the other living in the cloud. I have had no issues using DNS
or anything else for FreeIPA from this internal network nor from my cloud
network or VPN networks. Now, I finally have some stuff I want to toss in my DMZ
network (192.168.5.0/24, VLAN 5) and so I’ll just use my nice R730 to do so,
right? Nope! I can get internet, I can even use the DNS server normally, but the
second I go near my FreeIPA domains it all falls apart. For instance, I can get
the records for example.local just fine, but the second i request
ipa.example.local or ds.ipa.example.local, i get EDE 22: No Reachable Authority.
This is despite the server that’s being requested from being the authority for
this zone. I can query the same internal DNS server from either the same
internal network or a different network and it works handy dandy, but not from
the R730 on another network. I can’t even see the NS glue records on my public
DNS root server. I’m honestly not sure why everything except these FreeIPA
domains works. Yes, I have the firewall open for it and I have added a
trusted_networks ACL to Bind and allowed queries, recursion, and query_cache for
this ACL. The fact it only breaks on these FreeIPA subdomains makes me think
it’s a forwarding issue, but shouldn’t it see the NS records and keep going? It
can ping all the addresses that might come up from DNS, it’s showing the same
SOA when I query the root domain, it just refuses to work from my IPA domains.
Can someone provide any insight on this please, I’m sick and tired of trying to
debug it.
Would a vacuum extraction affect a QWISO solution?
https://lemmy.world/post/16156247
Would a vacuum extraction affect a QWISO solution? - Lemmy.World
Basically title. If I make a quick wash isopropyl alcohol (QWISO) solution,
would a vacuum extraction have a meaningful effect on the resulting concentrate?
I’m doubt it would have a meaningful impact in terms of flavor and terpene
content, but I can see it producing an interesting consistency. The only way I
could see it affecting flavor would be if the low pressure caused some volatiles
to change, but I kinda doubt that. For the vacuum extraction I would probably
just put it in a vacuum chamber.
Could I get an autopsy done on myself while I'm alive?
https://lemmy.world/post/15491717
Could I get an autopsy done on myself while I'm alive? - Lemmy.World
Completely random stoned hypothetical. Lets day im old as fuck and I decide I’m
ready and done. Could I have the same postmortem autopsy done on me while I’m
still alive? Like give me a ton of drugs and let me watch myself get dissected
as my final moments. I understand there is a legal and possibly moral concern,
but is it really ethically that bad if I also want it? Like I’m not taking
myself out at my prime, I’m nearly dead anyways. Lemme see myself cut apart
that’d be cool as shit, only if I couldn’t feel any pain though.
Good file servers for Proxmox? - Lemmy.World
Hello! I have Proxmox VE running on a Dell R730 with an H730. Proxmox manages
the disks in a ZFS RAID which is exactly how I want it. Because I intend for
this server to have a NAS/file server, I want to set up a container or VM in
proxmox that will provide network storage shares to domain-joined systems.
Pretty much everything in my lab is joined to FreeIPA, so I’d like to use the
IdM features with my file server. I have given TKL FileServer a shot but it
really didn’t seem up to snuff with what I wanted. I am not looking for a NAS
solution that will require me to pass through the RAID controller and disks to
Proxmox, as I want Proxmox managing the ZFS pool. I can set up an NFS/Samba
server in a container, however in trying to do so I was running into issues (due
to it being an unprivileged container) that I can probably figure out but I want
to see if anyone has any recommendations first.
What's a common occurrence in your hobby that you think shouldn't be?
https://lemmy.world/post/14325957
What's a common occurrence in your hobby that you think shouldn't be? - Lemmy.World
For me it’s driving while under the influence. If you couldn’t tell, I like me
some ganja. However I have long since held the belief that it is utterly insane
to drive while under the influence of most substances, with maybe nicotine and
caffeine being the exception. All too often I see other stoners smoking and
driving, which I simply can’t fathom. I’ve only operated a vehicle once under
the influence and it was just to move a U-Haul around the block to a different
parking spot, which was such a scary experience while high that I refuse to even
consider getting behind the wheel again while high.
