solidgrue

solidgrue, 1 month ago

https://lemmy.world/pictrs/image/1d90c93a-7849-4b31-8ba0-a4b93214a272.gif

solidgrue, 1 month ago

ITT: mostly disinfo and astroturfing.

Caveat emptor!

solidgrue, 1 month ago

https://lemmy.world/pictrs/image/362d1329-71df-4817-baf5-206a60fff42c.jpeg

solidgrue, 1 month ago

Little column A, little column B… ¯_(ツ)_/¯

solidgrue, 1 month ago

The wind is shifting, that’s for sure.

solidgrue, 1 month ago

Many (if not all) of the KeePass clients are better than Lastpass, LogMeIn or any of the hosted solutions. More portable too

solidgrue, 1 month ago

KeePass works off of a local data store which you can sync up to the cloud, so you don’t even need Internet access flto open your credentials store

solidgrue, 1 month ago

Ah, that I did not know.

So it’s an equivalent to lastpass for portability. My mistake.b

solidgrue, 1 month ago

It’s not gonna be a problem, just don’t be obviously impaired. Don’t gamble or do any of the more adult shows while in any altered state. Stick to the Strip and Fremont street areas.

Wandering the Strip and Fremont St. experience are both good fun. The ceiling of the mall at the Venetian was extra trippy. The playground at Circus Circus was fun. I’m sure the amusements at New York, New York would be fun too.

Party smart, play safe.

solidgrue, 1 month ago

You. I’ve seen you around. You’re my kind of bad influence. Lol

solidgrue, 1 month ago

Witness tampering. Spicy.

solidgrue, 1 month ago

There was a similar gag in the movie Skin Deep (1989) (YouTube link). Teenage me thought it was hilarious.

solidgrue, 1 month ago

This isn’t a uniquely German problem >.>

solidgrue, 1 month ago

I had Cheerios & gin.

solidgrue, 1 month ago

In good faith: coffee, spiced rum, vanilla, cream. Sugar to taste.

solidgrue, 1 month ago

No! Ya think?

… Really??

solidgrue, 1 month ago

I misread your post, but the prima facie is that he drew a weapon on law enforcement, that as a result.of being a sovcit idiot.

Chorine in the gene.pool. What a bitch.

solidgrue, 1 month ago (edited 1 month ago)

You’re better off going in for the cleaning you know the need, and they’ll tell you if you have cavities more surely than asking the Internet. Maybe it’s different at your local practice, but my dentist always schedules a follow-up visit to deal with the cavities.

You can always decline further treatment if ithe cost is an issue. Or, your debris dentist can work with you on prices and finance.

solidgrue, 1 month ago (edited 1 month ago)

<span style="color:#323232;">dd if=/dev/urandom of=/dev/audio bs=2
</span>

solidgrue, 1 month ago

10^20 monkeys, 10^5 years

solidgrue, 1 month ago

A politician in Russia’s Tver region…

solidgrue, 1 month ago (edited 1 month ago)

I do this, but I also work in tech and have a pretty solid grasp of routing and how that all works. I agree it may seem overkill for many installs, but makes sense for certain use cases. I’ll try to explain without writing a book. I’ll be glossing over a LOT of texture in the following…

In networking, a router is considered to be a node in a graph with multiple host IP addresses, one for each edge. It has an interface-- sometimes physical but more often viirtual-- on each edge (network segment, VLAN) that connects to it, and which usually serves as the gateway IP for that edge. In larger networks where there is more than a single router, the routers must all tell each other which router has which destination network segment, so they all speak a routing protocol like RIP, OSPF or IS-IS. Each of the speakers must be able to identify itself uniquely among the others so the others know which node is making what advertisements. To do this, they each are assigned a unique router ID, which is normally a 32 bit integer value represented as a dotted quad. Customarily this is an IP address, and the protocols further this idea by adopting the highest numbered IP address on the device or the addrss of its loopback interface, if defined.

The point of a routing protocol is for the participating nodes to advertise IP ranges associated with their connected edges. They assert advertisements for each edge when it is active.(I.e., the interface is UP) and withdraw or expire them when the edge is unavailable (I.e., the interface is in any state other than UP). Every time an edge changes state-- goes from UP to not-UP, or not-UP to UP-- that advertisement must propagate across the whole system, and every node must stop forwarding traffic to recalculate its own best path to the remaining available edges. This is called reconvergence, and network engineers try to do things to minimize the number and frequency of these events.

Practically, one of the things network engineers do to try to avoid instability is not having the ID of a speaker change dynamically. Going back to how the device selects its router ID, it considers the loopback IP first, or else the highest numbered IP active on the device at the time of evaluation. Edge interfaces can go UP or not-UP for any number of reasons at any time, thus they are less than ideal to use for the router ID. The loopback interface by contrast is always up. This interface is typically assigned the IP the routing protocol will use for its router ID.

In practice, the loopback is the only interface on a router than can be said to belong to the router itself¹, and not to an edge connected to the router². There are other practical reasons in routing to do this, but they all come back to the fact that the loopback is always up, and therefore it’s always apt to be advertised as an available edge.

So what does any of this have to do with servers, applications and self hosting?

Applications that provide services over the network, DNS servers for example, need to bind to at least one IP address and protocol port. On servers with multiple interfaces, these applications normally bind to all available interface addresses, using the address 0.0.0.0. In some situations this might be undesirable. Maybe you don’t want your pihole serving your internal DNS to your ISP, or maybe you have several VLANs at your house and want to use a single IP address for DNS across all of your VLANs, or you don’t trust the VLAN interface IPs to always be the same.

Adding an IP to the lo interface ensures that IP is always available and reachable. It provides a single place for all hosts in the system to go that isn’t pinned to any one of the possible VLAN interface IPs.

In my own home setup, I define several IPs on the loopback for different containers that all want to use port 8443/tcp for their public port. This gives me the flexibility of being able to assign different services their own IP (which I can then reference by name in DNS) on their native port vis-à-vis the documentation. So my Pihole container has its address and my Unifi controller container has its own as well.

Anyway, this is very much a Done Thing in the industry. Not everyone needs it, but its a useful technique in the right circumstances.

---

1. Considered from to perspective of graph theory, network nodes and the edges they connect are distinct things. A router participates in a LAN, but the LAN is its own thing, and not formally part of the router.
2. In large IP networks, there are frequently tra sport topologies like VLANs or other shared.media that connect two or more routers, and are used exclusively to distribute traffic among themselves. Which of the participating routers is said to “own” that advertisement?

solidgrue, 1 month ago

I appreciate the pun!

For home networks, I agree there’s usually not a need. I do it for portability reasons: I always use 192.168.0.0/24 addresses (192.168.0.0 - 192.168.0.255) for services I’m hosting on prem at home. In general, my home router is a Linux box connected directly to my ISP’s network on one interface and a switch with several VLANs on its other interface, and which has IP forwarding enabled with IP masquerade. I also use IPv6 a fair amount and receive a healthy whack of addresses from my ISP that I delegate out portions of to each VLAN. By my count I have 6 or 8 active VLANs on my home net for the adults, for work, for the kids, for the central services, for isolating untrustworthy IOT doodads, for infrastructure management, and for guests.

Most of my so-called central services have been hosted on the same Linux box that does the routing, using containers bount do tjose subnet zero IPs on the loopback. It skeeves me out a bit to do that though, so I’ve been moving that stuff over to a new applications server in a DMZ VLAN. I know what I’m doing, but I’m also incurring unnecessary risks having structured my service hosting the way I have.

The IP-on-loopback trick let’s.me move those services from a VIP on the router to an IP on the new service host without having to reconfigure everything. I just fake in some /32 routes where I need to, and the traffic goes where I want of to.

I admit up front this isn’t great discipline, but as I said I know what I’m doing and it only sounds crazy to me when I try to explain it to other people. Lol.

solidgrue, 1 month ago

He appears to have survived the attempt. That poor bastard.