• 0 Posts
  • 235 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle


  • Hey I don’t know your technical capability, but Steve Gibson pointed out the lowest knowledge way to get an isolated network just by buying two more cheap NAT routers. Your current router stays routing internet, but in LAN1 you plug in one of the new routers, let’s call it your home network, and LAN2 of your internet router plug in the other router and call it insecure. Plug in your WiFi access points into home and your devices. Plug in work laptop and other IoT to insecure. Home won’t be able to talk to insecure, and insecure can’t talk to home. This is all because of NAT. Just make sure the home network range is a different range to the insecure.

    Otherwise it’s just a vlan on router and switches and access points with no firewall rules that allow INSECURE to HOME.

    You might already know all this in which case never mind!

    https://www.grc.com/nat/nat.htm






  • This sounds unbelievable, like the turning of a ship to avoid an iceberg. It’s an unbelievably light sentencing, showcasing the country’s lack of interest in protecting women’s rights while declaring the intent to do so in the ruling.

    If my partner was attacked, lost her hearing and had to attend court multiple times to defend her rights to safety, and the perpetrator got 3 years? I’d be furious.

    I know she’d be devastated. The times she felt unsafe already leave such a big impact, let alone a realised attack.

    Anyway. I do hope it’s just a positive sign, that all it will take is a bit more time. I want to believe it’s positive. But it’s wild to compare what I’d like to believe as obvious human rights; to not be attacked to the point of disability from an unprovoked human, then believe in the justice system in arrears to punish and (theoretically) prevent.

    Anyway, long rant. Processing it because I probably believed Korea was better than that. Not all the humans, just at least the culture and law.




  • It’s solving a real problem in a niche case. Someone called it gimmicky, but it’s actually just a good tool currently produced by an unknown quantity. Hopefully it’ll be sorted or someone else takes up the reigns and creates an alternative that works perfectly for all my different isos.

    For the average home punter maybe even up to home lab enthusiast, probably not saving much time. For me it’s on my keyring and I use it to reload proxmox hosts, Nutanix hosts, individual Ubuntu vms running ROS Noetic and not to mention reimaging for test devices. Probably a thrice weekly thing.

    So yeah, cumulatively it’s saving me a lot of time and just in trivialising a process.

    If this was a spanner I’d just go Sidchrome or kingchrome instead of my Stanley. But it’s a bit niche so I don’t know what else allows for such simple multi iso boot. Always open to options.


  • Don’t waste time on pandering to proof of ability when actions speak louder than words. The release of your research is personally something I’m looking forward to regardless of your history or experience. I will interpret your research and evaluation with my own bias and sceptical stance. I’d rather question you afterwards if your article left questions unanswered or unclear.

    Jumping the gun now and questioning you before we start just wastes both our time.

    Good luck with your research!




  • Two pihole servers, one n VM vlan, one on device VLAN with OpnSense delivering them both via DHCP options. I sometimes update lists, like yearly… At best. They’ve been there over 7 years. Calling them robust is correct. The hypervisors are 3 proxmox servers in cluster using ceph. Intrl NUC 3rd Gen. Less than 80w combined with all vms. Also 8 years old no failures but tolerant for it.





  • I think you probably don’t realise you hate standards and certifications. No IT person wants yet another system generating more calls and complexity. but here is iso, or a cyber insurance policy, or NIST, or acsc asking minimums with checklists and a cyber review answering them with controls.

    Crazy that there’s so little understanding about why it’s there, that you just think it’s the “IT guy” wanting those.


  • Sr-iov works already though? That’s not needed for this. The motherboard presents the pci bus to the guest regardless of what’s plugged in. Works fine.

    This is when you want many guests to have shared graphics by partitioning a gpu. So the host still retains it and presents the graphics card to guests. You need to partition the ram up equally though, so useful only in VDI generally where you want a RTX A6000 like card to split to 10 guests each with 8gb of ram, and they share the gpu, but keep their individual video ram. Economy of scale can work out in graphics or maybe ML situations. Not so useful at home since you’ll probably have a Rtx 3080 with like 10-12gb of ram, and at most you wouldn’t want to split it below 8gb for modern games and partitions need to be equally sized. For 10g two = 2x5gb which would be a poor experience probably. Lots of frame stutters as it switches stuff between ram to video ram.

    Hope that helps. Unless this technology unlocks better partitions it’s more about opening to vdi and machine learning in a full open source context like proxmox rather than just the driver being locked behind hyperv vmware and citrix hypervisor/xen and a big yearly license. Maybe it still needs that yearly license.