So I had the idea that the router would default to allowing no incoming connections - because of IoT things and appliances on the LAN which potentially have poor security posture - but that hosts who wanted to run servers could set the
no-firewall DHCP user class, and the router would notice this and allow all incoming for them. (This is for IPV6, I have no interest in implementing any v4 port forwarding unless I absolutely have to)
This does feel weirdly like client-side authentication (perhaps because it is?) but right now I'm thinking it's probably OK. The firewall isn't a trust boundary (the LAN is an untrusted network), it's just there to discourage "smart" devices from joining botnets
All that said, getting anything other than a Windows machine to send a dhcp user class is either somewhat involved or significantly impossible.
How to see all of the service definition, not just the leftmost 80 characters of each line :
`systemctl cat dhcpcd.service|cat`
The "useless use of cat" award committee wants a word...
Can't reconfigure my dhcp client because github is down. first world single point of failure
The NetworkManager README says "Networking that Just Works". Unsure whether to read "just" here as "simply" or as "only just"
What is the likelihood that networkmanager's default dhcp client allows setting the user class? I'm reading the source code to find out
Dropped my phone in the toilet bowl :-(
Can't decide if I want it to dry out and make a perfect recovery (the world is finite, and ewaste is a terrible thing) or stop working so I can buy a pinephone
I won't say it's done, because it's not done. But, I can see the end from here
#nixwrt running on real hardware getting real internet traffic from a real ISP and routing to a local network
#nixwrt on qemu is sending dhcp and all the gubbins to a second qemu process that I booted using a System-Rescue iso image.
This is probably an achievement. I say "probably" because I can't actually see the output from the system-rescue vm because it doesn't work properly with
-serial stdio. But the packets are flowing ...
Nov 21 17:56:45 dnsmasq-dhcp: 13935373 client MAC address: 52:54:00:12:34:56
Nov 21 17:56:45 dnsmasq-dhcp: 13935373 client provides name: sysrescue
Nov 21 17:56:45 dnsmasq-dhcp: 13935373 DHCPSOLICIT(eth1) 00:04:dc:c5:43:08:80:09:95:31:b5:c5:75:68:d8:5f:2e:2e
Nov 21 17:56:45 dnsmasq-dhcp: 13935373 DHCPREPLY(eth1) 2001:8b0:de3a:40dc::f0dc
Last night I cycled too and from the LFNS - usually I get the Tube - and less than 2 hours after getting home my legs were stiff like I had DOMS. Except that DOMS is usually not until the next day.
Anyway, today I still have it-hurts-to-walk-down-stairs stiff legs. Maybe tomorrow will be better
If a matching Document is not found and Mongoid.raise_not_found_error is true it raises Mongoid::Errors::DocumentNotFound, return null nil elsewise.
So a global config option affects the semantics of this method quite fundamentally. Didn't we agree this was a bad idea back in the php.ini days?
The upshot is that any library code using mongoid is unable to give any guarantees about its behaviour in error situations because it doesn't know how the app it's embedded into has set its configuration options.
I grant that ActiveRecord has its own design problems, but if you're going to ignore it in favour of doing your own thing, maybe at least try not to make it worse?
How to find out whether your Nixos device has Bluetooth LE support:
$ nix run nixos.bluezFull -c bluetoothctl scan on devices
and notice that it's within range of the Pinetime watch in the bedroom on the next floor up. Apparently "low energy" doesn't always mean "short range"
I have a ppp over l2tp interface, using xl2tpd and pppd. The L2TP bit seems to work OK, the PPP interface comes up and negotiates IPv4 addresses then IPV6 link addresses.
I can v4 ping both ends of the connection But: I can't ping the v6 link addresses (maybe this is normal) and when I run odhcp6c to get a prefix delegation, it sends a SOLICIT but doesn't see the ADVERTISE replies from the DHCP6 server
(I know the DHCP6 server is sending replies because I can see them in tcpdump)
The kernel doesn't have netfilter or any iptables stuff compiled in, so I don't think there's any kind of firewalling
rp_filter, as far as I can tell, works only for ipv4 not ipv6
I'm a bit stuck for what to try next. Any ideas?
Did a giant #nixwrt WIP commit, because I have now changed so many things at once I have given up on the prospect of it making any sense in my head.
But it's on a branch. When I get to the end of this journey (l2tp connection to my ISP and all the IPv6 prefix faff) I will ... probably print the diff and use four colours of magic marker to decide which bits to commit in what order to create some meaningful narrative
Build images for embedded MIPS SoCs using NixPkgs (experimental) -...GitHub
I asked #nixos to cross-compile an armv6l (raspberry pi v1) image, and now it seems to be building an x86-64 version of imagemagick.
I'm mildly curious why this should be required, but TBH more curious about whether the comment in the nix wiki that raspberry pi images can only be build on aarch64 is still true
I have a #pinetime synced to my android phone using #GadgetBridge. Sometimes it refuses to connect, even after toggling bluetooth/rebooting etc, butbobe workaround that has not failed yet is to connect to the watch using the nordicsemi nRF Connect app. After nRF Connect has found the watch, gadgetbridge is able to reconnect
It's experimental (!) but yes this is HUGE! Can't wait!
The fact that the Nix store is now content-addressable is mind-blowing and IMHO one of the most significant improvements in the Nix ecosystem.
Congrats to all the developers for this release! https://twitter.com/domenkozar/status/1455286214165028869
Beginning to think that nixpkgs cross-compilation is like monads, insofar as once you understand it you are no longer able to explain it to someone who doesn't
Wondering where to buy cheapish sd cards (in UK) without being sent fakes. Probably not Ebay, right?