starkzarn

joined 1 year ago
sorted by: new top controversial old
Ah yes, smart lights need Tor. in c/privacy@lemmy.ml
[–] starkzarn@infosec.pub 110 points 8 months ago (5 children)

It's just an NTP pool. The device is trying to update it's time. Likely it made many other requests to other servers when this one didn't work.

Maintaining up to date lists of anything is a game of whack a mole, so you're always going to get weird results.

If you're actually unsure, pcap the traffic on your pfsense box and see for yourself. NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

That said, I'd still agree with the other poster about local integration with home assistant and just block that sucker from the Internet.

Grocery shopping apps in c/selfhosted@lemmy.world
[–] starkzarn@infosec.pub 3 points 8 months ago

Ran into a similar conundrum. We use mealie for recipe management and occasionally meal planning, but the shopping list is clunky. We resorted to just making a list on a card in Planks. Not purpose-built, but it has worked rather well for us.

You probably don't need a VPN in c/technology@beehaw.org
[–] starkzarn@infosec.pub 1 points 8 months ago (1 children)

Potentially, but precision is important, especially if you're going to make sweeping claims about a topic, acting as an authority.

You probably don't need a VPN in c/technology@beehaw.org
[–] starkzarn@infosec.pub 7 points 8 months ago (3 children)

This is absolutely not what DNSSEC is. DNSSEC provides authenticity of the response, not privacy. You're describing a means of encrypted name resolution, like dns-over-tls, dns-over-https, etc.

Where does all the cut/shaved hair end up that isn't donated? in c/nostupidquestions@lemmy.world
[–] starkzarn@infosec.pub 6 points 10 months ago (1 children)

Yeah, put that trash in prison!

Internal wiki for a school project in c/main@selfhosted.forum
[–] starkzarn@infosec.pub 2 points 10 months ago

Wiki.js with a postgres backend is my vote, easily.

Have I successfully blocked ssh logins to root? in c/linux@lemmy.ml
[–] starkzarn@infosec.pub 12 points 10 months ago (8 children)

That all sounds correct to me. The random port you're seeing in the logs is a high port, often referred to as an ephemeral port, and it is common for source ports. All good there.

I am pouring one out to this little champ. Stripping HDCP and letting me... archive streaming services from 2016-2023 RIP in c/piracy@lemmy.dbzer0.com
[–] starkzarn@infosec.pub 7 points 10 months ago (1 children)

Agreed. SMD components fail silently.

I am pouring one out to this little champ. Stripping HDCP and letting me... archive streaming services from 2016-2023 RIP in c/piracy@lemmy.dbzer0.com
[–] starkzarn@infosec.pub 30 points 10 months ago (4 children)

This is pedantic, but there are indeed capacitors there. They're all surface mount components, so they don't look like the caps that people typically talk about replacing, and they likely aren't what caused it to fail. Anything labeled on the board with a C## is likely a SMD capacitor.

Shinobi sucks (for me), recommend me something else! in c/main@selfhosted.forum
[–] starkzarn@infosec.pub 1 points 11 months ago

Frigate or zoneminder. I've run both and would highly recommend both. Frigate is easier to get setup initially. Test them both out!

Distro for experienced Linux user in c/linux@lemmy.ml
[–] starkzarn@infosec.pub 1 points 11 months ago

That sort of configuration after the fact would be a fantastic addition, if not already in place.

Forward IP headers in HAProxy to get the real IP of the client in c/selfhosted@lemmy.world
[–] starkzarn@infosec.pub 2 points 1 year ago (1 children)

You don't need haproxy on the vps at all, unless I'm misunderstanding you. Just route the traffic using iptables hooks in your wireguard config. This is exactly how I manage my email server and it's entirely transparent.

view more: next ›