That enables an amplification attack.

Technically, you’re right.

An amplification attack is just telling the server to respond to a different/wrong ip with the response to a query than the actual asking request. This is solved generally with DNSSEC verifying the origin and requester ips match, if not, the request is dumped.

However, if your authoritative server doesn’t have records for the request, it will simply forward it (if configured to do so) to an upstream and probably hardened server, or drop the request. Either way, it becomes not your problem.

So unless the amplification attack is asking for records your server is actually hosting and for which your server is authoritative, this isn’t a huge concern.

I’m not scrutinizing it much.

Same. I just run a Minecraft server for my kid and his friends and a static HTML blog, so I’m ok with it.

I’m fairly sure it’s a background migration task, and I have a feeling it depends on your region.

I haven’t had my instances deleted, but they do some kind of maintenance blip everyday that my monitoring sees as 3 seconds of downtime, so maybe keep that in mind.

Not very likely unless the SOA contains more records than simply for the author’s resources. Also, I think it’s assumed that DNSSEC is configured, but the author doesn’t specify.

Not enough info, but it sounds almost like you’re creating the snapshots locally and sending those over instead of snapshotting to the destination directly.

Sanoid and syncoid are Jim Salter’s creation. Check out his blog at mercenarysysadmin.com for some examples of sanoid and syncoid. Klara systems also has a number of deep dives into those utilities.

Love the enthusiasm, but let’s stop casting this as an end-user-only problem. The real issue is, once again, large corporations using and taking advantage of oss while putting ZERO money or work back into oss. It’s victim blaming with extra steps, and us blaming each other is exactly what the real culprits want.

If it makes us feel better that we can pay on a regulsr basis for these things, great. But massive oss projects can’t thrive on a few of us donating.

Looks like a lot of people have issues using this board for both iommu and sr-iov tasks.

This has some of the breakdown of the issues, but that board doesn’t seem to play well with hypervisors.

Those are not authoritative responses, though. You can only add CNAME and A records to pihole, because it’s built on dnsmasq and not on bind/unbound.

You can’t add SOA records to pihole. Or zone transfers, or any actual DNS server functions, really. Pihole is just a forwarder.

You should check out the nas compares review of the pre-release, it’s insanely expensive and he questions who exactly is the target audience.

Beyond that, he reviews the specs quite nicely (as usual).

I guess I’ll correct my statement:

It can only be done by decrypting your passwords and comparing them across several locations, thereby mostly canceling any security you were counting on from your password manager.

Frigate is popular.

I used to use ZoneMinder, it worked well, but you must be very familiar with onvif, primary/secondary channels, and key frames for it to work well.

I only switched to frigate because of the person/animal detection. It’s ok, but it does need some polish in a few areas like event retention, and it could stand some more approachable documentation.

Pangolin is a reverse proxy implementation, so it doesn’t really achieve the same thing as VPN software.

Kodak said “we don’t believe digital photography will take over” and iRobot is like “we’ve tried nothing and we’re all out of ideas”

What is your mobo model?

You can start with this, but does your motherboard support sr-iov? If you can’t use normal PCI passthrough because of lack of IOMMU granularity, the odds of it supporting SR-IOV are slim.

I didn’t know Jellyfin could search torrents. Do you mean radarr/sonarr?

Sorry, I bungled that by not adding context.

You’re right, subsonic server and its api are the source of all this. However, that api is completely open, which means there are many, many client and server applications that use it successfully.

Navidrome is a good server one, tempus, and here are a ton more!

Close, In this context, it’s this: https://subsonic.org/pages/api.jsp

This is the cost of offline password managers. You can’t do this at a file level, there is no way for a sync protocol to merge changes from two files. I say this having suffered the loss of a couple passwords from this exact scenario.

You either need to exercise diligence in only adding passwords at one place, or run a “real” db-based password manager.

Permissive licensing can create what is effectively “software tivoization” (the restriction or dirty interpretation of distribution and modification rights of software by the inclusion of differently-licensed components).

The Bitwarden case is a good example of how much damage can be done to a brand with merely the perception of restrictive licensing. obviously, bitwarden has clarified the mess, but not before it was being called ‘proprietary’ by the whole oss community.

So I don’t think op is referring to direct corporate takeover, but damage caused by corporate abuse of a fork.