cross-posted from: https://lemmy.pe1uca.dev/post/1137911
I need to help auditing a project from another team.
I got the pointers on what's expected to be checked, but I don't have like templates for documents for what's expected from an audit report which also means I'm not sure what's the usual process to conduct an internal audit.
I mean I might as well read the whole repo, but maybe that's too much?Any help or pointers on what I need to investigate to get started would be great!
I need to help auditing a project from another team.
I got the pointers on what's expected to be checked, but I don't have like templates for documents for what's expected from an audit report which also means I'm not sure what's the usual process to conduct an internal audit.
I mean I might as well read the whole repo, but maybe that's too much?
Any help or pointers on what I need to investigate to get started would be great!
cross-posted from: https://lemmy.pe1uca.dev/post/1136490
I'm checking this mini pc https://www.acemagic.com/products/acemagic-ad08-intel-core-i9-11900h-mini-pc
It says the M2 and SATA ports are limited to 2TB, but I can't imagine why that's the case.
Could there be a limit on the motherboard? On the CPU?
If most likely this is done in software (windows) probably it won't matter since I'm planning to switch to linux.What I want to avoid is buying it and being unable to use an 8TB drive.
I'm checking this mini pc https://www.acemagic.com/products/acemagic-ad08-intel-core-i9-11900h-mini-pc
It says the M2 and SATA ports are limited to 2TB, but I can't imagine why that's the case.
Could there be a limit on the motherboard? On the CPU?
If most likely this is done in software (windows) probably it won't matter since I'm planning to switch to linux.
What I want to avoid is buying it and being unable to use an 8TB drive.
I started tinkering with frigate and saw the option to use a coral ai device to process the video feeds for object recognition.
So, I started checking a bit more what else could be done with the device, and everything listed in the site is related to human recognition (poses, faces, parts) or voice recognition.
In some part I read stable diffusion or LLMs are not an option since they require a lot of ram which these kind of devices lack.
What other good/interesting uses can these devices have? What are some of your deployed services using these devices for?
I have a few servers running some services using a custom domain I bought some time ago.
Each server has its own instance of caddy to handle a reverse proxy.
Only one of those servers can actually do the DNS challenge to generate the certificates, so I was manually copying the certificates to each other caddy instance that needed them and using the tls
directive for that domain to read the files.
Just found there are two ways to automate this: shared storage, and on demand certificates.
So here's what I did to make it work with each one, hope someone finds it useful.
This one is in theory straight forward, you just mount a folder which all caddy instances will use.
I went through the route of using sshfs, so I created a user and added acls to allow the local caddy user and the new remote user to write the storage.
setfacl -Rdm u:caddy:rwx,d:u:caddy:rwX,o:--- ./
setfacl -Rdm u:remote_user:rwx,d:u:remote_user:rwX,o:--- ./
setfacl -Rm u:remote_user:rwx,d:u:remote_user:rwX,o:--- ./
Then on the server which will use the data I just mounted it
remote_user@<main_caddy_host>:/path/to/caddy/storage /path/to/local/storage fuse.sshfs noauto,x-systemd.automount,_netdev,reconnect,identityfile=/home/remote_user/.ssh/id_ed25519,allow_other,default_permissions,uid=caddy,gid=caddy 0 0
And included the mount as the caddy storage
{
storage file_system /path/to/local/storage
}
This one requires a separate service since caddy can't properly serve the file needed to the get_certificate directive
We could run a service which reads the key and crt files and combines them directly from the main caddy instance, but I went to serve the files and combine them in the server which needs them.
So, in my main caddy instance I have this:
I restrict the access by my tailscale IP, and include the /ask
endpoint required by the on demand configuration.
@certificate host cert.localhost
handle @certificate {
@blocked not remote_ip <requester_ip>
respond @blocked "Denied" 403
@ask {
path /ask*
query domain=my.domain domain=jellyfin.my.domain
}
respond @ask "" 200
@askDenied `path('/ask*')`
respond @askDenied "" 404
root * /path/to/certs
@crt {
path /cert.crt
}
handle @crt {
rewrite * /wildcard_.my.domain.crt
file_server
}
@key {
path /cert.key
}
handle @key {
rewrite * /wildcard_.my.domain.key
file_server
}
}
Then on the server which will use the certs I run a service for caddy to make the http request.
This also includes another way to handle the /ask
endpoint since wildcard certificates are not handled with *
, caddy actually asks for each subdomain individually and the example above can't handle wildcard like domain=*.my.domain
.
package main
import (
"io"
"net/http"
"strings"
"github.com/labstack/echo/v4"
)
func main() {
e := echo.New()
e.GET("/ask", func(c echo.Context) error {
if domain := c.QueryParam("domain"); strings.HasSuffix(domain, "my.domain") {
return c.String(http.StatusOK, domain)
}
return c.String(http.StatusNotFound, "")
})
e.GET("/cert.pem", func(c echo.Context) error {
crtResponse, err := http.Get("https://cert.localhost/cert.crt")
if err != nil {
return c.String(http.StatusInternalServerError, "")
}
crtBody, err := io.ReadAll(crtResponse.Body)
if err != nil {
return c.String(http.StatusInternalServerError, "")
}
defer crtResponse.Body.Close()
keyResponse, err := http.Get("https://cert.localhost/cert.key")
if err != nil {
return c.String(http.StatusInternalServerError, "")
}
keyBody, err := io.ReadAll(keyResponse.Body)
if err != nil {
return c.String(http.StatusInternalServerError, "")
}
return c.String(http.StatusOK, string(crtBody)+string(keyBody))
})
e.Logger.Fatal(e.Start(":1323"))
}
And in the CaddyFile request the certificate to this service
{
on_demand_tls {
ask http://localhost:1323/ask
}
}
*.my.domain {
tls {
get_certificate http http://localhost:1323/cert.pem
}
}
Seems the SSD sometimes heats up and the content disappears from the device, mostly from my router, sometimes from my laptop.
Do you know what I should configure to put the drive to sleep or something similar to reduce the heat?
I'm starting up my datahoarder journey now that I replaced my internal nvme SSD.
It's just a 500GB one which I attached to my d-link router running openwrt. I configured it with samba and everything worked fine when I finished the setup. I just have some media files in there, so I read the data from jellyfin.
After a few days the content disappears, it's not a connection problem from the shared drive, since I ssh into the router and the files aren't shown.
I need to physically remove the drive and connect it again.
When I do this I notice the somewhat hot. Not scalding, just hot.
I also tried this connecting it directly to my laptop running ubuntu. In there the drive sometimes remains cool and the data shows up without issue after days.
But sometimes it also heats up and the data disappears (this was even when the data was not being used, i.e. I didn't configure jellyfin to read from the drive)
I'm not sure how I can be sure to let the ssd sleep for periods of time or to throttle it so it can cool off.
Any suggestion?
I started fiddling with my alias service and started wondering what approach other people might take.
Not necessarily the best option but what do you prefer? What are the pros and cons you see with each option?
Currently I'm using anonaddy and proton, so I have a few options to create aliases.
What do you think?
What option would you choose?
I started delving into world and dungeon generation with different techniques.
The one I want to try is wave function collapse.
There are several videos and repos explaining and showcasing how it works and how it can be used to generate an infinite world.
One question I have and haven't seen any mention about is, how do I recreate/reload the map from any point other than the original starting one?
So, AFAIK the algorithm start from a few tiles/pixels in a starting position, or picking their position at random, and then can collapse the rest of the map with the set of rules given to the building blocks, but if these starting tiles/pixels are far away after a player saves, then I can only think about having to start from them again to reach the saved point to be able to show the same world which of course could mean a very long loading screen.
Maybe the save can include the current seed, but then it can advance differently when the player goes back, which means the algorithm would generate a different portion of the map.
How can I ensure the world would be regenerated as it was?
While writing this I'm thinking I could be generating the seed of a block of tiles/pixels based on the seed of neighboring blocks and the coordinates in the map, something like left: seed+X, right: seed-Y, where X and Y are calculated based on the coordinate of the block.
This way I can save the seed of the current block and easily recalculate the seed used to generate all the adjacent blocks.
What do you think about this approach?
I have an old android tablet (and several phones) that I want to use for small applications in my home automation.
For the most part just to show a web page to quickly click something to activate or read the status.
My issue is the OS installed is very old and of course there are no official updates.
Looking for custom roms they are also somewhat old because the age of the devices, and everyone says "don't use the rom of one device into another even if the models are very similar".
So, my question is, what are my options if I can't use a pre-built rom?
Could I keep the same OS and just restrict access to only my internal network?
Not sure if I'm being too paranoid about security risks using these devices to just connect to my services.
@pe1uca
@lemmy.pe1uca.dev