• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle


  • It is not, but a write amplification of 36704:1 is one hell of an exploitable surface.

    With that same Raspberry Pi and a single 1gbit connection you could also do 333333 post requests of 3 KB in a single second made on fake accounts with preferably a fake follower on a lot of fediverse instances. That would result in those fediverse servers theoretically requesting 333333 * 114MB = ~38Gigabyte/s. At least for as long as you can keep posting new posts for a few minutes and the servers hosting still have bandwidth. DDosing with a ‘botnet’ of fediverse servers/accounts made easy!

    I’m actually surprised it hasn’t been tried yet now that I think about it…


  • There are inverters that support battery backup, recharging from solar and grid power that are supposed to go between your grid tie-in and the rest of your house. Quite a ways more expensive, but the battery capacity is probably relatively cheap compared to UPS power and is essentially a backup for your entire house.

    The one I read about a while ago was a Growatt that is basically an all in one box. Can provide power from batteries, recharge from solar or grid power, feed back excess solar power to the grid, etc, you name it. And I can imagine other brands producing the same solution.

    I’m lucky enough to live in a country with almost no power cuts though. I think we have at most 1 a year for max 10 minutes. So can’t say I have any experience with it myself.


  • The biggest red flag is probably that they claim to just be the WireMin protocol, but haven’t published any protocol specifications. In the spirit of open and unmoderated communication I would hope they would at least publish their protocol specifications, even if they won’t opensource their own client for it.


  • Honestly the default config is good enough to prevent brute force attacks on ssh. Just installing it and forgetting about it is a definite option.

    I think the default block time is 10 minutes after 5 failed login attempts in 10 minutes. Not enough to ever be in your way but enough to fustrate any automated attacks. And it’s got default config for a ton of services by default. Check your /etc/fail2ban/jail.conf for an overview.

    I see that a recidive filter that bans repeat offenders for a week after 10 fail2ban bans in one day is also default now. So I’d say that the results are perfect unless you have some exotic or own service you need fail2ban for.


  • But the Dutch state instance isn’t meant to assert power over user content nor is it meant to influence any information shared. Normal people won’t be able to create an account on that instance, so they cannot see what people view or limit what people create.

    The reason for the instance is to have a government owned instance to share things that aren’t limited by another 3rd party commercial company. Now the government is in control instead of meta or Twitter and they can’t decide to, for instance, limit view access for everyone with no accounts one day. (Looking at you Twitter)

    Another additional advantage is that all the official dutch government accounts are now grouped on an instance with limited and screened account creation. So now everything from that instance is verified to be from the Dutch government. Possibly reducing fraud and impersonating accounts in the future once people get used to the federated usernames.