!Selfhosted I have an #OpenWRT router. Let’s say I install Tailscale on it and want to create an interface that specifically routes to one of my exit nodes. Can I do that?
Everything I’ve seen about Tailscale on OpenWRT just provides direct router access to the tailnet (100.x.x.x), but I specifically want to route certain traffic to an exit node.
Can I do this? Do me proud, Fediverse! Hoping I can get good answers here without resorting to Reddit.
I am a total beginner in this regard, but maybe maybe this could help you:
Check out PBR - policy-based-routing. On OpenWRT there is an app for this task, vpn-policy-routing (together with luci-app-vpn-policy-routing for a GUI inside LuCi). This app helped me to route all traffic coming from my PiVPN to the WAN interface, instead of my commercial NordVPN. Now at home all my traffic goes to NordVPN and when I am not at home I can easily VPN into my home network.
@glasgitarrewelt Thanks. The routing is less the issue than creating the interface that sends traffic to the Tailscale exit node. AIUI the way Tailscale operates on OpenWRT is to provide an interface whose destination is the tailnet, not an exit node.
I’ve done something similar, though not with openwrt. There may be a decent way to do this on the firewall, but I ended up using the ACLs available from the Tailscale console.
I removed the default allow all rule. I made a group called admins that can access everything and then added a set of routes that everyone on the tail net could access.
I’ve only recently set this up, but initial testing seems to have this working as hoped.
I'm not sure this hits the nail for you or not, but I recently solved a question I had regarding tailscale and routing traffic through an exitnode that was using a VPN. Could be worth a peek.
That's a rhetorical question. The worst thing in the world is bedbugs. They are the manifestation of pure evil. I have literally never seen one and yet the very thought of them strikes utter terror into my heart. I once eradicated a colony of harmless booklice on Scarlet (our boat) because of mistaken identity. Sorry, guys.
Anyway, there's currently a huge problem with them in Paris, which means that any random short haul plane you get on in Europe is:
A: Likely to have been to Paris recently and,
B: Pose more than a negligible chance of having bedbugs on it.
I'm flying to the UK next week, and while I am entirely without aversion to thermal warfare, spreading diatomaceous earth everywhere, and filling my environment with pesticides which probably don't work any more (damn you, Darwin!), prevention is far far far better than cure, because as I understand it, pretty much everyone who has ever had a bedbug infestation has post traumatic stress disorder from it.
So I am enacting a new policy. From now on, my ca
... Show more...
What is the worst thing in the world?
That's a rhetorical question. The worst thing in the world is bedbugs. They are the manifestation of pure evil. I have literally never seen one and yet the very thought of them strikes utter terror into my heart. I once eradicated a colony of harmless booklice on Scarlet (our boat) because of mistaken identity. Sorry, guys.
Anyway, there's currently a huge problem with them in Paris, which means that any random short haul plane you get on in Europe is:
A: Likely to have been to Paris recently and,
B: Pose more than a negligible chance of having bedbugs on it.
I'm flying to the UK next week, and while I am entirely without aversion to thermal warfare, spreading diatomaceous earth everywhere, and filling my environment with pesticides which probably don't work any more (damn you, Darwin!), prevention is far far far better than cure, because as I understand it, pretty much everyone who has ever had a bedbug infestation has post traumatic stress disorder from it.
So I am enacting a new policy. From now on, my cabin luggage on planes is a dry bag. I have a dry bag rucksack from Decathlon. Small, portable, easy to carry, air tight, bedbug proof.
@Andy Buckley Well the OpenWRT builder doesn't run on ARM, and the only x86 box I own is a knackered old MacBook Pro, 2015, that I once poured beer through by accident and currently has some ancient crusty barely functioning Ubuntu on it.
Also, TIL: The OpenWRT web interface, Luci, by default listens on 0.0.0.0:80, (via uhttpd) which one may think is madness, because you don't want the WAN or non admin VLANs accessing it.
So I changed it to 192.168.1.1:80, but it turns out that this is pointless. It was always firewalled from the WAN anyway (and indeed, port 80 and 443 incoming are forwarded to my Friendica server), and it turns out that it still accepts connections from other VLAN subnets because of funky loopback shit.
So you need to firewall the router from potentially hostile VLAN subnets and just allow DNS and DHCP via port forwarding (if that's how you roll) through anyway.
(Aside, I wondered what the fuck the "input" zone forwarding was on the OpenWRT firewall. Turns out it means traffic aimed at the router, and only the router. Live and learn.)
And also, if you try and bind it to the main LAN, it comes up before that interface does, notices the interface doesn't exist, and promptly quits.
And then you have to go in via ssh and start it manually.
So don't do that. It's set
... Show more...
Also, TIL: The OpenWRT web interface, Luci, by default listens on 0.0.0.0:80, (via uhttpd) which one may think is madness, because you don't want the WAN or non admin VLANs accessing it.
So I changed it to 192.168.1.1:80, but it turns out that this is pointless. It was always firewalled from the WAN anyway (and indeed, port 80 and 443 incoming are forwarded to my Friendica server), and it turns out that it still accepts connections from other VLAN subnets because of funky loopback shit.
So you need to firewall the router from potentially hostile VLAN subnets and just allow DNS and DHCP via port forwarding (if that's how you roll) through anyway.
(Aside, I wondered what the fuck the "input" zone forwarding was on the OpenWRT firewall. Turns out it means traffic aimed at the router, and only the router. Live and learn.)
And also, if you try and bind it to the main LAN, it comes up before that interface does, notices the interface doesn't exist, and promptly quits.
And then you have to go in via ssh and start it manually.
So don't do that. It's set to 0.0.0.0:80 in /etc/config/uhttpd for a reason, and we shouldn't fuck about with it.
Rolling your own Internet router is fun, but there are all sorts of fun ways to screw yourself.
The whole concept of gatekeeping the concept of transness has recently reared its head in such a way as for me to notice it. Specifically, I've come across the term, "TheyFAB", which is not a word I'd encountered before, although it comes with a lot of very obvious baggage.
I will say this. On the one hand, I have, over the last couple of decades since I transitioned, encountered a very small number of people who are trying to "attach" themselves to the trans community in ways which end up harming other people in that community by sucking up resources from people who really don't have many to spare, in the service of their own ego.
But it's really not many, at all, and not all have been assigned female either.
So I think my main thinking on stuff like this is that some people, if they're going round gatekeeping the identities of people who, realistically, have no meaningful impact on their lives, need to spend less time worrying about what other people have going on, and more time sorting their own shit out.
If a bunch of people aren't hurting you, don't go
... Show more...
The whole concept of gatekeeping the concept of transness has recently reared its head in such a way as for me to notice it. Specifically, I've come across the term, "TheyFAB", which is not a word I'd encountered before, although it comes with a lot of very obvious baggage.
I will say this. On the one hand, I have, over the last couple of decades since I transitioned, encountered a very small number of people who are trying to "attach" themselves to the trans community in ways which end up harming other people in that community by sucking up resources from people who really don't have many to spare, in the service of their own ego.
But it's really not many, at all, and not all have been assigned female either.
So I think my main thinking on stuff like this is that some people, if they're going round gatekeeping the identities of people who, realistically, have no meaningful impact on their lives, need to spend less time worrying about what other people have going on, and more time sorting their own shit out.
If a bunch of people aren't hurting you, don't go out of your way to ruin their day.
While there are things in the cuisine of the USA that we, as Europeans, should take note of, they are far fewer and further between than most Americans like to think.
However, I am utterly persuaded that they're right about eggs "over easy".
Reading about state of understanding of gluten-related disorders, as you do. As research currently stands, about 1-2% of the population are though to have coeliac disease (the majority never diagnosed), and up to 13% more non coeliac gluten sensitivity.
Both of these, through habitual gluten exposure in childhood, may be causing a whole array of life long inflammatory conditions such as asthma, allergies, chronic fatigue, psychiatric disorders, and others. Basically large numbers of people with chronic health problems who can’t get doctors to take them seriously are quite possibly suffering the effects of chronic gluten poisoning.
It boggles my mind that this bastard grass stuff has intruded so far into our societies that it has become the staple foodstuff for massive swathes of the planet, and yet is basically poisonous to 1 out of every 7 people.
I’m in this bracket. I have asthma, chronic IBS, chronic rhinosinusitis since childhood, multiple allergies, Dupuytrens disease, ADHD type symptoms, and was starting to get rheumatoid arthritis in my fingers at the point when, thanks to @Zoe O'Connell gwtting a coeliac diagnosis, the household went gluten free.
And then the arthritis just … went. If I accidentally consume gluten it comes back for a couple of weeks.
Most of the rest of the damage appears to be irreversible though, after more than 4 decades of eating it.
I'm on the phone, so apologies that I can't easily link to things, but wasn't there some thinking that at least some percentage of that figure may not be gluten, but to do with modern industrial processes around wheat, Chorleywood Bread Process (CBP)?
Some people are absolutely gluten intolerant, and gluten sensitive, but at least a percentage that are sensitive may not be sensitive to wheat, but the processing of the wheat, and industrial baking processes.
This one interests me. And since I work in food purchasing, with a bunch of ex-chef and bakers, we've been nattering about it. It's anecdotal, but regular supermarket bread I find irritates me (I'm being polite here), but bread from our local microbakery (Lord that sounds pretentious), is absolutely fine. It never used to, it's something new over the past few years. The bread from the bakery also happens to be delicious, which is a nice benefit.
@kianryan ☑️🐙🏳️🌈 It’s an area where there’s considerable ongoing research, and AIUI about a decade ago the prevailing thought was that it was things like FODMAPs and amylase trypsin inhibitors in wheat causing issues.
But, AIUI, a lot of more recent research is finding direct, extra intestinal, innate immune activation specifically in response to gluten in people without any markers for coeliac disease.
@MrDaleSmith I have no direct experience of the US Washington "progressive" set, but I do have experience of their UK equivalents, and too many of them just think it's a bloody game.
@tommyyum I'm not so sure - outside of the MAGA, I don't think he's got the votes in a general election. Since 2016, he's lost 3 straight (2018 and 2022 midterms and the 2020 general).
My guess/hope is that moderate Republicans stay at home if Trump is the nominee. In addition, there's the 14th amendment issue that will end up in the Supreme Court.
@jaybhatt @tommyyum I worry less about him winning than about people who are crazy enough to do something if he doesn't. We haven't yet done anything to convince that lot it's better for them to sit tight.
@FeralRobots @jaybhatt @tommyyum Although to be fair, those same people will gleefully do worse if he wins, so even if his winning is improbable, it's still the bigger worry.
@petealexharris Well that's the thing, there's precedent to suggest that if they're sufficiently discouraged, most won't try anything. E.g. they tend not so show up at polls if they think their guy's gonna lose. I agree with @goatsarah that we could do more in that regard. But more than we're doing would entail Democrats ignoring law, which isn't something they'll agree as a party to doing. (Dem corruption tends to be an individual choice, rather than structural.) @jaybhatt @tommyyum
@tommyyum The principle motivating feeling of most American Republicans is fear. Even their greed is subordinate to & filtered through fear. (I suspect Tories are similar, AFAICS this is super common for conservatives in general.)
So 'stop being frightened of the guy who can unlease an overwhelming swarm of low-skill ratfuckers' is a noble aspiration, but one to which the majority of Republicans cannot obtain.
@tommyyum Democrats as such can't do anything specifically to stop him. Some specific democrats (like Tish James or Fani Willis) can, & are. & the parts of the judiciary who'd allow it are Republican - we're well down the road to judiciary-capture in the US. At this point our Supreme Court is just John Edwards' sense of propriety away from endorsing one-party rule.
Really interesting article about self driving cars and one woman on the front line of the evidence-based resistance against them driving without direct human control.
The leading source for independent news and analysis about transport in London and beyond. Award-winning coverage of transport infrastructure and politics alongside stories about the history of the Capital's transport networks.
Just had to completely reinstall the OS on my Mac laptop because something in the OS got corrupt and it started going nuts.
Never had that before! Thankfully returning it to its previous state (well, one major OS back - it installed Ventura rather than Sonoma for some reason) was not too painful an experience. I guess I got to junk a load of cruft too.
Put my friendica installation on a VLAN. It made accessing it locally ... interesting.
So I can access it from outside. Fine.
But if I try to access it internally, the traffic just gets dropped. There's no firewall rule to handle the forward via external IP address loopback.
So I set up a forward, and of course, that was a stupid thing to do. Every other https service in the world suddenly and unceremoniously disappears.
So I change the forward to only be something looking to loopback via my external IP.
But the external IP is dynamic. The router will update the dyndns record, but it will not update its own firewall rule. I'd have to do it manually every time it changed. Very far from ideal.
But inspiration struck! I have my own DNS server! (pihole).
As of now, thegoatery.dyndns.org from within my internal network resolves to the IP address of the friendica box on the VLAN.
Potential gotcha: LuCI is available on all interfaces on #OpenWRT. WAN is moot because firewall and redirect anyway, but having it on the Friendica DMZ VLAN is very bad!
I’m not sure Musk will have any choice in the matter. He can’t afford to reinstate the moderation that would be needed to meet EU law, even if he wanted to.
I want to preface this by saying that I am not, in any way, a furry. I wish those who are all the best with it, but that’s not the angle I’m approaching this from.
That being said, I’m kinda mad that evolution took our tails.
Equal in length to my height, about 2-3cm in diameter, and scaly like a pangolin. Prehensile and strong enough to take my body weight.
Right, not starting anything, but normal countries have a general election should their parliament serially fail to produce a functioning (at least in name) legislature.
So without naming names, if any large federal republics with a 9 digit population in the western hemisphere need an intervention, blink twice.
I'm thinking of a western federal republic with 9-digit population which fits that description but doesn't have that option because that's not how elections work here...er I mean 'there'. (Unfortunately. Maybe. Who knows, in the place I'm thinking of triggered elections would almost certaily result in [even more] chaos.)
“Don’t worry, Trump won’t be nominee” “Don’t worry. Trump won’t be president” “Don’t worry, the UK won’t leave the EU” “Don’t worry about LePen” “Don’t worry about AfD” “Don’t worry, we can carry on with business as usual”
SOMEBODY FUCKING DO SOMETHING! START FUCKING WORRYING.
Precisely how I feel. I do not understand how this is happening, and why people enable it. I am happy with my dog, but am rapidly losing interest in humans.
One might think “the cold blooded murder of a million children is a bad thing” is an uncontroversial statement to make on this here federated network thing, but apparently there are more fans of murdering children here than one might imagine.
They are sensitive to the foreign policy of the UK, so writing to your MP or otherwise demonstrating your concern publicly is the most effective action you can take.
Wifi 6 (892.12ax) is interesting because it seems, the more of its useful features you turn on, the more 2.4GHz-only WiFi 4 (892.11n) cheap shit just breaks.
So I’m maintaining a separate 802.11n SSID on the same gear just for said cheap shit.
Cheap shit that breaks on WiFi 6 seems to include:
Princess dehumidifier (cloud only, but it seems they all are, so they’ll likely eventually brick it)
Daikin AC units (local control without cloud, thank fuck)
Legrand Netatmo zigbee hub (again local control, thankfully, but dear god its WiFi support is flakey and power cycling if involves using the fuse box)
iRobot Roomba i3
Seriously, this shit all has the cheapest nastiest buggy cheap junk WiFi implementation and they should be ashamed.
Also, I wish the EU would get round to banning cloud-only appliances. You just know they’re gonna turn the cloud services off years before the useful end of the device, basically bricking it. Local API or GTFO.
local API with no proprietary app (no client certificates to communicate with the appliances). Combined with easy-to-manage (for non-technical people) home gateway firewall, to allow/prevent Internet access.
@4somecurious Yeah. I use cheap TP-Link cameras at home, but have to rely on a firewall rule in my OpenWRT router to stop thew bloody things phoning home with pictures of my tits.
Humanity throughout history is beset by fuckers. Right now, for example, we have overtly homicidal fuckers like Putin and Netanyahu, would be homicidal fuckers like Trump, and common or garden “hoarding all the money like some fucking dragon or something” fuckers like Musk, Bezos, Thiel, etc.
There are also lots of other variety of fuckers: hatemongering fuckers like Farage, Murdoch or LePen: grifting fuckers swinging a wrecking ball at society because mummy didn’t like them or something.
And it seems to me that the problem is that for every fucker who gets to encounter the “and find out” stage: Hitler, Charles I of England, Louis XVI, etc, there are more for whom the only people finding out are the rest of us who have to live (or die) with their fuckery: Stalin, countless people with that Hapsburg chin, Henry Ford, and so-on.
I honestly think the world would be a much better place if fuckery were inherently a much higher risk strategy, and far less likely to leave all the important fluid pipes running through the neck intact (this i
... Show more...
Humanity throughout history is beset by fuckers. Right now, for example, we have overtly homicidal fuckers like Putin and Netanyahu, would be homicidal fuckers like Trump, and common or garden “hoarding all the money like some fucking dragon or something” fuckers like Musk, Bezos, Thiel, etc.
There are also lots of other variety of fuckers: hatemongering fuckers like Farage, Murdoch or LePen: grifting fuckers swinging a wrecking ball at society because mummy didn’t like them or something.
And it seems to me that the problem is that for every fucker who gets to encounter the “and find out” stage: Hitler, Charles I of England, Louis XVI, etc, there are more for whom the only people finding out are the rest of us who have to live (or die) with their fuckery: Stalin, countless people with that Hapsburg chin, Henry Ford, and so-on.
I honestly think the world would be a much better place if fuckery were inherently a much higher risk strategy, and far less likely to leave all the important fluid pipes running through the neck intact (this is a traditional “and find out” method throughout history, but far from the only one), but alas, the fuckers are the ones who by and large get to structure our society, and they do their best to ensure it’s structured in a way that keeps finding out as far from them as possible.
Just seems to me that the proportion of fuckers is related to the risk inherent in the strategy of fuckery, and that risk is far too low right now, hence the high and frankly unsustainable level of fuckery we encounter in our time.
I wouldn't be surprised if a significant number of lower-level fuckers meet with 'misadventure' after causing a sufficient level of desperation in the wrong people. Pissing against the wind and all that. Sadly, that is less likely to happen on the political level.
Available on rough trade records: https://shopusa.roughtraderecords.com/artists/view/name/jarvis-cockerRunning The World can be: Streamed via Spotify ➤ https...
Every appliance in the house beeps. Some loud, some soft, but it's always just "beep" instead of a synthesized voice saying "The refrigerator door has been standing open for five minutes!" which is what I need to know.
personally I feel like I've been getting better results by using a SearXNG instance and just changing the meta search settings to only use engines I've never heard of.
Amidst the performative cries of “Israel has the right to defend itself”, it seems to be heresy to acknowledge the humanity of the few million people who get to live, in perpetuity, as Israel’s ritual punching bag, and are expected to do nothing in response, nothing in prevention, and accept the blame for others doing literally anything.
And even saying this will just result in tedious wankers going, “oh, you support terrorism then?”
The way the Palestinian people are treated is some serious Omelas shit.
You don't even need to say anything. The Tories are currently on a cancellation rampage trying to find opposing politicians who have yet to spout the performative line.
When the state of Israel was formed there was still a significant Palestinian area. Subsequent invasions and occupations by the state of Israel means there is very little left. Even Gaza, which is tiny compared to Israel is now half the size it was. One mans terrorist is another mans freedom fights. They have been invaded, occupied, controlled and had food, power and water controlled by a far more significantly armed nation. And although I can’t condone the murder of innocent civilians BY EITHER SIDE, I can understand the desperation in this action.
@Sarah Brown The main thing I remember from visiting Gaza was how full it was, and how closed in it felt. Border fences on three sides, sea on the fourth (but restricted). Even in the heady days of 1994 just post Oslo it felt like a cage. Sometimes the electricity would go off. You had to queue in the heat to get in or out, divided families shouted news to each other across the barbed wire fence. That was probably the high point of freedom. The thirty years since have raised a generation whose hopes for the future keep getting blown up and locked down at the jailers’ whim.
Yet another lightning connector dies from Electrolysis. Been cold plugging this one; it’s a lightning to USB C adaptor, and I’m working on the basis that cold plugging will extend the life.
But it still has a life expectancy of only a few months. My phone charges inductively but the iPad needs this fucking cursed connector.
I hate it with a passion. Useless piece of shit that doesn’t do the goddam thing it’s fucking supposed to.
The media in this post is not displayed to visitors. To view it, please go to the original post.
Not just you: I’ve tried that same brand (and a few others); the premium-priced ones do seem to last a tad longer than the dirt-cheap ilk, but they all ‘fizzle out’ within weeks/months.
Never considered ‘cold plugging’ to rule out arcing/pitting but thanks to you I can see that’s extra effort that changes nothing.
Edited to include picture of my gently used adapter which isn’t working.
@So‑Called Vaughn The most premium one I ever bought lasted eight hours, because I used it to keep my phone charged when hiking in the damp,
Eight hours.
Came to the conclusion that spending extra money was a fool’s errand. Just buy what’s cheap and replace them when they die. Double the money does not get you double the life.
@rachel_norfolk Could it be climate related? Any other connectors do the same? Only lightning issues I’ve had are bends that crack the cable (which means it’s my wife’s cable. No shade or hate, I’m just unusually careful with stuff). Which is a pretty generic cable issue.
Must be horribly frustrating to have to switch out cables that often:(
Do you have the same experience with Apple branded cables? In my case the external white insulator starts breaking apart after some time (many months, more than a year, not sure exactly) but I haven’t seen the connectors themselves fail even once.
@Miguel Arroz Yes to Apple branded cables. They all do it. Without exception. Every lightning connector that provides power to the phone (peripherals last longer).
The connectors undergo corrosion/electrolysis and die. Doesn’t matter who makes them.
I’ve pretty much never had one where the connector failed structurally. They simply never last that long.
Interesting. The ones I use most frequently have the typical burnt pin, but they all work fine. I only replace them when the cable itself is falling apart. Wondering if the difference in weather between here and there has anything to do with it.
No other connector does this to me. It’s just lightning cables that provide power, and only lightning. USB C doesn’t do it. The old iPod dock cables didn’t do it. It’s just lightning, and they will always do it.
Apparently, 1,2-propanediol is one of the main carriers in vapes. Though I'm not sure vape manufacturers care enough about their customers for that to put it in one class or the other.
Just had some random pop up on Reddit, necroposting to reply to something I posted in 2022 saying, “you will never be a woman”
And, ok, whatever, but I replied asking if they’re able to explain what it is that doing this is doing for them.
And I hope they reply because I’m actually fascinated.
I get that they’re trying to offend me, but on the one hand, poor target selection because I’m years past that, and on the other, why not something contemporary? I mean, if they’re picking year old posts to reply to, their target might never even see it.
I guess I just don’t understand why they spent their time doing this in this way.
> I guess I just don’t understand why they spent their time doing this in this way.
It's the inner goblin tendency. You attack something small with the idea that the damage is so inconsequential that a retaliation would be too much work. But there will have been damage and they'll skulk away smirking and rubbing their hands at a job well done.
Who cares enough to reply to post from a year ago? That's crazy. I'd do this to someone if I wanted to get back at them, but just a little. A tiny peck.
mark
in reply to Sarah Brown • • •