What if you try reaching it through your public IP?

Stupid question, but is the service reachable at all? What if you map 81 to 81? Or whichever port the other, confirmed-to-work service uses? What if you map that other service to 8100?

It’s based on hole punching, but with extras. The clients punch a hole in their respective firewalls then the service connect the holes so the clients end up communicating directly with each other. They have a lengthy blog post about NAT traversal.

Tailscale. It does some UDP fuckery to bypass NAT and firewalls (most of the time) so you don’t even need to open any ports. You can run it on individual hosts to access them directly, and/or you can set it up on one device to advertise an entire subnet and have the client work like a split tunnel VPN. I don’t know about OpenWRT, but both pfSense and OpnSense have built-in Tailscale plugins.

People are freaking out about their plan to go public, but for the moment, it’s a reliable, high quality service even on the free tier.

I’ve also used Ngrok and Twingate to access my LAN from outside, but they simply use relay servers instead of Tailscale’s black magic fuckery.

Is | (...) | { ... } a lambda expression then?

I’ve been learning Rust by going through The Book… there’s some wack-ass syntax in that language. I’ve mostly used C# and Python so most of it just looks weird… I can more or less understand what while let Some((_, top)) = iter.next() { ... } is doing, but .for_each(|((_, _, t), (_, _, b))| { ... } just looks like an abomination. And I mean the syntax in general, not this code in particular.

You could double the vertical resolution by using half-height blocks (U+2584) and using the background color for the upper half.

Some people think it handles too many low-level systems. It’s a valid concern because if systemd itself were to become compromised (like Xz Utils was) or a serious bug was introduced, all of the userland processes would be affected. People who are stuck in the 90s and think that the Unix philosophy is still relevant will also point out that it’s a needlessly complex software suite and we should all go back to writing initscripts in bash.

Red Hat, the owner of systemd, has also had its fair share of controversies. It’s a company that many distrust.

Ultimately, those whose opinion mattered the most decided that systemd’s benefits outweigh the risks and drawbacks. Debian held a vote to determine the project’s future regarding init systems. Arch Linux replaced initscripts because systemd was simply better, and replicating and maintaining its features (like starting services once their dependencies are running) with initscripts would’ve been unjustifiably complicated.

They were not space tourists.

They were cargo. Marketing material for Jeff’s rocket-powered overcompensation that just happened to need oxygen to stay fresh.

Surely this won’t upset people.

I’ve been watching a lot of Miniminuteman lately. Weigelt sounds exactly like the crackpot conspiracy theorists whose “facts” are being “silenced” by “the Establishment” of “mainstream science” because “they don’t want you to know this”.

Ansible is an abstraction layer over system utilities, shell, and other programs. You can specify what you want to happen, and it will figure out how to do it. For example, you can use the ansible.builtin.package module to specify which packages you want to be present, and Ansible will decide which specific package manager module should handle it and how.

Ansible tasks are also idempotent – they are concerned with the end state instead of the action. Many of the modules (like the package module above) take a state parameter with the possible values of present or absent (instead of the more common “install” and “remove” actions). If the system’s state satisfies the task’s expected end state (e.g. the package is already present), the task will be skipped – unlike a shell script, which would simply re-run the entire script every time.

Ansible also implements strict error checking. If a task fails, it won’t run any subsequent tasks on the host since the end states would be unpredictable.

Please tag as NSFW.

That’s unfortunate, I have no idea how Tailscale does routing on Windows. Try running the client without accepting any subnet advertisements.

I’ve also found this: https://tailscale.com/kb/1023/troubleshooting#lan-traffic-prioritization-with-overlapping-subnet-routes The solution might be to advertise a larger subnet (e.g. 192.168.1.0/23) to make the route advertisements on the tailnet less specific than on the LAN. Advertising a larger subnet won’t cause any additional issues because it’s in a private IP range.

Systemd, through the systemctl command, only manages the services. The service itself is defined in a unit file, and it can come from any source, even written manually. The unit file is a text file that describes what the service is, what commands or programs should be executed when it starts or stops (for sshd it’s /usr/bin/sshd -D), what other services or conditions are required (e.g. multi-user.target after the OS has entered multi-user mode), and much more.

When a package installs a unit file, it will be installed to a subdirectory in /usr/lib/systemd, typically user or system, and when it is enabled, it will be symlinked to a subdirectory in /etc/systemd.

OpenSSH itself, which provides sshd on most systems, is developed by the OpenBSD team and ported to other OSes by the OpenSSH Portability Team.

How did you set up subnet advertisements on the router, and which subnets? Did you touch the ACL in the tailnet’s admin console?

On the home PC, did you accept advertised routes with the Tailscale client?

What happens when you ping a host on the LAN using tailscale ping ADDR? What happens when you try to tracert or tracepath to it?

Systemd is a collection of low-level system utilities. Its primary responsibility is managing services and serving as the init process (PID 1, the first userspace process started by the kernel), but it also has other components, like systemd-boot (a boot loader and GRUB alternative), journald (system logging), networkd (network interface management), resolved (DNS resolver), or udevd (manages device files in /dev).

People tend to vilify systemd because it is maintained by Red Hat, a company with many controversies, and a pariah among the more extreme FOSS enthusiasts; and because it’s seen as bad practice to have a single entity be responsible for so many low-level system components.

Note: the -d suffix is not exclusive to systemd things. It simply marks the program as a daemon, a long-running background process that provides some kind of service. For example, sshd (SSH server) or httpd (Apache server on some distros) are not parts of systemd.

To answer your question: not really. As far as I know, the network interface won’t have an IP address unless the computer is turned on. If you use a timer (or any other method for that matter) to power on the computer, it will request an address from DHCP as soon as the interface is brought up (unless it has a static address).

A more practical application would be scheduling long, unattended tasks, like updates or making backups.

You think? https://github.com/sudofox/shell-mommy

That’s assuming the attacker is stupid enough to put the exploit in the source code where it can be easily discovered.

The Xz exploit was not present in the source code.

It was hidden in the makefile as an obfuscated string and injected into the object file during the build process.

If something doesn’t immediately work, fuck with it until it does.