Respect the burrito.

  • 0 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle






  • I’ve been using ogg vorbis for music since about the mid 2000s. In the begining I was ripping them from my CD collection using grip on mandrake Linux (anyone remember?)

    Nowadays I download vorbis direct from bandcamp.

    Recently I compared 192 kbps vorbis files to FLACs and couldn’t discern the difference, which I’m happy about since my 15000 file collection can fit on a very cheap 128GB SD card in my phone.

    I use syncthing to sync music to my phone automatically.

    Really happy with the setup.



  • I looked into this recently.

    There’s a DNS challenge designed for this exact scenario called (from memory) DNS01, but it’s more of a faff than I’m willing to get involved with.

    Basically you push proof that you own the domain into a DNS record instead of to a file on a web server. It requires a DNS provider that has an API and a client that speaks that API.

    It also leaks private DNS stuff into the public domain.

    I’d love it if someone devised an easier way. Maybe there is an easier way?












  • It’s this (excuse formatting): https://www.openssh.com/releasenotes.html

    sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default.

    sshd(8) will now identify situations where the session did not authenticate as expected. These conditions include when the client repeatedly attempted authentication unsucessfully (possibly indicating an attack against one or more accounts, e.g. password guessing), or when client behaviour caused sshd to crash (possibly indicating attempts to exploit bugs in sshd).

    When such a condition is observed, sshd will record a penalty of some duration (e.g. 30 seconds) against the client’s address. If this time is above a minimum configurable threshold, then all connections from the client address will be refused (along with any others in the same PerSourceNetBlockSize CIDR range) until the penalty expire.

    Repeated offenses by the same client address will accrue greater penalties, up to a configurable maximum. Address ranges may be fully exempted from penalties, e.g. to guarantee access from a set of trusted management addresses, using the new sshd_config(5) PerSourcePenaltyExemptList option.