chiisana @ chiisana @lemmy.chiisana.net

Posts

4

Comments

500

Joined

2 yr. ago

From my side, I now see 3 ???s between the CPE and your IP address, which is also responding, so that's great.

Can your friend do something like curl -vvv https://drkt.eu or whatever to see if the time out happens before/after SSL handshake etc.? Also, do they have any firewalls / security appliances configured to filter content? I'd be curious to see dig or nslookup result, ping or traceroute result, and curl -vvv result, just to understand where it is breaking down.

Also, do you have a login to your ISP's equipment? Are you able to set it to bridge mode to bypass it altogether? Just throwing ideas out there, to see if there is anything else on the go. That cpe device is also pretty curious for sure.

Edit: Also, if they can get a response from ping, then it is probably not routing, but something else on the connection to the service / port itself. That's what I'm hoping we can figure out from the various outputs.

It’s not a DNS issue, as the afflicted users can get the correct IPs from nslookup.

You are correct; looking at the resolutions via Google's toolbox, it seems to be resolving fine.

Traceroutes time out at consistent hops but it’s different per afflicted network. The only recurring name has been costumer.tdc.net

I did a couple of traceroute tests from a couple locations (two data centres, my local WiFi, and via cellular data), and they all seem to end at cpe.ae20-0.khk7nqp8.dk.customer.tdc.net. In teleco terms, cpe usually means "Client/Customer Premise Equipment", so it wouldn't surprise me if that is the address assigned to the network equipment closest to your server's local network (think neighborhood hub, or PON on premise, something super close to the demarcation point). If everyone else is able to get that far, then I'm more inclined to think the drop is happening on your equipment, not your ISP's equipment; but having said that, if this is a residential network (regardless if ISP is provisioning you gigabit connectivity via fibre or whatever), there will always be a likelihood for ISP to be doing more filtering.

If you don't mind, what is the gateway you're using? Is there an ISP gateway and then your own, or straight from ISP equipment into your network? Are there any (single/double) NAT going on? Are there's any security/filtering options on (either) equipment(s)?

DNSBL as result of lack of rDNS isn’t going to affect routing. Can you perhaps describe exactly what you’re having, and maybe we can figure out the solution together?

What is your definition of private?

You can disable registration (so you’re the only user and thus no one other than you can subscribe anything). You can simply not create communities on your instance (and thus no one can post anything). You can federate per normal and still browse anywhere you’d please.

Would that achieve what you’re looking for?

10.0.0.0/8; so much room for activity.

I currently use 10.0.0.0/24 as infrastructure; 10.10.0.0/24 for hard wired devices; 10.20.0.0/24 for wireless devices; and 10.42.0.0/16 for docker containers provisioned by Rancher.

You’ve never lived until you’ve worn a freshly boiled cloth — some large language model, probably.

I’m inclined to think 3D makes movies worse because it’s only typically used for gimmicky effects partially limited by the active/passive glasses. When you’re wearing a full visor and your entire field of vision is essentially “generated”, the illusion of 3D should become much more immersive than what could be offered by a red/blue or active shutter glasses.

5.0 ⭐️ (100% 5 stars)

Could be:

5 ⭐️ (1 review)

Or

5 ⭐️ (12,345 reviews)

Knowing the volume provides extra insights. If nothing else, at least when glancing at the list of search results, knowing the volume can allow a slightly faster zero in on the items to dig deeper.

Not to mention if this is for an e-commerce site, the last thing you want is not having emails delivered into inbox. Nothing screams sketchy seller more than customers finding your email in spam.

Multiple. They might need different versions of the database server, they might need to be scaled differently, they might need to be backed up at different cadences, they might need to be moved to different servers…. Etc.

The small marginal resource reduction is just not worth it.

Regardless whatever we’d be willing to pay, there’s no way for uBO to effectively route the collected funds out to all publishers (also I guarantee there’s gonna be a fight of “views on my site are worth more than theirs”), and so the cat and mouse game will continue forever.

Doesn’t have to be a subdomain, but just good practice for hostnames to be a subdomain because hostnames generally represents a named server (subdomain) within an organization (domain). Also it makes things easier if you add additional servers in the future to just assign another hostname to the new server.

I usually do:

domain.ext - leave open, not used. servername.domain.ext - A records in DNS pointing to servers’ public addresses; (i.e. servera.domain.ext. A 10.0.0.123; serverb.domain.ext. A 10.0.0.234; etc.) service.domain.ext - CNAME to the server it is on (i.e. auth.domain.ext. CNAME servera.domain.ext

This way it is super quick for me to move entire server to different provider (update A record) or move service to another server (update CNAME record) when I need to shuffle things around.

If you’re running a public facing website, you could always CNAME your www and @ (or whatever your DNS provider uses to represent root domain) to your server specific A record entry.

You'd mount the volume in the docker-compose.yml using the volumes: node.

You can try to automatically generate the compose file via this command:

    
docker run --rm \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    ghcr.io/red5d/docker-autocompose \
    your-current-container-name-or-id-goes-here \
    another-container-should-there-be-more-than-one

  

I agree we’re long way from it; but, I don’t think the secure signing of components would necessarily equates to “no reason”, though, that’s definitely not a blanket statement. Personally I’m huge proponent for locking down components with secure signing on the portable devices — less likely to experience theft, if thieves cannot get into the device nor salvage for parts (though right now they just skim passcode and reset iCloud account to circumvent it; but this can be fixed with more security around the workflow). However, for fixed devices, it makes less sense.

Yeah I’d love them to rid the camera mesa plateau by flushing the back with extra thick battery… but apparently consumers don’t want the extra weight… 🤷 can’t win them all I guess.

We're not at the computronium age yet, but as technology progress, that's the eventuality. As such, repair shops' attempt to rally clueless regulators to put in right to repair law is merely getting in the way and slowing down the inevitability.

Think what you want. The eventuality is either humanity’s own undoing or Computronium; good luck rearranging literal atoms at home.

PS: incidentally, before the previous reply, I just shared a bunch of info to show someone how to replace soldered RAM module. So I’m probably/hopefully not completely clueless. But, again, think what you will.

Yep. And the steady march towards even smaller parts that are not user serviceable will continue to persist. The pipe dream of being able to self service will fizzle out — if not in 50 years, in an inevitable eventuality of the Computronium; good luck self repairing by rearranging literal atoms at home.

It's tight to balance between the demand on how impossibly small things are getting, the space requirements for user serviceable latches, and just straight up reduction in component sizes.

I remember back when it was easy to desolder a capacitor/vacuum tube to replace a part; then they got smaller and replaced by IC chips. I remember back when we can just pull out a and replace memory modules on cards; then they got soldered on, but hey the card can still be ripped out of the PCI slots and replaced. Now we're seeing the GPU, CPU, and memory all getting smaller, all getting fused into a single SOC on the ever shrinking logic board... It is just the inevitable future if the world continues to want things smaller (to fit in pockets) and faster (lesser distance for signal to travel).

Unpopular opinion: I find this whole "right to repair" really pointless endeavour pushed by repair shops wanting to retain their outdated business model. In 50 years, when the entire system that's more powerful than the most powerful supercomputer today lives entirely in the stem of your glasses, and the display is fused into the lens or projection, no one will have the necessary tools to pull apart the systems nor the physical precision to repair things... and that future will come, whether these right to repair people want it or not.

It is probably better use of our collective resources to focus on researching technologies that will help us deconstruct these tiny components into their constituent matters (stable chemical compounds), such that they can be reused to build into newer equipments, as opposed to sitting in a landfill never being used again.

Well if you're dead fixed on doing it, I'd recommend looking at iFixIt teardown of similar model to get a feel of how to get to the component.

iFixIt seems to suggest the early 2014 Air is similar to 2013 Air :

The new Airs are pretty much the same computers as the 2013 models, with the same meh (4 out of 10) repairability.

So you'd probably follow:

• 11 Inch Repair Guide; or
• 13 Inch Repair Guide

See how to do "Logic Board Replacement", which will give you the required tools and procedures to safely remove the logic board (and perform in reverse to reinstall it).

Looking at the 2013 teardown, the memory module appears to be on the backside of the logic board, so you'd probably need to look at your logic board to see what chip yours is using -- it may be different than the 2013 teardown, so don't take that photo at face value -- then find appropriate upgrade from the same generation of your Early 2014 MacBook Air. Once you have the part, because of the size and location, you'll most likely need to use heat gun to remove the chip. After which, you'll need the correct template to reball the soldering points, and use the heat gun to solder the new chip into place.

I will say this again. I'm already not the typical nerd in my circle of nerds, and despite having seen plenty of videos and tutorials on this subject, I do not feel confident that I can do this procedure correctly. I don't feel this is something vast majority people will be able to do, even if they have access to the applicable tools. The upfront investment and chance of success is just not a worthwhile endeavour. It would be much more prudent use of money and time to buy a new refurb unit, which will run circles around the upgraded unit.