More

champtar · 2026-04-10T01:57:05 1775786225

There is also OVH (not affiliated, just happily using their VPS), but I would consider switching to 2 providers, as any provider can have data loss or just lock your account at anytime for any reasons. 2 providers with free egress so you can easily replicate data between them.

WhyNotHugo · 2026-04-10T11:17:57 1775819877

The classic rule is 3-2-1:

- Three copies

- Two types of media

- One off-site or offline

champtar · 2026-03-09T20:50:45 1773089445

TIL `badblocks -t random` repeats the same random block over and over :(

jmb99 · 2026-03-09T22:08:44 1773094124

You can however set the block size to something quite large, which means you write the same random pattern spread out over multiple blocks repeatedly. If you pick an "odd" block size (like say, your native block size multiplied by 47), it's highly unlikely your disk under test will be swapping around "groups of 47 blocks." (I usually just do a nice multiple, like 4K16, but if you're super paranoid a weird multiple should be pretty much good enough). You won't get reporting of which exact* blocks on the drive are failing, but these days, that isn't really useful information - if any blocks are failing, warranty or ditch the drive.

champtar · 2026-02-26T22:57:39 1772146659

Just being able to inject traffic is already huge as it allow you to send IPv6 router advertisement, which sometimes allows you to change the DNS config

champtar · 2025-12-18T19:10:35 1766085035

You need working switch level filtering, many implementations can be bypassed / will never be fixed: https://blog.champtar.fr/VLAN0_LLC_SNAP/

champtar · 2025-12-02T11:52:46 1764676366

CAP_NET_RAW also allow to capture packets (tcpdump) so you really can have some fun like running a TCP stack in user space or MITM http connections: https://blog.champtar.fr/IPv6_RA_MITM/ / https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/

champtar · 2025-10-07T00:36:18 1759797378

Good news that it was found and fixed, but 140 days response time seems rather slow for such a critical vulnerability

m00x · 2025-10-07T03:08:21 1759806501

probably due to low exposure

champtar · 2025-09-08T17:38:10 1757353090

Curious what are the main benefits ? (I've only ever used DD-WRT and OpenWrt)

ZenoArrow · 2025-09-08T17:56:01 1757354161

I use Tomato too, but I wouldn't say it offers many benefits over OpenWrt. The main thing is that routers based on Broadcom chipsets often only work with very old Linux kernels (such as 2.6.xx kernels), as the drivers are closed source. For these routers, the primary third-party router OS choice is to use Tomato.

champtar · 2025-09-05T22:08:55 1757110135

In OpenWrt there is ujail, you give it an ELF (or multiple) to run, it'll parse them to find all the libraries they need, then it creates a tmpfs and mount bind read only the required files. https://github.com/openwrt/procd/blob/dafdf98b03bfa6014cd94f...

champtar · 2025-08-24T20:55:20 1756068920

2 big address block that have few chances of conflict:

- CGNAT 100.64.0.0/10

- "Benchmark" 198.18.0.0/15

telotortium · 2025-08-24T20:59:17 1756069157

CGNAT is used by Tailscale and presumably in the wild for its intended purpose.

Lammy · 2025-08-24T21:52:57 1756072377

And `100.115.92.0/23` is used by ChromeOS for PatchPanel: https://chromium.googlesource.com/chromiumos/platform2/+/mai...

champtar · 2025-08-10T00:45:01 1754786701

You can easily keep the current naming behavior with the 'net.naming_scheme=' kargs

foresto · 2025-08-10T01:27:15 1754789235

I already have systems that use net.ifnames=0. My question is about whether this new behavior can affect them.

champtar · 2025-08-10T01:55:28 1754790928

It'll not, the new behavior is just a new naming scheme, and you just choose not to use any, which is totally fine if you have a single NIC.