𝒍𝒆𝒎𝒂𝒏𝒏

Hey 👋 I’m Lemann

I like tech, bicycles, and nature.

Dancing Parrot wearing sunglasses

  • 0 Posts
  • 49 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle
  • Dang, that thing is the bees knees!

    Would make more sense to replace just the batteries rather than the whole unit IMO. Looks like it takes standard 12v 7Ah sealed lead acid batteries, so should be doable for under $120 (if you buy them individually and use the existing battery harness)

    I have three other UPSes, but none of them are as good as yours lol:

    • APC SUA1500RM2U - was a great online rackmount unit, stopped using this a few years back because of its tendency to overcharge batteries without a charge controller ADC calibration mod. It wrecked my last battery pack bad 😭 plan to convert it to LiFePo4 and put it back into service 🤞
    • Zigor Ebro - cheap and cheerful line-interactive UPS for the modem, network switch and CCTV cameras. Switchover time is pretty much instantaneous, worth every cent paid and has kept my network up through many outages
    • Cyberpower UT650 - A temporary offline UPS to hold the server gear specifically until I get the APC back in service. Honestly not worth the cheap price, the switchover delay is long enough to shut off anything that’s not a server PSU with massive bulk capacitors

    Edit: fix bullet list formatting


  • Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

    There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

    I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

    What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!



  • Edit: sorry, I may have misunderstood your post - free email != email masking.

    My original post below…


    Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

    I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

    They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

    In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of










  • Surprised I’ve never seen this DIY approach mentioned anywhere or thought of it before 🤔 - usually people end up going for those mini PCs that have multiple network cards soldered to the mobo itself

    Compared to an actual 10gig switch, the power consumption might be high (unless the network card drivers have been well optimised by the devs, offloading as much traffic handling as possible to the 10gig cards’ own CPUs). In this case just make sure you have a powerful enough CPU to handle that traffic, as well as handle that 4gig traffic traveling between the network cards over PCIe.

    Some gotchas to look out for though:

    • PCIe lane wiring… are they going straight to the CPU, or are they going via the chipset (or slightly slower, a PCIe switch connected to the chipset). The mobo manual can advise on this, ideally you’d want something with as much PCIe lanes connected to the CPU directly to get the full speed.
    • Power consumption… touched on this earlier but one to be aware of, esp if you live somewhere where electricity is expen$iv€
    • Noise… you might need to buy a fan to cool down the network cards depending on your traffic, and how much the OS driver offloads to your 10gig cards
    • A backup… if you need to do changes to your DIY switch, make sure you have some way of accessing the internet
    • Bridging… there may be an ideal/recommended way to set up bridging for multiple interfaces on the same network card, to take advantage of hardware offloading, allowing you to get 10gig traffic between two devices even though the PCIe lane is just 4gbit
    • Traffic filtering… again just ensure your CPU can handle it, particularly for HTTP traffic. I only do filtering on DNS traffic due to having a weak CPU, works well enough to catch some ad/tracking services that employ nasty tricks to evade blocklists.

    I only have 1gig hardware so can’t really provide comparisons :( however there’s a youtube channel called ServeTheHome that started measuring power consumption of almost all the hardware they test - if they’ve done 10gig switches recently then that should give you some pointers at least

    Edit: fix formatting 🫠