Readit News logoReadit News
brynx97 commented on Deutsche Telekom is throttling the internet   netzbremse.de/en/... · Posted by u/tietjens
direwolf20 · 21 days ago
DT famously does not use them. They prefer to shut down their peers to make them become customers or fuck off, and by doing so, deliver crappy service to everyone and lose customers, except they have a monopoly so they don't lose as many customers as they should.
brynx97 · 21 days ago
We have many BGP workarounds to avoid interconnection points with some of our tier 1 providers and DT because as our providers tell us, discussions with DT to add capacity are a non-starter. We've been relatively stable through a tier 2 provider through Lumen to DT though... for now. Very similar to Cogent in some regions.
brynx97 commented on Kubernetes egress control with squid proxy   interlaye.red/kubernetes_... · Posted by u/fsmunoz
btreecat · 2 months ago
> I had challenges with split-DNS in my homelab k3s cluster trying to do this. I ended up just putting the apps in docker-compose on a VM that has static routes for my local homelab networks. I looked at tailscale to solve this since it has a kubernetes operator, but tailscale doesn't fit my use cases or work well with all of my devices.

I don't need tails scale for this, seems like overkill.

I would like to better understand why my combination of marked packets and SOCK5 proxy are not fully working for certain UDP traffic. I also need to investigate if disabling ipv6 will help.

Using a VM or docker compose when I have k3s feels like admitting defeat with out understanding why.

brynx97 · 2 months ago
To each their own. I mostly figured out why, and I did not want to create too much tech debt in my homelab with brittle split-DNS and PostUp/PostUp wireguard configurations. I already had ansible and templates setup to move back to the VM and docker-compose. I did learn a fair bit on CoreDNS, so that was a worthwhile experiment.
brynx97 commented on Kubernetes egress control with squid proxy   interlaye.red/kubernetes_... · Posted by u/fsmunoz
btreecat · 2 months ago
I like this approach!

I am struggling to lock down a pod in my home cluster to allow local connections to it's web UI but force all other connections through a VPN client. I'm going to investigate if I could use squid for this.

My next approach is going to involve using a sidecar.

One heads up to the author, the text based charts didn't render well on FF mobile. Text is meant to reflow based on screen size, typeface etc. I feel this is a great case for using a drawing/image instead.

brynx97 · 2 months ago
I had challenges with split-DNS in my homelab k3s cluster trying to do this. I ended up just putting the apps in docker-compose on a VM that has static routes for my local homelab networks. I looked at tailscale to solve this since it has a kubernetes operator, but tailscale doesn't fit my use cases or work well with all of my devices.
brynx97 commented on Vodafone Germany is changing the open internet, one peering connection at a time   coffee.link/vodafone-germ... · Posted by u/PhilKunz
phineyes · 3 months ago
This isn't unique to Vodafone. Google has also been slowly withdrawing from IXes globally in favor of PNIs and "VPPs" (verified peering providers). This only makes it harder for smaller networks to establish presence on the internet and feels pretty anti-competitive.

On the flip side, IXes are becoming harder and less desirable to participate in: port fees are going up, useful networks are withdrawing, low quality network participants are joining and widening blast radius. I'm not sure what the answer to this is, but this has not been a great year for the "open" internet.

brynx97 · 3 months ago
Google gave a presentation on this that I think is helpful context for "why": https://nanog.org/events/nanog-94/content/5452/
brynx97 commented on Using Home Assistant, adguard home and an $8 smart outlet to avoid brain rot   romanklasen.com/blog/beat... · Posted by u/remuskaos
elric · 8 months ago
> browsers and mobile phones have started using hardcoded DNS resolvers, so the utility of this is limited

Got a source for that? No phone or browser that I'm aware of uses "hardcoded DNS resolvers". They all use the OS DNS servers which the OS gets from DHCP.

brynx97 · 8 months ago
https://support.mozilla.org/en-US/kb/firefox-dns-over-https

By extension, any application or device could rely on DoH instead of OS-provided or network-provider DNS servers. It is controversial, since it both helps individuals combat ISP or government censorship and also helps bad actors do bad things [1].

[1]https://en.wikipedia.org/wiki/DNS_over_HTTPS#Analysis_of_DNS...

brynx97 commented on     · Posted by u/cowpig
cowpig · 9 months ago
Interestingly, the outage is not detected by https://fastmailstatus.com/
brynx97 · 9 months ago
My "status pages" are manually updated. It's a challenge to get updates out and troubleshoot, especially depending on org size and the underlying event.
brynx97 commented on Synology Lost the Plot with Hard Drive Locking Move   servethehome.com/synology... · Posted by u/motiejus
coolgoose · 10 months ago
No it can't. Let's be honest Synology's OS is covering more than just storage, and no, spinning up a lot of 3'rd party docker containers that you need to maintain, secure and manage isn't as easy.
brynx97 · 10 months ago
What can't TrueNAS do that was listed in the parent comment?

I'd rather have the flexibility offered by TrueNAS, in addition to the robust community. Yes, Synology hardware is convienent in some use cases, but you can generally build yourself a more powerful and versatile home server with TrueNAS Scale. There is a learning curve, so it is not for everyone.

brynx97 commented on Pi-hole v6   pi-hole.net/blog/2025/02/... · Posted by u/tkuraku
LeoPanthera · a year ago
I've been using AdGuard Home, which does pretty much the same thing, but is slightly better polished, with things like support for DoH and OSs other than Linux.

https://github.com/AdguardTeam/AdGuardHome

brynx97 · a year ago
DoH is possible on pihole using cloudflared-- https://docs.pi-hole.net/guides/dns/cloudflared/.

> The cloudflared binary will also work with other DoH providers.

brynx97 commented on Trump to federal workers: Resign now and get paid through September   npr.org/2025/01/28/nx-s1-... · Posted by u/isaacfrond
JumpCrisscross · a year ago
> these federal workers have a pension

Do they keep the pension if they take the buyout?

brynx97 · a year ago
It is not a buyout. The memo and resignation template do not state buyout.

It is administrative leave with pay and benefits, but this leave only starts after your agency HR processes it from what I understand. It's more like a severance package.

https://www.opm.gov/fork

brynx97 commented on Trump to federal workers: Resign now and get paid through September   npr.org/2025/01/28/nx-s1-... · Posted by u/isaacfrond
oldpersonintx · a year ago
this is actually an incredible offer compared to current standards for severance in private industry

if my current employer offered a similar buyout, I would jump on it instantly

buyouts are an honorable way of reducing headcount - both sides consent

contrast this with current trends in tech - PIP...

brynx97 · a year ago
Except these federal workers have a pension. It's complicated, and if this were done under previous administrations, something like this might be more well received. The current chaos just makes any rational decision making very difficult.
b

u/brynx97

KarmaCake day132March 6, 2014View Original