also allow responses from any established connection

You shouldn’t need to as iptables is stateful, you would need to for stateless firewalls though.

You’d also need to open UDP 123 for NTP, I see that mistake a lot.

Some image formats will ignore junk data after the image. So you can probably run cat image.png message.txt to embed text in image files, although I haven’t tried this myself.

You can still have that script, but put it on the releases page. Git works best with actual source code and it doesn’t belong there. You should also add an extra script that generates one of those ‘compiled’ scripts to the git repo, so that people can do it themselves.

I can find the official Pi Pico for $3.50, I’m sure clones are cheaper than that.

But that means that someone else’s server is used whenever you leave your home network.

I’m pretty sure syncthing does NAT hole punching, so someone else’s server is only used for initial connection, after that, your data goes directly to your devices.

Maybe it was used as some sort of privilege escalation? E.g. NP++ downloads an XML file to %TEMP%, some already present malware modifies it, then GUP downloads a payload and executes it with administrator permissions.

It’s easy enough to add your own secure boot keys, you can even remove the Microsoft keys so that only your OS will boot.

windows server edition which not possible to get if u are not business client and it cost 800$

It probably depends on your uni, but students can get Windows Server licenses for free on Azure Education.

It does DNS already, so why do I need an external DNS server?

You need an external DNS server to access it externally. If you’re happy with internal access only, you can probably set some sort of DNS override in UniFi.

There are things I don’t understand about the machine that also make me think AI, but Google Translate seems to understand so maybe it isn’t?

Edit: Actually I think AI is better than I thought it would be.

This isn’t about Firefox, and there are zero mentions of Firefox in the article. This is about Mozilla screwing over their volunteers by replacing their human written translations, with inaccurate machine translations written by a closed source LLM.

It doesn’t really matter how you setup dynamic DNS and SSL. I prefer to handle dynamic DNS on the router, incase it’s smart enough to refresh the IP after DHCP renews it. I do SSL on a seperate nginx instance, but I run a few other sites; it might be easier to configure it directly on home assistant, but I haven’t tried.

If you want some extra security, I’d look into mTLS, as that establishes some cert based authentication at the TLS layer before HTTP, but it can be complicated to configure.

on these atomic distros where even something like syncthing involves shenanigans to keep active week to week? Ain’t happening.

I don’t see why you couldn’t kexec into a new kernel. kexec will load a kernel into memory from an already running kernel, and jump into it. It’ll suck for the user as they’ll have to semi-reboot everytime they want HDMI 2.1, but it’s easy and doesn’t install anything.

There’s also live patching, but I think that’ll be a bit of work.

Of course the kernel needs to be compiled with those options enabled, but most distros do.

Edit: And they probably won’t work with kernel lockdown/secure boot.

DP has an option to transmit HDMI signals instead, this is what passive adapters use and will still have the same HDMI 2.0 issue. A DP source can be passively adapted to HDMI, but a HDMI source cannot be passively adapted to DP.

You can also get active HDMI adapters which actively convert the signal, and can work with HDMI 2.1. Intel actually has an active converter chip built into their ARC GPUs, and is how they get around this issue.

You’re going to have a hard time trying to get that working over the WAN (if that’s even possible).

Wake on LAN is still encapsulated in an IP packet, so you can send it over the internet, and most WOL clients let you specify an IP. However your router will need to DNAT it to a broadcast address. Some routers have a check box for this (e.g. An ISP provided Technicolor router I have), some let you port forward to broadcast (e.g. Many routers, sometimes with workarounds), and some let you manually configure NAT (e.g. MikroTik routers).

So it is possible, but forwarding public internet traffic to a broadcast address seems like a bad idea, and I wouldn’t recommend it. Why I know this: I used to do this in middle school, and it does work quite well.

Depending on your BIOS and with fast boot, you might need to just hold one of the keys while booting instead of spamming it on boot.

Yep, but it’s required, and also present in every frame sent between your router and the ISP BNG.

I was trying to think of a reason why ASUS would still be showing.

I likely won’t be able to do it in time.

Yeah same. I’m currently overseas and still will be on the 10th. I don’t drink, and I’m born in the earlyish noughties so I can’t provide a very convincing spiel.

I’m also interested in IPv6 related things and Apalrd’s adventures on YouTube has some cool videos on translation mechanisms and stuff. I thought you might be interested.

he was referring to historical data

DHCP can also send a hostname, so it’s possible your ASUS router previously sent its hostname, and then the Pi doesn’t send one. What ever software they use might not clear the old hostname when there isn’t one.

Edit: For example, this is what my current ISP lets me see: