Peak security
-
I'd rather plug in a screen with VGA than deal with HPE iLO 4
wrote on last edited by [email protected]Networking noob here; what, pray tell, is HPE iLO4... or do I want to even know?
Edit: Never mind. Found it. HP... shudders
-
Rust does not have an ABI. Everything is linked into the executables. I would not call them lightweight.
wrote on last edited by [email protected]A standard Docker container with a NodeJS/PHP/Python app is usually around 200-300 MB (yes really), the OpenJDK JVM is around a hundred MB, but a fully statically compiled rust binary that doesn't even depend on libc is just a couple MB and can be deployed as a tiny distroless Docker container.
It's a lot heavier than your 8kb C++ executable but it's nothing compared to what is required to deploy anything else.
-
I remember there being the option of using HTML or a Java applet, I chose the former
If you have the HTML5 option you should be on a pretty recent firmware.
Interesting that you'd prefer going (literally) analog connection rather than over the IPMI.
-
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
permission denied
fuuuu
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Rescue mode with networking, mount drive, make changes and reboot.
-
even worse. I regularly have to get up out of my chair and go down 2 stairs.
Also this took a while to find, but : https://sourceforge.net/p/shorewall/svn/HEAD/tree/branches/4.2/Samples/one-interface/shorewall.conf
ADMINISABSENTMINDED=YesIs an actual setting in the config for the (now apparently unmaintained) Shorewall Firewall software/tool for linux.
If I remember correctly, it always checks on firewall rule changes if there is an active connection on port 22, and adds a special rule at the end to maintain that connection.
They don't build them like they used to anymore.
They don't build them like they used to anymore.
Well if we did, the way it works would be by telling a chatbot to enable ssh on port 22 at the end.
-
Would misusing the
ddcommand be considered a hardware failure?Yup, that's a bug in the chair-keyboard interface.
-
Oh, so it's inconvenient for GPL-circumventers, too? That just sounds better and better.
To me, it is mostly a real blocker for using it in some embedded Linux devices due to size constraints, otherwise I personally would be using it extensively.
-
I hate it when my boss says that. Or he will call it "D-RAC". Annoys the hell out of me.
It's iDRAC.
Yes, there are components that are called RAC, but the Dell out of band management system is called iDRAC.
... but that's not as dumb as when he calls the SuperMicro system "iLO". That's IPMI. We don't even own any HPE. I've no idea why he's stuck on iLO.It's iDRAC.
I'd say that RAC is the overarching term for different Dell Solutions, see Dell Remote Access Configuration Guide
DRACT supports the following types of RACs that support RACADM commands:
-
Integrated Dell Remote Access Controller 8 (iDRAC8)
-
Integrated Dell Remote Access Controller 7 (iDRAC7)
-
[...]
-
Chassis Management Controller (CMC) for Dell PowerEdge M1000e and PowerEdge VRTX
-
[...]
And it's just shorter and easier to say
¯\_(ツ)_/¯but that's not as dumb as when he calls the SuperMicro system "iLO". That's IPMI. We don't even own any HPE. I've no idea why he's stuck on iLO.
Perhaps his first encounter with remote management was with iLO and he just thinks that this is how it's called. It's "integrated Lights Out", and "Lights-Out Management" as well as "Remote Access Controller" both are generic terms (and I suspect that this is why Dell adds an “iD” in front of its product names).
But we are way to close to the “GNU/Linux Copypasta” than I would like.
-
-
To me, it is mostly a real blocker for using it in some embedded Linux devices due to size constraints, otherwise I personally would be using it extensively.
wrote on last edited by [email protected]I'm having a hard time imagining this Goldilocks embedded device that is simultaneously big enough to run Linux (so not an actual microcontroller), yet too small for a few megabytes worth of statically-linked libraries. Got an example?
-
Almost the same thing happened to me. I accidentally fucked up the internet connection in my home while in Japan, and I had to video call my mom to have her fix it. It was a pain for both of us, but thankfully it went rather smoothly. Thank you mom!
Do you mind explaining the details? I’m trying to learn as much as possible!
-
Networking noob here; what, pray tell, is HPE iLO4... or do I want to even know?
Edit: Never mind. Found it. HP... shudders
“In December 2021 Iranian researchers at Amnpardaz security firm have discovered rootkits in HPE's iLO (Integrated Lights-Out) management modules.”
Because of course lol
-
Well, I have my server running in my parents basement, because they have fiber, and I don't.
It's not quite a 500km drive, but still a long enough distance for this scenario to be a major inconvenience.
But since I have wireguard running on their router though this specific scenario is not something that could happen to me
Wireguard is a VPN protocol, so you are able to tunnel into their router to…do what exactly?
-
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
Yeah except it would be iptables-restore < old_fw_rules.bak
-
permission denied
fuuuu
Found the debian user.
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Most secure box is the one that does nothing.
-
Found the debian user.
user permissions is a debian thing now?
-
Yeah except it would be iptables-restore < old_fw_rules.bak
wrote on last edited by [email protected]Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don't need to pipe it back in, you can just use the filename!
-
Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don't need to pipe it back in, you can just use the filename!
It wasn't always that way. At one time you had to so I still do.
-
user permissions is a debian thing now?
A long time ago, Debian 8 or so it was a bug with Debian. Something about the command running without root despite the sudo command.
