The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.

If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.

If your webapp has unfettered database access then don't be surprised if it is hacked and someone can do `select * from users` and then posts that dump somewhere.

The attack surface changes if your webapp can only do a REST call to pull a single user record at a time. That way you can put some auditing in, you can put rate limiting in to detect that, etc.

Obviously the user record REST api endpoint is still vulnerable, but it's a much smaller attack surface, easier to audit, and can be monitored a lot more closely.

Yes, ultimately, there will still be a set of vulnerable humans that have access to the database servers themselves and they can always walk out of the place with an SD card hidden in a Rubik's cube but there has to be an element of trust somewhere.

The problem is that too many people put that trust boundary way too far out into the big bad Internet. Or don't even consider it at all and just rely on the fact that other targets are more appealing.

It may keep out the bottom x% of spammers/hackers but it doesn't do much for the increasingly sophisticated scams that are appearing.

If the bit before the + ends up in your inbox anyway then it'll just get stripped off and used. Spammers seeing this kind of thing across several breach dumps:

bob+trello@example.com, bob+spotify@example.com, bob+chase@example.com

and will leverage that to target spam at you for other sites, or just email bob@example.com as there's a good chance that'll get through.

Years ago I did a test with my own domain where I created who unique aliases with plus addresses, e.g. steve.smith+iawer@example.com, bob.jones+wpoqe@example.com

It didn't take long for emails to start arriving to steve.smith@example.com and bob.jones@example.com even though that email address had never been used anywhere ever before.

As others have said, you're better off just creating unique emails with `pwgen -s 16` such as wmR5pNhGI8yidU7N@example.com and storing that in your password manager alongside a similarly random password. (Yes, this is roughly what those unique email address services provide.)

Also many services/sites/providers simply assume the username is immutable. $DEITY forbid you might have to change your email address at some point in the future.

The only extra bits I saw for the other emails on my domain was a plus address I'd used for last.fm which had been leaked. None of the other emails (wife, kid, family, etc) appear in any breach.

I'm slowly moving away from using my own personal domain as it's becoming an ever increasing burden. I'm also concerned that my wife/kid will be left with something they may not have access to, or would stop working at some point, if I suddenly dropped dead.

I'd planned on writing something myself to parse the HTML and write a suitable exporter but I thought I'd give Claude a chance.

In a sandboxed VM I gave Claude a single static HTML file of the status page from the printer, also in the directory was the equivalent of "hello world" in Go, literally just the minimum needed to do `fmt.Printf("OK\n")`. The directory was called `brother-exporter`. That was it. No other instructions or information. I hadn't told it what it needed to write. I hadn't said what it should do. I hand't told it what language it was supposed to use.

Just by doing a `/init` in that directory Claude decided that it needed to write a Prometheus exporter in Go that would fetch and parse the HTML file from a printer (defaulting to 192.168.1.1) and then present the associated metrics in a way that they could be scraped by Prometheus.

It did this flawlessly in about 10 minutes.

I could have done it in several hours but this was definitely an "oh shit" moment for me. I think the biggest thing was the fact that it guess/assumed so much (correctly) from so little information in the beginning.

https://en.wikipedia.org/wiki/The_Circle_(Eggers_novel)

In the end I just replaced each X540-T1 with a X520-DA2 which are pretty much the same price on eBay (under USD20) and then I can just use a DAC that's a fraction of the cost of the RJ45-SFP+ transceivers.

    10 x 0.1 = 1

My wife is trying to sort something with a famous Irish airline who are well known for messing people around. She has LPA/POA for her mother but rather than the airline accepting the VCode (this is the UK) the airline are requesting to see the original POA certificate which is just ridiculous. They seem to be moving a little quicker now there is solicitor involved.

Given how much back and forth there has been it's probably cost the airline more than just refunding the amount at the first request. We'll keep going to prove a point.

[EDIT] The asymmetric supplier is BT via Openreach. Google something like "BT Fibre 500".

Sure, but I want to choose when I do it, not have it forced upon me.

> 75 mbit up is pretty good compared to DSL (I bet it is cable)

It is FTTP not DSL or cable. BT Fibre 500 in the UK. Almost all of the deals through the legacy/monopoly provider (BT/Openreach) are asymmetric like this.

The 2500/2500 at the new property is a different provider that has their own network and so isn't tied into reselling Openreach's GPON infra.

But, yes, that video is exactly the kind of thing I had in mind for the bend insensitive fibre.

It all depends how I set things up (and I can't tell that until I've had more access to the property). The ONT and the rack with the USW-Aggregation switch are 10 yards apart, in terms of absolute distance, but probably 20 yards if you follow the walls/skirting-boards/etc.

The FTTP is presented as 2.5GbE Ethernet (apparently) so I can either:

a) put my Unifi Express 7 next to the ONT and then need a fibre run (something like https://uk.store.ui.com/uk/en/category/accessories-modules-f...) from the SFP+ port on the Express 7 to the USW-Aggregation in the rack.

However this will be sub-optimal in terms of Wifi and I'll probably need extra APs to cover all three floors and out into the back yard.

b) put my Unifi Express 7 in the hallway in the middle of the house (which should give me full Wifi coverage with no extra APs). This would mean a short (2m) DAC to connect it to the USW-Aggregation nearby, and I can use a 20m long flat/flexible Cat-6 Ethernet cable to go between the ONT and the Unifi Express 7.

Maybe my "last house" (i.e. the one we'll get to see us through to retirement and beyond) will be Mikrotik based. By then I'll probably want as little computing stuff as possible and will just sit in a comfy chair doing crosswords and sudoku with a pencil.

The spools of bend insensitive fibre are pretty cheap and very discreet so I'll probably have a couple of those running along skirting boards/etc in order to connect disparate areas of the house. (The ONT is ~15m away from where the majority of the equipment will live, that's the main bit I have to bridge.)

Basing things on 2.5GbE would certainly have been cheaper but some things don't support it (they either do 1GbE or 10G SFP+) so settling on 10G where possible made more sense to me. My future ISP also has a 5Gbps up/down option, but even I can't justify that right now.

My wife and kid just want their phones/laptops to work, and to be able to stream stuff to watch, they don't care about the underlying speed.

Having a faster network may make some of my work related things run a bit quicker. A few times a day I'll need to pull something big down (either an ISO or a bunch of docker images) and that can take up to 2 minutes with 500Mbps down. Having those take a fifth of that time will make it seem less of a roadblock to doing work. 2 minutes meant I went and got a cup of coffee and often got more distracted, 30 seconds should keep me at my desk and focused on what I was doing. That's not a big enough reason to justify it on its own obviously.

I also want to do offsite backups with/for various family members, so something better than 75Mbps up is going to be a huge boost. Getting 1Gbps+ out will be huge (assuming whatever is at the other end can support that).

I don't do any kind of data hoarding, I think I've got something under 4TB of data that I actually care about, and most of that are family photos/videos.

Deep down it's mostly because I'm a networking geek so it's fun to play with some new kit and make blinkenlights.

I think I paid ~$15 for each X520-DA2 including postage.

The specs say they require PCIe v2.1 x8 lane.

My Proxmox server is quite old and has a Gigabyte GA-X79-UP4 mobo and has loads of spare PCI slots. One slot is taken up by a generic graphics card as the Mobo has no on-board graphics. (I think I went for this mobo because of the number of SATA ports, but it was over 10 years ago so not entirely sure.)

My general Linux server is newer and has an ASUS Prime H610M-A D4 mobo. Only two PCI slots (not used at the moment) and so the Intel X540-DA2 will use up the PCIe 4.0 x16 slot leaving just a PCIe 3.0 x1 slot. But that's fine as this machine is just a CPU (i7-13700), 64GB RAM and a 2TB NVMe. Sticking a good graphics card in it for GPU related fun had been on my list for years but I never got around to it, now the prices are just insane so I'll ignore that for now or something second hand falls into my lap.

I have a USW-Aggregation with 8 SFP+ ports arriving today too. Just have to install Intel X520-DA2 cards in two of my servers (Proxmox host and a general Linux server), and the NAS also has a 10G SFP+ port, and then connect it all up.

Most of it second hand from eBay for half the usual retail price.

(Hint: No, he's not replying with AI. Two hyphens are not an em dash. Even then there's no hint of it being an AI response. Also the person is actually the CEO of Dropbox, the very person this thread is all about. You only have to click his username to see his posting history to see he's not an AI bot posting endlessly, his last posts (prior to today) were in 2024.)