Hacker News: merpkz

New comment by merpkz in "The Pirate Bay Remains Resilient, 20 Years After the Raid"

merpkz — Tue, 02 Jun 2026 14:48:10 +0000

Isn't that just Cloudflare? thepiratebay.org resolves to CF IPs at the moment.

New comment by merpkz in "Removing the modem and GPS from my 2024 RAV4 hybrid"

merpkz — Fri, 15 May 2026 10:19:38 +0000

There is no way that is true, basic cars have always existed, like Dacia with bare minimum features to pass all requirements and they are far from being popular. The fact of the matter is, is that people just like fancy things and cars especially

New comment by merpkz in "Removing the modem and GPS from my 2024 RAV4 hybrid"

merpkz — Fri, 15 May 2026 10:16:41 +0000

I honestly can't either. A lot of people drive around with navigation set on their phones which also track every movement and knows your exact location and travel speed, might even know how aggressive you drive based on accelerometer data and all that info can be uploaded from navigation app like Waze which is very popular

New comment by merpkz in "Removing the modem and GPS from my 2024 RAV4 hybrid"

merpkz — Fri, 15 May 2026 10:14:10 +0000

How will they get access to this data? Hax into Toyota to track this one specific Rav4?

New comment by merpkz in "Poland is now among the 20 largest economies"

merpkz — Fri, 08 May 2026 14:25:46 +0000

First time I hear this explanation of why demographics is in decline in Europe and it kind of makes sense, every so often having this discussion about having children people bring up that they wont be able to enjoy things anymore, like travel, which in itself is a form of consumerism - buying the "experience"

New comment by merpkz in "Nintendo announces price increases for Nintendo Switch 2"

merpkz — Fri, 08 May 2026 11:40:37 +0000

What a wild statement, how much you have to eat in Japan to offset the airline ticket prices?

New comment by merpkz in "Valve releases Steam Controller CAD files under Creative Commons license"

merpkz — Thu, 07 May 2026 10:13:49 +0000

I played through whole Half-Life 2 on steam deck with aiming and shooting using right touch pad and it was alright. Strongly suspect though the game should have a support for it properly otherwise it feels janky in everything else I tried with it. No idea what's the use case for left pad though - I sometimes play with it during loading screens due to nice sound it makes, that's about it

New comment by merpkz in "Should I Run Plain Docker Compose in Production in 2026?"

merpkz — Tue, 05 May 2026 12:33:07 +0000

Well, as an example we usually set incoming rules to filter SSH only from administrator IP addresses, TCP 10050 only from zabbix monitoring server and leave few icmp types required and rest is dropped and logged.

For forward chain we set docker network ranges to route between themselves and only services actually used in containers. Allow container outgoing connections to our DNS servers, centralized HTTP proxy server and monitoring - nothing else containers are allowed to route to.

And for output is similar, only allow our DNS servers, NTP, HTTP proxy, centralized rsyslog where everything goes and zabbix monitoring server and a few icmp types - nothing else gets out and is logged.

With the advent of these supply chain attacks we read about often here it's just a matter of time some container is compromised and this seems like only viable way to at least somehow limit impact when such an event occurs.

New comment by merpkz in "Should I run plain Docker Compose in production in 2026?"

merpkz — Tue, 05 May 2026 11:56:44 +0000

How do you guys, who run Docker in production deal with managing nftables firewall on hosts running containers? By design docker daemon creates and manages a set of firewall rules to forward traffic between containers and ingress traffic into containers as well as masquarades the outgoing container traffic. That is all well until admin needs to alter hosts firewall to allow and deny other traffic unrelated to docker - and restarting nftables or even applying new nftables rules usually ( flush ruleset in /etc/nftables.conf ) purges all the docker created rules and effectively breaks everything until docker daemon is restarted and rules re-created. I have partially solved this by using nftables filter chains with different names - admin_input/admin_output and using input hook with negative priority - so that traffic I choose to block is evaluated before docker rules are applied - that feels a bit like hack, but so far is the only way I have found. It is good practice in this day and age to run local firewalls on all hosts with policy deny, so that only traffic explicitly allowed can pass, that can severely limit blast radius during compromise.

New comment by merpkz in "IPv6 traffic crosses the 50% mark"

merpkz — Thu, 16 Apr 2026 11:19:47 +0000

As if people doesn't already carry always online machine in their pockets

New comment by merpkz in "IPv6 traffic crosses the 50% mark"

merpkz — Thu, 16 Apr 2026 11:10:56 +0000

How does IP bans work in IPv6 case? One just blocks whole /64 or /56 address range?

New comment by merpkz in "Meta Platforms: Lobbying, dark money, and the App Store Accountability Act"

merpkz — Tue, 17 Mar 2026 14:10:10 +0000

> Some kids will be trafficked with the help of all these tech solutions, because they know exactly where your kids are at every moment.

What the hell are you talking about? They already know where my kids are! At school which is funded by government.

New comment by merpkz in "Why I love FreeBSD"

merpkz — Tue, 17 Mar 2026 08:32:42 +0000

Playstation is based on FreeBSD, so I would guess that Sony has some serious FreeBSD people working there who created one of the most popular a video game console - that's pretty cool

New comment by merpkz in "Starlink Mini as a failover"

merpkz — Mon, 16 Mar 2026 09:52:53 +0000

Man, that 500kbit/s is quite generous for that price, can easily be used to access CCTV cameras in remote areas. I currently use LTE for that and it's 10 eur for 15GB data cap per month for that use case

New comment by merpkz in "US- and Greek-owned tankers ablaze after Iran claims 'underwater drone' strike"

merpkz — Thu, 12 Mar 2026 20:46:24 +0000

> Ukraine has been using these drones so it’s entirely possible Iran has this tech too.

Ukraine has been defending against these drones for past 4 years!

EDIT: nevermind, we are talking about sea babies, not shaheds - different kind of drones.

New comment by merpkz in "My Homelab Setup"

merpkz — Mon, 09 Mar 2026 07:28:23 +0000

These modern-day homelabbers will do anything to avoid DNS, looks like to them it's some kind of black magic where things will inevitably go wrong and all hell will break loose.

New comment by merpkz in "I Ported Coreboot to the ThinkPad X270"

merpkz — Tue, 24 Feb 2026 09:13:02 +0000

> I can’t recommend libreboot enough, or even heads if libreboot isn’t your speed.

Why though? Not a single reason mentioned in post about why would it be better than whatever stock BIOS the laptop is shipped with.

New comment by merpkz in "An ARM Homelab Server, or a Minisforum MS-R1 Review"

merpkz — Sun, 22 Feb 2026 08:31:08 +0000

My point was they are not guaranteed to work reliably when shoved into a NUC, with janky adaptoprs and lack of airflow

New comment by merpkz in "An ARM Homelab Server, or a Minisforum MS-R1 Review"

merpkz — Fri, 20 Feb 2026 10:03:42 +0000

Not sure about the CPU performance being much more powerful for some shit-stained NUCs found on ebay, but one selling point for these minisforum machines are hassle-free dual 10G interfaces which are required for decent cluster performance - see ceph or proxmox ( with ceph ) or even kubernetes with, you guessed it - rook-ceph. Getting 10Gbit interface to work on ThinkCentre is possible, but not guaranteed to be reliable. This machine is perfect for such application and price point is not that terrible all things considered.

New comment by merpkz in "Martial arts robots at 2026 Spring Festival Gala [video]"

merpkz — Thu, 19 Feb 2026 09:07:03 +0000

Any information what battery life these things have? Would a human be able to outrun them given the need?