I love a good morning c̸͎͚̫̺͒̇̾̓e̷̤̦͘r̸̳̞̖͜͝ȁ̴̙̅̈͌̏m̵̰͓̹͊̈́̾͌͘i̵͔̎c̴̥̙̖͛͜

Babe, wake up, the new Jia Tan dropped!

I hear you, I host lots of stuff. But none I can think of would be RCE vulnerable directly from a CPU vulnerability. You could use a CPU vulnerability to privesc later, but once someone has RCE, your already pwn’d, and privesc is mostly a given anyway either way. So CPU vulnerabilities falls way down the list of things to worry about.

As long as you keep your router OS patched and up to date, CPU vulns really arent a concern.

I can’t think of any typical services that you’d run on a router/home server that allow arbitrary code execution. The main risk was mostly web browsers with JavaScript, or VPS providers.

Either way, definitely unlikely for a home router.

The beauty of game dev, is that you can make the most cursed codebase, and as long as it works, the only person itll impact is yourself.

Also, startup costs are basically zero, there is no need for a top end PC, whatever you have now is probably good enough to start.

Exploiting those vulnerabilities via pure network traffic is borderline impossible. Most CPU exploits (meltdown et al.) require execution on the device, you can’t do it via crafted network packets.

Dust off the delorean!

https://cameroncros.github.io/wifi-condom.html

This is my travel router setup, might be useful for you to start from.

Probably, but raspi only has one interface, and USB network cards can be flakey. You’ll also not get outstandingly fast speeds, so ifnyour on a fast fibre connection you’ll struggle to hit the full speed.

Its a bad idea from a power consumption POV, your old PC will be very inefficient, and running it 24/7 as a router will rapidly add up.

Security wise, you’ll be running a fairly up to date Linux or BSD based OS, so its perfectly safe.

Yes. Separate out each part out. You are currently publishing the equivalent of of a compiled binary. Split it up, and use a script to “compile” it back into the mega shell script.

It means that changes to each file can tracked (and audited) individually, you can conditionally compile bits in or out, and most usefully, you can write tests for the individual components.

Sorry, but a photo of a directory structure is not a source tree.

Your git repo consists of 4 files, a readme, a licence, and two packed shell scripts.

If you have an actual published source repo, link people to it.

I dont understand why people do this

Charitably: AI turbocharged dunning-kruger

Less charitable: Malware delivery.

There is no good reason why they couldn’t have a normal source tree, that they pack into a single shell script in CI.

Volume encryption would either mean typing a password at boot, or needing to use the TPM, which would get stolen with the NAS, so either very inconvenient, or useless.

And I dont think anyone breaking in to steal a NAS is going to do it to read the data, they’ll sell the hardware for cash. Anyone who would break in for the data is likely a far more sophisticated threat, which is a bit paranoid.

1 vote against truenas scale. I am happy now that it’s setup, but it was such a pain to get working. The GUI insisted that the disks had no serial numbers, but I could see them clearly in the commandline. I had to commandline setup the zfs, which they dont doco, and it has diverged from the published BSD instructions.

I also get the impression that unless you are using commercial grade stuff, truenas dont want anything to do with you.

Do you really need encryption if its all local? You should be able to trust your network is safe, so encryption in transit is the most you need to worry about? And if your NAS is on 24/7 its decrypted 24/7 anyway, so no real win having disk encryption.

I bet you choose to be attracted to pans. Sinner.

/s (shouldn’t need this right?)

They owe their start to the gaming community, but their success has largely been off the back of being first to “sell shovels” for crypto and AI.

They’ve kinda outgrown us sadly. I kinda wonder if they’ll spin out the GPU business one day.

I use a separate nuc, and even still, rebooting the router is a non-trivial exercise. The internet was wired into the top shelf of a cupboard, so need a step ladder to get to it.

Since getting a second pihole setup I haven’t had any issues, so I think I’m okay now. Hopefully it fails over the christmas break when I’m home :D

I dont think so, because everything else remains up and working. But it certainly could be.

I mostly like it, but over the last few months I’ve had my pihole die randomly during the day, which killed my home network, and I had to walk my partner through rebooting everything.

I’ve now got redundant pihole instances, but I’d really like to know what is going wrong with pihole. Its impossible to replicate, and very sporadic.