Proxmox vs XCP-ng : découvrez notre aperçu des fonctionnalités, des avantages, des performances et de l’évolutivité des deux systèmes de virtualisation.

Proxmox VE est basé sur KVM /QEMU, intégré directement dans le noyau Linux, ce qui lui permet de bénéficier du vaste écosystème Linux. La plateforme est ainsi flexible, fonctionnant en étroite synergie avec les technologies Linux actuelles. XCP-ng repose, quant à lui, sur l’hyperviseur Xen, un hyperviseur classique de type 1 avec sa propre couche intermédiaire entre le matériel et les machines virtuelles. Ces architectures différentes influencent l’intégration des pilotes, le modèle de sécurité et les mécanismes de paravirtualisation ou de virtualisation complète.

For those concerned about monitoring the temperature of the Raspberry Pi, there are two commands that can be used to retrieve temperature readings from the temperature sensors.

Block mass exploitation attempts before they reach your perimeter with the ultra-curated Crowdsec Blocklists.

RAIDZ levels reference covers various aspects and tradeoffs of the different RAIDZ levels.

RAIDZ levels comparison chart

Lorsque je travaille sur des projets personnels, j’ai besoin d’un environnement de test que je peux déployer rapidement et facilement.

Souvent, mon poste de travail n’est pas suffisant pour répondre à mes besoins. Je m’arme donc de deux serveurs clients légers sur lesquels je déploie mes machines virtuelles. Ces clients légers sont adaptés pour des tests rapides et sont pensés pour ne pas consommer trop d’énergie (ils sont allumés 24/7, donc j’essaye de faire attention).

Mais lorsque je fais des tests un peu plus poussés, ces serveurs sont vite limités (avec un Home-Assistant, un serveur média, le Omada Controller, des noeuds Kubernetes, et quelques autres services, ça commence à tirer sur la corde).

Pour continuer mes expériences et mon apprentissage, je loue alors un serveur dédié chez OVH sur lequel j’ai installé un Proxmox.

Mais avoir 2 infrastructures séparées, ça n’est pas très pratique. J’ai donc décidé de les relier entre elles.

Depuis ma workstation, j’ai un client tailscale (avec un serveur headscale) me permettant d’accéder à un bastion sur l’infra à distance.

Simple, efficace, pas cher.

Information

Tailscale est un VPN basé sur WireGuard qui permet de connecter des machines entre elles de manière sécurisée. Il intègre des ACLs, un DNS, un système de partage de fichiers et bien d’autres fonctionnalités.

En téléchargeant l’agent sur une machine, celle-ci peut rejoindre un réseau Tailscale et communiquer avec les autres machines du même compte. Dans une entreprise, cela peut permettre de donner accès à des ressources internes à des employés en télétravail ou gérer qui a accès à quels services.

Mais une limite me dérange un peu : si un hôte sur mon infra-cloud doit contacter un hôte dans mon LAN, je dois installer un client sur chacun des postes.

Devoir installer un agent sur chaque machine est un peu lourd.

En réponse à ça, il est possible d’utiliser les routes tailscales pour qu’un hôte devienne le point d’entrée vers un réseau.

Sur cette page, je vais vous expliquer comment j’ai configuré mon infrastructure pour que mes deux réseaux soient interconnectés (en installant un réseau Tailscale).
Installer Headscale

Euh… On parlait pas de Tailscale à la base ?

En réalité, je n’ai jamais utilisé Tailscale directement. Headscale est un serveur Tailscale auto-hébergé utilisant les clients Tailscale (et son réseau DERP).

Ainsi, l’authentification des clients se fait directement sur mon serveur, et je peux gérer les ACLs directement depuis ce dernier. Voici le schéma de ce que je veux mettre en place :

Headscale VPN hybride

Du fait de la nature de WireGuard, le trafic ne passe pas par le serveur Headscale, mais directement entre les clients. Headscale sert principalement à gérer les ACLs et à propager les routes (on verra ça plus tard).

Pour installer Headscale, je vais utiliser Docker Compose sur un VPS gratuit chez Oracle Cloud (je voulais qu’il soit hors des réseaux que je veux connecter).

J’utilise Traefik comme reverse proxy pour exposer le port 8080 de mon conteneur Headscale, mais il n’est pas forcément obligatoire d’exposer le port 8080.

services:
headscale:
image: headscale/headscale:0.22.3
volumes:

• ./config:/etc/headscale/
• ./data:/var/lib/headscale
  ports:

  - 8080:8080

• 3478:3478/udp # STUN
  command: headscale serve
  restart: unless-stopped
  labels:
• "traefik.enable=true"
• "traefik.http.routers.headscale.rule=Host(headscale.une-tasse-de.cafe)"
• "traefik.http.routers.headscale.entrypoints=secure"
• "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
• "traefik.http.services.headscale.loadbalancer.server.port=8080"
  networks:
• traefik-net

networks:
traefik-net:
external: true
driver: overlay
name: traefik-net

Si vous n'utilisez pas Traefik

Une fois traefik (ou un autre reverse proxy) configuré pour exposer le port 8080 du conteneur, je vais créer mon fichier ./config/config.yaml à partir de la template fournie par Headscale.

curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml

Voici les valeurs que j’ai modifiées pour mon cas d’usage :

server_url: https://headscale.une-tasse-de.cafe
listen_addr: 0.0.0.0:8080
dns_config:
base_domain: une-tasse-de.cafe

Pour la partie DNS, Tailscale va automatiquement ajouter un enregistrement DNS à chaque machine qui rejoint le réseau. Ainsi, je peux accéder à mes machines par leur nom de domaine via la syntaxe nom-machine.nom-utilisateur.base-domain.

Par exemple, si je nomme mon hôte cloud-router et que je suis l’utilisateur router, je pourrais accéder à mon hôte via cloud-router.router.une-tasse-de.cafe.
Ajouter un client Tailscale

Il existe deux méthodes d’authentification sur Headscale :

Ajout de notre token dans la base Headscale,
Authentification par token pré-authentifié.

Pour notre premier client Tailscale, testons la première méthode.

Je vais ajouter mon laptop (qui doit pouvoir accéder aux deux réseaux lorsque je suis en déplacement).

$ curl -fsSL https://tailscale.com/install.sh | sh
$ sudo tailscale up --login-server https://headscale.une-tasse-de.cafe
To authenticate, visit:

    https://headscale.une-tasse-de.cafe/register/nodekey:0592da68e42380d988c7a17c7c47728f2643e6cfb7988258bb3af7b193cba272

Via ce lien, on tombe sur cette page :

08de96fe92b24ca0d6628091b854075f.png

L’URL générée par Headscale ne sert qu’à donner la commande à exécuter pour valider l’authentification du client. Cette commande peut être exécutée depuis le conteneur Headscale, ou en exposant un socket gRPC à l’extérieur du conteneur et en y accédant depuis la cli Headscale.

Avant de valider l’authentification, je vais également créer un utilisateur quentin sur Headscale.

docker compose exec headscale headscale ns create quentin
docker compose exec headscale headscale nodes register --user quentin --key nodekey:0592da68e42380d988c7a17c7c47728f2643e6cfb7988258bb3af7b193cba272

Success s’affiche sur le terminal, cela nous indique que nous avons bien rejoint le réseau Tailscale.

Astuce

Si vous n’exposez pas le port 8080 de votre conteneur, vous pouvez toujours obtenir le token dans l’URL renvoyée par la commande tailscale up et l’ajouter directement dans la base Headscale.

Après l’étape de l’authentification, un tailscale status nous affiche les hôtes disponibles sur le réseau :

$ tailscale status
fd7a:115c:a1e0::1 laptop quentin linux -

On se sent un peu seul ici… je vais ajouter mon “routeur” coté cloud !

J’installe une machine cloud-router qui va rejoindre notre réseau Tailscale d’une seconde façon : via un token pré-authentifié.

Dans le premier cas, un administrateur (nous) a dû se connecter sur le serveur Headscale pour valider la connexion. Mais c’est assez peu flexible et sauf si votre utilisateur garde son terminal ouvert jusqu’à ce que vous ayez validé l’utilisateur : il n’est pas possible de valider un client en asynchrone.

C’est dans cette situation que les clés pré-authentifiées peuvent être un atout. Ce token est lié à un utilisateur, c’est pourquoi je vais d’abord créer router qui rassemblera les machines des différents réseaux.

docker compose exec headscale headscale ns create router

Maintenant, je demande un token pré-authentifié d’une durée de 24h.

$ docker compose exec headscale headscale --user router preauthkeys create --expiration 24h
9b4bfbb0ab0977fc6c9a907e90c6784ba3adfb381b73f1f5

Cette commande va me créer un token à usage unique pour authentifier automatiquement le client tailscale qui l’utilisera.

Astuce

Il est possible de faire un token réutilisable plusieurs fois en rajoutant --reusable.

sudo tailscale up --login-server https://headscale.une-tasse-de.cafe --auth-key 9b4bfbb0ab0977fc6c9a907e90c6784ba3adfb381b73f1f5

Nous n’avons pas eu à valider le client sur notre Headscale cette fois-ci, le client a pu rejoindre le réseau Tailscale directement.

Un tailscale status nous affiche bien nos deux clients :

$ tailscale status
fd7a:115c:a1e0::1 laptop quentin linux -
fd7a:115c:a1e0::2 cloud-router.router.une-tasse-de.cafe router linux -

J’ajoute maintenant un second hôte home-router qui sera le point d’entrée/sortie pour accéder au réseau distant.

$ tailscale status
fd7a:115c:a1e0::1 laptop quentin linux -
fd7a:115c:a1e0::2 cloud-router.router.une-tasse-de.cafe router linux -
fd7a:115c:a1e0::3 home-router.router.une-tasse-de.cafe router linux -

Maintenant, nous avons un hôte dans chacun des réseaux. L’hôte home-router peut accéder à la machine cloud-router , mais pas au réseau derrière (192.168.128.0/24).

Il m’est possible de configure les machines pour rediriger les paquets provenant du réseau Tailscale, mais il est possible de configurer ces routes directement sur Headscale, et c’est ce que je vais faire.

Sur la machine cloud-router, ayant une interface dans le réseau 192.168.128.0/24, je vais informer Headscale que je souhaite partager l’accès à ce réseau.

Pour cela, je peux configurer mon client via tailscale set --advertise-routes 192.168.128.0/24 --advertise-exit-node (toujours depuis la machine cloud-router).

Mais la route ne va pas automatiquement se propager sur les hôtes, il faut encore la valider directement sur le serveur Headscale.

$ docker compose exec headscale headscale route list
ID | Machine | Prefix | Advertised | Enabled | Primary
1 | cloud-router | 192.168.128.0/24 | true | false | false

La route est bien connue par Headscale, mais elle n’est pas encore activée.

Pour l’activer, je peux le faire depuis la cli docker compose exec headscale headscale route enable -r 1 où 1 correspond à l’ID de la route.

Sur l’hôte home-router, je configure également une route tailscale set --advertise-routes 192.168.1.0/24 (qui devra aussi être activée par docker compose exec headscale headscale route enable -r 2).

$ docker compose exec headscale headscale route list
ID | Machine | Prefix | Advertised | Enabled | Primary
1 | cloud-router | 192.168.128.0/24 | true | true | true
2 | home-router | 192.168.1.0/24 | true | true | true

Par défaut, les clients n’acceptent pas les routes propagées. Pour changer ça, il faut configurer le paramètre tailscale set --accept-routes.

Je vais rentrer ce paramètre sur nos 3 hôtes :

laptop
cloud-router
home-router

Depuis laptop (sur un réseau différent, ex 4G), je peux alors pinguer une adresse du réseau 192.168.1.0/24 et 192.168.128.0/24.

Maintenant, configurons les ACLs pour que seuls les utilisateurs ‘quentin’ et ‘routeur’ aient accès aux routes : ***

Dans mes paramètres Headscale config.yaml, j’ai ajouté le chemin du fichier ACL :

acl_policy_path: "/etc/headscale/acl.json"

Ce fichier est à créer à coté de config.yaml, voici un exemple de configuration :

{
"acls": [
{
"action": "accept",
"src": ["quentin", "router"],
"dst": ["192.168.1.0/24:", "192.168.128.0/24:", "router:*"]
},
]
}

Ainsi, les machines des utilisateurs quentin et router peuvent accéder aux réseaux 192.168.1.0/24 et 192.168.128.0/24 ainsi qu’aux autres hôtes du réseau Tailscale appartennant à l’utilisateur router (comme cloud-router et home-router).

Astuce

Si je veux restreindre le nombre de machines joignables, je peux juste préciser les IP individuellements (192.168.1.200/32, 192.168.128.15/32).

Je dois redémarrer mon conteneur Headscale pour prendre en compte les changements.
Configurer les routes

N’importe quelle machine appartennant à l’utilisateur router peut maintenant joindre les réseaux distants. Mais je ne veux pas avoir à installer un agent tailscale sur chacune des machines devant joindre ces plages (et c’est là que le terme router prend tout son sens dans le nom des machines).

Je vais alors configurer home-router et cloud-router pour être des passerelles vers les réseaux qu’elles connaissent.

Sur chacune d’entres elles, j’active le routage des paquets :

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Depuis une machine quelconque (AKA sans le moindre agent tailscale) de mon réseau 192.168.1.0/24, je vais essayer de joindre une machine du réseau 192.168.128.0/24 via home-router (dont l’IP est 192.168.1.181)

root@quelconque:~# ip route add 192.168.128.0/24 via 192.168.1.181
root@quelconque:~# ping -c1 192.168.128.1
PING 192.168.128.1 (192.168.128.1) 56(84) bytes of data.
64 bytes from 192.168.128.1: icmp_seq=1 ttl=63 time=100 ms

Je fais également ça de l’autre coté (toujours sur une machine sans agent tailscale) :

root@autre-machine-quelconque:~# ip route add 192.168.1.0/24 via 192.168.128.10
root@autre-machine-quelconque:~# ping -c1 192.168.128.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=62 time=92.5 ms

Parfait, j’ai bien mes passerelles vers les réseaux respectifs !
OPNSense

Propager une route statique, c’est rigolo lorsque j’ai 3-4 machines à configurer mais ça devient vite fastidieux de devoir s’assurer que chaque machine possède la bonne route.

Mais par chance, mon routeur virtuel (coté cloud) est un OPNSense sur lequel je peux configurer des passerelles et des routes !

Ainsi, je peux aller sur l’interface web pour prévenir mon routeur de l’IP de la passerelle.

65c980822686fdfd2974bf8d2ad17045.png

Une fois qu’il connaît la passerelle, je lui demande de créer une route passant par cette passerelle pour accéder à mon réseau 192.168.1.0/24.

943d76b20e5b8ccef86f00ea7e1ff917.png

Ainsi dès qu’une VM va essayer de joindre mon réseau LAN, le routeur OPNSense va automatiquement rediriger les paquets vers la passerelle cloud-router.

Malheureusement, pour le chemin inverse, je n’ai pas encore d’autre solution que de configurer les routes de manière statique sur mes machines. La raison est que j’utilise encore ma box Orange qui ne propose aucune option pour ajouter des routes personnalisées.

Pour les routes statiques, je peux les configurer dans le fichier /etc/network/interfaces de cette manière :

allow-hotplug ens18
iface ens18 inet static
address 192.168.1.42
netmask 255.255.255.0
gateway 192.168.1.1
post-up ip route add 192.168.128.0/24 via 192.168.1.181

Conclusion

Je vais essayer de prévoir la principale question que vous pourriez vous poser :

Pourquoi Tailscale et pas un simple Wireguard ?

Parce qu’en réalité, j’ai beaucoup plus que 3 machines dans mon réseau VPN, et l’usage de Tailscale me permet de gérer les ACLs avec des permissions assez poussées sans avoir à bricoler des IPTables (si j’étais passé par du WireGuard classique).

Plusieurs options étaient alors possibles :

FireZone
ZeroTier
Netmaker
WireGuard + IPTables

Ayant déjà bricolé avec Tailscale, je me suis dirigé assez naturellement vers cette solution. Mais je vous invite fortement à tester ces autres options (et à me faire un retour si vous le souhaitez). Le combo Tailscale + Headscale me convient parfaitement mais je ne suis pas fermé à d’autres solutions.

Et concrètement, it just works. J’ai pu rapidement mettre en place mon infrastructure et la faire fonctionner sans trop de difficultés.

While having a self-healing, scalable docker swarm is great for availability and scalability, none of that is worth a sausage if nobody can connect to your cluster!

Preparation

Enable IPVS module

On all nodes which will participate in keepalived, we need the "ip_vs" kernel module, in order to permit services to bind to non-local interface addresses.

Set this up once-off for both the primary and secondary nodes, by running:

echo "modprobe ip_vs" >> /etc/modules
modprobe ip_vs

Setup nodes

Assuming your IPs are as per the following example:

192.168.4.1 : Primary
192.168.4.2 : Secondary
192.168.4.3 : Virtual

Run the following on the primary

docker run -d --name keepalived --restart=always \
--cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host \
-e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.4.1', '192.168.4.2']" \
-e KEEPALIVED_VIRTUAL_IPS=192.168.4.3 \
-e KEEPALIVED_PRIORITY=200 \
osixia/keepalived:2.0.20

And on the secondary2:

docker run -d --name keepalived --restart=always \
--cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host \
-e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.4.1', '192.168.4.2']" \
-e KEEPALIVED_VIRTUAL_IPS=192.168.4.3 \
-e KEEPALIVED_PRIORITY=100 \
osixia/keepalived:2.0.20

Serving

That's it. Each node will talk to the other via unicast (no need to un-firewall multicast addresses), and the node with the highest priority gets to be the master. When ingress traffic arrives on the master node via the VIP, docker's routing mesh will deliver it to the appropriate docker node.
Summary

What have we achieved?

Summary

Created:

A Virtual IP to which all cluster traffic can be forwarded externally, making it "Highly Available"

The easy, 5-minute install

I share (with sponsors and patrons) a private "premix" GitHub repository, which includes an ansible playbook for deploying the entire Geek's Cookbook stack, automatically. This means that members can create the entire environment with just a git pull and an ansible-playbook deploy.yml 👍

Chef's notes 📓

Some hosting platforms (OpenStack, for one) won't allow you to simply "claim" a virtual IP. Each node is only able to receive traffic targetted to its unique IP, unless certain security controls are disabled by the cloud administrator. In this case, keepalived is not the right solution, and a platform-specific load-balancing solution should be used. In OpenStack, this is Neutron's "Load Balancer As A Service" (LBAAS) component. AWS, GCP and Azure would likely include similar protections. ↩

More than 2 nodes can participate in keepalived. Simply ensure that each node has the appropriate priority set, and the node with the highest priority will become the master.

Both Arrays and Maps use similar syntax, so care is required to ensure the variable is of the correct datatype - this is determined by the first declaration line for the variable:

Using empty [ ] declares a Map:

Local $vVar[] ; A Map

Filling the [ ] with a dimension size declares an Array:

Local $vVar[3] ; An Array

Assigning element values when declaring makes the variable an Array - these three lines are functionally equivalent:

Local $vVar[3] = [1, 2, 3] ; An Array
Local $vVar[] = [1, 2, 3] ; An Array
Local $vVar = [1, 2, 3] ; An Array

Cette carte est un projet « béta » lié à une application métier dédiée aux agents de conduite et commerciaux des trains SNCF.
Elle est livrée sans garanties de fiabilité ou de mise à jour.

Les données présentées, en plus du fond de carte ©OpenStreetMap et ©OpenMapTiles, viennent de ©SNCF Réseau et toutes disponibles en opendata sur https://data.sncf.com.
De plus, quelques extras sont disponibles sur un dépôt github (notamment le GeoJSON des points kilométriques non distribué par SNCF Réseau).
Enfin, les pictos commencent à être disponibles sur un dépôt GitHub dédié également.

Pour plus d'informations sur la signalisation ferroviaire, consultez cet article très pédagogique sur le site de l'EPSF.

MarineTraffic is the world’s leading provider of ship tracking and maritime intelligence. We are dedicated to making actionable information easily accessible.

dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun!

Find your device & driver

from a massive database of PCI and USB devices.

This guide is intended to provide technical guidance to design, configure and operate the Profiling feature in the Cisco Identity Services Engine (ISE). The document provides best practice configurations for a typical environment.

LookingGlass delivers the most comprehensive threat intelligence-driven solutions in the market enabling security teams to efficiently and effectively address threats throughout the cyber threat lifecycle.

With a scalable solutions portfolio of threat data feeds, a threat intelligence management platform, threat mitigation solutions, and threat intelligence services, LookingGlass enables security teams to prevent, detect, understand, and respond to analyzed, prioritized, relevant threats.Additionally, with a deep knowledge of the global Internet topology and near real time activity, LookingGlass helps organizations understand threats inside and outside their perimeter - including threats that may be impacting third party trusted partners, other organizations in their industry, and the latest threat trends impacting the global Internet at large.

Learning with Option Alpha for only 30 minutes a day can teach you the skills needed to place smarter, more profitable trades.

Data To Fish was born in an effort to facilitate the application of data science using various tools such as Python, R, Julia and SQL.

We are passionate about data, and strive to provide you the most up-to-date and accurate information about common data-related problems.

The content provided on this website is constantly reviewed. Yet, if you do come across any errors in the content, please feel free to reach us at datatofish@gmail.com. Please note that due to the high volume of requests, we can no longer accommodate personal requests of code reviews. Please also refrain from including any email attachments.

Industrial design and fashion come together in our pocket-sized essentials. Made in Holland with great care for quality, people and the environment. A better world starts in your pocket.

Wolfram hat zwei neue Mitbewohner: Ork Ogrosch und Elfe Reena. Eben noch online, jetzt in der WG.

Need help with options trade adjustments? This in-depth video guide will be your ultimate resource we the specific strategies and techniques we used adjust options trades that moved against us and turned losers into winners. Plus, we're giving you multiple real-life examples and case studies from our own account.

A big part of machine learning is classification — we want to know what class (a.k.a. group) an observation belongs to. The ability to precisely classify observations is extremely valuable for various business applications like predicting whether a particular user will buy a product or forecasting whether a given loan will default or not.

Malpedia is a free service offered by Fraunhofer FKIE.
Administration is lead by Daniel Plohmann and Steffen Enders.

Mission Statement
The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.
Please respect the Terms of Service.

Also, please be aware that not all content on Malpedia is publicly available.
More specifically, you will need an account to access all data (malware samples, non-public YARA rules, ...).
In this regard, Malpedia is operated as an invite-only trust group.

MyPcapAnalyzer is a service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by Intrution Detection Engines and other rulesets.

Va-t-il pleuvoir dans l'heure ?

The extra tags provide extra features or extra information extracted or generated by ExifTool that is not directly associated with another tag group. The Group column lists the family 1 group name when reading. Tags with a "-" in this column are write-only.

A command-line interface to Image::ExifTool, used for reading and writing meta information in a variety of file types. FILE is one or more source file names, directory names, or - for the standard input. Metadata is read from source files and printed in readable form to the console (or written to output text files with -w).

If you are using a Raspberry Pi, the best approach is just to follow the guide over at the Tuya-Convert git and then skip down to Configuring Tasmota for the Brilliant Plug. This approach has been tried and tested and just keeps getting simpler. Over on YouTube digiblurDIY has a great guide following from the Tuya-Convert procedure which is great for beginners.

A helper tool to transfer sniffer data from ConBee USB dongle to a Wireshark instance.

When combining the definitions of the bridge and things in one file, the system did behave quite strange. Things were not updated or I had to rename the broker. Accordingly I moved the definition of the bridge in a separate file.

At the moment i switch from Mqtt 1.x to Mqtt2.x binding and wonder why it get so complicated (to get fancy ui integration) and dont forward the clean&easy way.

The new MQTT architecture has been realized in an easy extensible, modular way. The different bundles are fully test covered to live up to the high coding standards of openHAB.

If there are empty drive slots on your Synology NAS, you can install additional drives and add them to an existing storage pool. This article guides you through how to expand an existing storage pool by installing additional drives.

Kifarunix is blog dedicated to providing tips, tricks and HowTos for Nix enthusiasts; Command cheat sheets, monitoring, server configurations, virtualization, systems security, networking…the whole FOSS technologies. The major aim of all this is to share our Nix skills and knowledge with anyone who is interested especially the upcoming system admins. Stay connected and let us grow together.

IPv6 Uptake
IPv6 Users per AS
IPv6 Relative Performance
DNSSEC RSA Validation
DNS Resolver use
Users per AS

Sample apps are examples of working code that you can browse, run, and learn from to get started developing your own Google Cast app.

Etalab accompagne l’ouverture des données publiques de l’État et des administrations. À ce titre, Etalab développe et anime la plateforme ouverte des données publiques data.gouv.fr, plateforme qui héberge les jeux de données et recense leurs réutilisations.

LTB project is a compilation of tools for LDAP administrators, to ease their rough life:

Monitoring: Nagios and Cacti scripts
OpenLDAP packaging and extensions
Scripting: LDAP massive batch operations
Self Service Password: Web interface to change password
White Pages: Web interface to browse entries
Service Desk: Web interface to check, unlock and reset passwords

Setting up a PI 3 for Docker is already described in several posts on the great wide internet. Below I will describe the method I used including the links for that. No need to reinvent the wheel now is there!

The NetSA Security Suite network sensing architecture is comprised of four major subsystems described below: sensor, collector, analysis, and alerting. These subsystems interconnect in order to collect, process, store, and analyze network communications.

A community making great, flexible, user-friendly manuals together.
We create booklets, course materials and manuals for creative, cultural and campaigning uses of Free Software.

OpenTAXII is a robust Python implementation of TAXII Services with a rich feature set and extensible, code-level APIs.

Enjeu et priorité stratégique, la cyberdéfense est garante de la souveraineté nationale. Avec de nombreux acteurs, le ministère des Armées participe activement à la protection et à la défense des systèmes d’information dans le cyberespace.

This reference provides the following API documentation for send and receiver applications.

Since 2013, Backblaze has published statistics and insights based on the hard drives in our data center. You'll find links to those reports below. We also publish the data underlying these reports, so that anyone can reproduce them. You'll find an overview of this data and the download links further down this page.

Repair saves you money. It saves the environment. And it connects us to our things. Ditch the throwaway economy.

LIRC is a package that allows you to decode and send infra-red signals of many (but not all) commonly used remote controls.

Recent linux kernels makes it possible to use some IR remote controls as regular input devices. Sometimes this makes LIRC redundant. However, LIRC offers more flexibility and functionality and is still the right tool in a lot of scenarios.

The most important part of LIRC is the lircd daemon which decodes IR signals received by the device drivers and provides the information on a socket. It also accepts commands for IR signals to be sent if the hardware supports this.

The user space applications allows you to control your computer with your remote control. You can send X11 events to applications, start programs and much more on just one button press. The possible applications are obvious: Infra-red mouse, remote control for your TV tuner card or CD-ROM, shutdown by remote, program your VCR and/or satellite tuner with your computer, etc. Using lirc on Raspberry Pie is quite popular these days.

The information resource for all wireless device applications filed with the FCC.

CellMapper is a crowd-sourced cellular tower and coverage mapping service.

Explore the Digital Collections

Browse hundreds of high-resolution drawings and photographs.

Page through the Past

View the Loubat Codices in the Ancient Americas Codex Viewer

Python 2.7 will not be maintained past 2020. Originally, there was no official date. Recently, that date has been updated to January 1, 2020.

To test the HA crossover connection, here are some commands to verify that your crossover is working and sending data.

Online tool for Whois lookups

MQTT Explorer is a comprehensive MQTT client that provides a structured overview of your MQTT topics and makes working with devices/services on your broker dead-simple.

The "open Home Automation Bus" (openHAB) is an open source, technology agnostic home automation platform which runs as the center of your smart home. Besides 200 other add-ons for all kinds of technologies, openHAB provides an MQTT add-on ("binding") to interface with systems like Tasmota.

By following the guide below you'll be able to observe, control and manage your Tasmotamodules from your openHAB system. If you are new to openHAB, please learn about the basic concepts and the initial setup. The below article will not cover any basics which are out of scope to the Tasmota integration.

We need to connect to the serial programming interface of the ESP8266 chip. This is done by connecting our serial-to-USB converter TX and RX pins to the ESP8266 RX and TX pins and powering the chip with the 3.3V and GND pins.

We consolidate location and information of wireless networks world-wide to a central database, and have user-friendly desktop and web applications that can map, query and update the database via the web.

We currently accept files in any of:

DStumbler: text output
G-Mon: .kml, .txt output
inSSIDer: kml output
Kismac: native (.kismac), text, kml output
Kismet: .csv, .xml, .netxml, .gps, .gpsxml, .nettxt, CWGD output
MacStumbler: plist xml, wiscan format
NetStumbler: native (.ns1), text, wiscan, summary
Pocket Warrior: Text output
Wardrive-Android: kml output
WiFiFoFum: kml, kmz output
WiFi-Where: ns1, kml, csv output. Now available on Cydia (iphone/ipad jailbreak)
Wigle Wifi Wardriving: csv output
Consolidated.db: This is an sqlite file that is synced from an iphone/ipad to a host computer (prior to iOS 4.3.3).

Morphologie
Lexicographie
Etymologie
Synonymie
Antonymie
Proxémie
Concordance

Robert Downey Jr. hosts a brand new YouTube Originals series - The Age of A.I. Discover the most innovative and leading technologies that will change the world forever.

Apache Lounge is all about the Apache Web Server provided by the Apache Software Foundation (ASF) HTTPD Server Project. Apache Lounge has provided up-to-date Windows binaries and popular third-party modules for more than 15 years. We have hundreds of thousands of satisfied users: small and big companies as well as home users.

Please note, changing your handset’s IMEI number may void warranty or break the law. As far as I know, it’s strictly prohibited to change any phone’s IMEI number in the UK. So always refer to your user manual and local law, you are responsible for any action you take.

Overviews of protocols involved in Internet of Things devices and applications. Help clarify with IoT layer technology stack graphics and head-to-head comparisons.

This page contains download links for the latest released version of PuTTY.

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

How to deternine what QRadar processes are using the most resources.

Is there a command I can run as a customer to help me understand when a certain process is running out of memory?

urlscan.io is a service to scan and analyse websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc) requested from those domains, as well as additional information about the page itself. urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations.

Finally, urlscan.io will try to make a verdict whether the scanned website is considered malicious or suspicious. If the site is targeting the users one of the almost 400 brands tracked by urlscan.io, this will be shown in the scan results.

A README is a crucial but basic way of documenting your project. While every project should at least have a README, more involved ones can also benefit from a wiki or a dedicated documentation website.

Open source licenses grant permission for anybody to use, modify, and share licensed software for any purpose, subject to conditions preserving the provenance and openness of the software. The following licenses are sorted by the number of conditions, from most (GNU AGPLv3) to none (Unlicense). Notice that the popular licenses featured on the home page (GNU GPLv3 and MIT) fall within this spectrum.

iBraining offer some quality brain games to help you to improve your memory/brain. It let you follow your progression in the time, by displaying some statistics about your evolution in each game.

The classic infinitely zooming painting from 2007, now in HD!

Que ce soit pour un pseudo, un personnage de jeu, de roman, pour un animal, ou même pour un enfant, les occasions de trouver un nom sont...

Get a free anonymous secure temporary disposable email address to beat spam. Avoid spam with a free secure e-mail address.

Un jeu d'exploration virtuel en CE2-CM1-CM2.

The Useless Web Button... just press it, and find where it takes you.

This document provides administrators and engineers guidance on securing Cisco firewall appliances, which increases the overall security of an end-to end architecture. The functions of network devices are structured around three planes: management, control, and data. This document is structured around security operations (best practices) and the three functional planes of a network. In addition, this document provides an overview of each included feature and references to related documentation. For the purposes of this document, all mentions of "Cisco firewall" refer explicitly to the Cisco ASA Adaptive Security Appliances, though the concepts may apply to other firewall and security devices.

Ce service vous fournit les horaires d’arrivée en gare des trains Transilien des trois derniers jours – les horaires des trains ayant circulés la veille sont disponibles dès 8h00 – Il vous permet d’éditer vos bulletins en cas de retard.

docs.microsoft.com est le site qui regroupe la documentation Microsoft pour les utilisateurs finaux, les développeurs et les professionnels de l’informatique. Consultez nos démarrages rapides, tutoriels, références sur les API et exemples de code.

What is the impact of initiating a Deploy Full Configuration on QRadar systems?

The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform.

If you are new to the NetSA Security Suite, start with this overview of the components that comprise the NetSA Security Suite and their inter-operation.

CERT is a part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University.

Visit some of our other Support 101 Pages created specifically to assist customers in answering questions and reach a faster resolution to QRadar topics. We continually work to add more content to deliver value to our customers. These topics can be accessed from any of the QRadar 101 pages top menu bar.

Features:

• ipv4 allocation table
• some registration data of all assigned and allocated blocks
• AS information and announced own prefixes
• geolocation data for ipv4 addresses
• all domains for ip address

Limitations:

• 500 requests from registered users within 24 hours.
• 200 requests from one ip address within 24 hours for unregistered users.

Data sources:

• registered blocks: regional registers: RIPE NCC, ARIN, APNIC, LACNIC, AFRINIC
• BGP table: Route Views Project
• Geolocation data: NetLoad, MAXMIND, IpGeoBase.ru, local additions. This site or product includes IP2Location LITE data available from http://lite.ip2location.com.
• Icons: Fugue Icons
• Flags: flags.blogpotato.de and Maxmind
• Social icons: komodomedia

I am curious as to what is the average size or my events for disk space estimates. Is there a method to determine this in QRadar?

General overview of the Event Pipeline and Processes

Syslog Watcher installs a dedicated syslog server, integrating log data from multiple network devices into a single, easily manageable and accessible place. Collecting and analyzing syslogs is essential for maintaining network stability and auditing network security.

If your organization is using a security incident and event management (SIEM) server, you can integrate Office 365 Advanced Threat Protection with your SIEM server. SIEM integration enables you to view information, such as malware or phish detected by Office 365 Advanced Protection, in your SIEM server reports. To set up SIEM integration, you use the Office 365 Activity Management API.

To uniquely identify the fields that you want to extract from a JSON object, your JSON expression must follow specific JSON keypath conventions.

Picard est un marqueur de fichiers audio multi-plateformes écrit en Python. Recherche acoustID et gestion d'audiothèque.

This is a nice question.

As a matter of fact, tcpdump is the first software found after the wire (and the NIC, if you will) on the way IN, and the last one on the way OUT.

Wire -> NIC -> tcpdump -> netfilter/iptables

iptables -> tcpdump -> NIC -> Wire
Thus it sees all packets reaching your interface, and all packets leaving your interface. Since packets to port 53 do not get a reply, as seen by tcpdump, you have successfully verified that your iptables rules have been correctly configured.

EDIT

Perhaps I should add a few details. tcpdump is based on libpcap, a library which creates a packet socket. When a regular packet is received in the network stack, the kernel first checks to see whether there is a packet socket interested in the newly arrived packet and, if there is one, it forwards the packet to that packet socket. If the option ETH_P_ALL is chosen, then all protocols go thru the packet socket.

libpcap implements one such packet socket with the option activated, keeps a copy for its own use, and duplicates the packet back onto the network stack, where it is processed by the kernel in the usual way, including passing it first to netfilter, the kernel-space counterpart of iptables. Same thing, in reverse order (i.e., first netfilter then last the passage thru the packet socket), on the way out.

Is this prone to hacking? But of course. There are certainly proof-of-concept rootkits using libpcap to intercept communications destined to the rootkit before the firewall can lay its hand on them. But even this pales in comparison with the fact that a simple Google query unearths working code hiding traffic even from libpcap. Still, most professionals think the advantages vastly outweigh the disadvantages, in debugging network packet filters.

The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.

JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library.

JD-Core, JD-GUI & JD-Eclipse are open source projects released under the GPLv3 License.

Bienvenue sur le site du Catalogue Microsoft Update. Nous tenons à recevoir vos commentaires ! Visitez notre groupe de discussion ou envoyez un courrier électronique pour nous faire part de vos idées et suggestions. Pour commencer à utiliser le site, entrez les termes à rechercher dans le champ Rechercher ci-dessus ou visitez notre FAQ pour y trouver des conseils.

kernel 4.19.23

built with woofce using ubuntu 18.04 bionic beaver packages & various .pet packages.

All the usual packages (many updated)... palemoon, deadbeef, quickpet, pburn, jwm ,change_kernels, gnumeric, abiword, mpv, samba, jwmdesk, geany, simple screen recorder, mtpaint, dunst, transmission, pkg, uget, osmo etc.

Some new stuff ...
woodenshoe-wis rox filer. rox now has copy and paste!
compton compositor set up as default. adds subtle shadows to windows and menus.
matching JWM, GTK2 & GTK3 themes
claws-mail now has a tray icon.
steps findnrun now default in tray
rg66 & geoffreys tweaked retrovol
ffconvert swapped for qwinff
homebank is back.
sunfish chess
guvcview
redshift-gui
janky_BT bluetooth
gpick instead of gcolor
take a shot instead of screeny

The Core Project, as suggested by our name, is not a turnkey desktop distribution. Instead we deliver just the core Linux from which it is quite easy to add what you want. We offer 3 different x86 "cores" to get you started: Core, TinyCore, and our installation image, CorePlus.

Swiss File Knife - A Command Line Tools Collection
combines many functions in a single, portable executable that belongs onto every USB stick. Search and convert text files, instant simple FTP/HTTP server, find duplicate files, compare folders, treesize, run own commands on all files of a folder - it's all within a single tool.

Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. So we decided to roll our own. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters. Note that it works under Windows 95 as well.

If the other solutions listed above won't work, then try the Emergency Password Reset Script. It is not a Plugin. It is a PHP script.

We’re back with the latest iteration of users discovering things on their network via Pi-hole. This post is a compilation of things users have discovered over the past year. Some were bad, some were interesting, and some were enlightening. This isn’t the first time we’ve written a post like this, but we will try to go into more detail about what people have discovered and group together similar discoveries. Below you’ll find previous renditions of this type of post.

This site provides free technical training for IBM Security products. You can explore the course catalog and build your own curriculum by enrolling in courses.

The content below includes a list of all technical notes published under QRadar by category and sorted by popularity. Users can expand or collapse each section below using the + / - buttons. As new documentation is released, this content will be updated and new articles added. Click Expand All before starting a CTRL-F search.