lynxy's recent activity

  1. Comment on Tildes Gardening Group: Week 3/5/26 in ~hobbies

    lynxy
    Link
    Not a lot from this end- I'm down to one lavender seedling, but it's looking quite robust, so I'm honestly not too worried. We have managed to root some sweet (Thai?) basil which we got as...

    Not a lot from this end- I'm down to one lavender seedling, but it's looking quite robust, so I'm honestly not too worried. We have managed to root some sweet (Thai?) basil which we got as cuttings for a salad, which will complement the number of holy (I think?) basil plants which I have managed to propagate.

    The strawberries are moving slowly, but still alive. I think I just need to water them more often. They're in a large balcony planter, and they're only a centimeter or two tall each, and I think the amount of soil dries quickly in this early summer heat.

    And lastly, I've been dumping tomato plants on any neighbours who will take them. I had close to 26 germinate and survive to a reasonable size, and it's just too much for me. I only need 4- 2 of each kind. Luckily my neighbours seem to be quite happy to receive free plants for their balconies. And it gives me a good opportunity to practice my German (I have the A1 exam on Tuesday, and then we'll be moving onto A2/1 before the end of semester). I might have to start giving out succulents, too, as mine are dropping so many leaves which each bud into a new plant if I give them water. They're cute, and relatively hardy.

    2 votes

  2. Comment on Happy Birthday David Attenborough, 'the voice for nature,' turns 100 in ~enviro

    lynxy
    Link
    I had no idea that both Obama and Billie were a part of the royal family? On a more serious note- I grew up on Attenborough documentaries. His voice, and his approach to nature, were and are a...

    Counting Britain's royal family, Barack Obama and pop star Billie Eilish among his admirers..

    I had no idea that both Obama and Billie were a part of the royal family?

    On a more serious note- I grew up on Attenborough documentaries. His voice, and his approach to nature, were and are a formative part of who I am. I wish him good health for as many years as he wants, and given his love for his work, I'm sure he wants many more.

    8 votes

  3. Comment on Trying to find other uses of a specific sample in ~music

    lynxy
    (edited )
    Link
    It, or a similar sample, seems to also be used in "Game" by Rizha. I don't know if this helps with your search. Edit: A Reddit comment links to the following broken NASA archive link, commenting...

    It, or a similar sample, seems to also be used in "Game" by Rizha.

    I don't know if this helps with your search.

    Edit: A Reddit comment links to the following broken NASA archive link, commenting that it is a "ringtone" from or for the Astronaut known as Cooper. Unfortunately the archive links all seem to be a little messed up.

    2 votes

  4. Comment on Linux privilege escalation (CVE-2026-31431) in ~comp

    lynxy
    Link Parent
    I imagine it was fixed in 7.0, but has been backported to 6.19 and 6.18 as of the subversions 6.19.12 and 6.18.22. I would think that 6.19.14 has the fix- the distros have had over a month to...

    I imagine it was fixed in 7.0, but has been backported to 6.19 and 6.18 as of the subversions 6.19.12 and 6.18.22. I would think that 6.19.14 has the fix- the distros have had over a month to respond to the CVE.

    3 votes

  5. Comment on Networking: DHCP+VPN, LAN communication query in ~comp

    lynxy
    Link Parent
    Yes- split tunneling, as you described it, is correct. This is on both Linux and Android. I'm hoping for a solution that would carve out all LAN ranges as described by RFC1918, and work across any...

    Yes- split tunneling, as you described it, is correct. This is on both Linux and Android. I'm hoping for a solution that would carve out all LAN ranges as described by RFC1918, and work across any LAN (no matter what subnet is used, or what IP the gateway has). A solution that is implemented on the network-infra-side would also be acceptable, as I wouldn't have to think about implementing it on all devices I own in the house.

    WG Tunnel sounds like it might be a good tool to look into- I'll pull it and check it out. Thanks!

  6. Comment on ps5-linux-loader: Linux on a PlayStation 5 in ~games

    lynxy
    Link
    I wonder how soon it'll be until we see SteamOS supported- I note that the ps5-linux-image repo states that it:

    I wonder how soon it'll be until we see SteamOS supported- I note that the ps5-linux-image repo states that it:

    Supports Ubuntu 26.04, Ubuntu 24.04, Arch, and Alpine

    4 votes

  7. Comment on Linux privilege escalation (CVE-2026-31431) in ~comp

    lynxy
    Link Parent
    Yeah, unfortunately I think the whole page is AI generated (or at least edited by AI), but this seems to be a legit issue with an actual CVE and the page provides information on what devices are...

    Yeah, unfortunately I think the whole page is AI generated (or at least edited by AI), but this seems to be a legit issue with an actual CVE and the page provides information on what devices are most at risk.

    6 votes

  8. Comment on Linux privilege escalation (CVE-2026-31431) in ~comp

    lynxy
    Link
    The kernel mailing list entry can be found here.

    If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.

    Copy Fail requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives. The kernel crypto API (AF_ALG) ships enabled in essentially every mainstream distro's default config, so the entire 2017 → patch window is in play out of the box.

    The kernel mailing list entry can be found here.

    14 votes

  10. Comment on Networking: DHCP+VPN, LAN communication query in ~comp

    lynxy
    Link Parent
    Oh, totally- I used that site to generate the AllowedIPs chunk above. It just feels somewhat clunky as a solution, and for some reason, one some Linux devices, it causes all sorts of instability....

    Oh, totally- I used that site to generate the AllowedIPs chunk above. It just feels somewhat clunky as a solution, and for some reason, one some Linux devices, it causes all sorts of instability. The PreUp and PreDown technique is also outlined above, but I'm not satisfied that it works as a global solution across different LANs. Maybe I shouldn't be searching for perfect, as always, though..

  11. Networking: DHCP+VPN, LAN communication query

    ~comp Ask (advice)
    Preface: I know not what I talk about. INSTANCE: A Unifi network with multiple VLANs, each with their own subnet. A Linux client that is assigned to a single VLAN, connected to the network via...

    Preface: I know not what I talk about.

    INSTANCE: A Unifi network with multiple VLANs, each with their own subnet. A Linux client that is assigned to a single VLAN, connected to the network via Wi-Fi, and running a full-tunnel Wireguard config which tunnels data to the provider's endpoints.

    QUESTION: While running full-tunnel VPN configurations supplied by a commercial VPN provider, how might the client device talk with other devices on the same (local!) LAN as it is, including devices that are on a different (local!) VLAN, and thus a different subnet?

    Let's say, for instance, that I have the following network architecture:

    Name        Subnet          Gateway     Mask
Internal    10.0.0.0/24     10.0.0.1    255.255.255.0
Hosted      10.5.0.0/24     10.5.0.1    255.255.255.0
Private     10.5.1.0/24     10.5.1.1    255.255.255.0
Guests      10.5.2.0/24     10.5.2.1    255.255.255.0

    I have a device that is connected to the network via Wi-Fi, and is contained within the "Private" VLAN. It can also talk to devices that are in the "Internal" VLAN (by necessity), and devices in the "Hosted" VLAN.

    Once I spin the VPN up, using a configuration gained from OVPN / PIA / NordVPN / whatever, the client can still communicate with devices on the same VLAN as it- for example, if the client is 10.5.1.132, it can still communicate with 10.5.1.42, but it cannot communicate with, say, 10.5.0.11. One would assume that is because the DHCP server has told it that it can access devices within a specific range through the correct gateway- and in-fact, this shows in the IP routing table:

    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         unifi.localdoma 0.0.0.0         UG    1024   0        0 eth0
10.5.1.0        0.0.0.0         255.255.255.0   U     1024   0        0 eth0
unifi.localdoma 0.0.0.0         255.255.255.255 UH    1024   0        0 eth0

    There are, as far as I can tell, a number of solutions for this problem. The first is to not use a full-tunnel VPN, and instead build a set of AllowedIPs which carve out the LAN ranges which you do not want tunneled. This, I think, is known as a split-tunnel VPN. If one wants to carve out all of the possible LAN IP ranges, as specified in RFC1918, it starts to become somewhat cumbersome:

    AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3

    This might be the only solution that currently works on an Android device running the basic Wireguard APK, as found on Github.

    An alternative solution is to carve out the LAN ranges you want to avoid routing through the tunnel using the PostUp/PostDown entries. For example:

    PostUp = ip route add 10.5.0.0/16 via 10.5.1.1 [dev IFNAME?] [metric INT?]
PostDown = ip route del 10.5.0.0/16 via 10.5.1.1

    This would work, on your local LAN, as long as you stay on the same VLAN and can connect to the correct gateway. Unfortunately, Android Wireguard cannot handle PostUp/PostDown entries, AFAICT. Small bother.

    One final solution that I have heard mutterings about is known as "Classless Static Routes", or DHCP Option 121/249. This uses "CIDR" notation, and I'll be honest- here I am a little bit lost. I like the sound of this solution, as it means that I can configure the networking infrastructure itself to provide the required information for valid routing, and not have to faff about with the many, many Wireguard configurations on my devices.

    Does anybody have any experience with this problem? Am I approaching this problem in an entirely stupid way? Is there a better way (insert infomercial here)?

    8 votes

  12. Comment on Looking for early users to try my app in ~tech

    lynxy
    Link
    Just a quick heads-up- I gave the site a read-through, and not once on the primary page is the browser or platform mentioned (unless I have somehow missed it). It would be a good idea to make it...

    Just a quick heads-up- I gave the site a read-through, and not once on the primary page is the browser or platform mentioned (unless I have somehow missed it). It would be a good idea to make it immediately obvious which are supported, and how (browser addon, mobile app, et cetera).

    9 votes

  13. Comment on Any one use mesh networks like mesh core? in ~tech

    lynxy
    Link Parent
    I agree that a backbone of existing infra would massively improve the usability of the network. Maybe I'll try meshcore at some point, though I'll have to check what existing nodes there are...

    I agree that a backbone of existing infra would massively improve the usability of the network. Maybe I'll try meshcore at some point, though I'll have to check what existing nodes there are around me first.

    And, yes. That is exactly the problem with the device. With a GPS lock, it will happily sip from a 2000mah battery over five or six days, but if you keep the device inside anything built better than a shed it will eat the battery in under 24h.

    2 votes

  14. Comment on Any one use mesh networks like mesh core? in ~tech

    lynxy
    Link
    My partner and I played around with some LoRa devices during a con at the start of the year- I had purchased a number of the Seeed Tracker L1 boards, and designed and printed some casings for...

    My partner and I played around with some LoRa devices during a con at the start of the year- I had purchased a number of the Seeed Tracker L1 boards, and designed and printed some casings for them. I deliberately chose meshtastic over meshcore because the latter was giving off the wrong vibes (turf-war nonsense, and astroturfing on forums any time meshtastic came up). Unfortunately, while fun to play around with, they were never reliable enough to be useful. On top of that, the L1 devices would empty their batteries with no GPS lock. I will probably mess around with them again at some point- maybe they have other uses?

    7 votes

  15. Comment on Tildes Gardening Group: Week 13/4/26 in ~hobbies

    lynxy
    Link
    I'm really fucken' struggling with fungus gnats. We've had them for a few months now, and I've tried a number of approaches: Water plants less- let them dry out between waterings. This seems to...

    I'm really fucken' struggling with fungus gnats. We've had them for a few months now, and I've tried a number of approaches:

    Water plants less- let them dry out between waterings. This seems to reduce the number a little, but a couple of plants we have do not like to be dry. Ever.

    One of the many nematode products. This seems to have very little effect on the number of flies. I have tried both top and bottom watering with this (the problem is that the flies seem to reside in both the top surface of the soil, as well as underneath the pots, within the drainage holes).

    Bacillus thuringiensis israelensis (Bti). We tried these early on, after reading anecodal accounts about how effective it was, and how (in plants which do not run-off into the environment, such as potted plants indoors) safe it was. These had the most effect, but did not fully remove the problem, and when the tablets ran out they just came back with a vengeance.

    Other than the flies, which are not damaging, but are a nuisance, the plants have been doing fine. The second lot of strawberries had a 4/8 germination+survival rate, and the seedlings are in the planter, which will go out when they're large enough and when the temperatures are consistently above 10c. We still have.. far too many tomato plants, at roughly 30 of them. I will probably be pestering neighbours about taking one or two when they're big enough. I have a few tiny lavender plants which I have germinated from seeds which I harvested myself, and if they survive long enough then I will have backups for if the main shrub outside ever decides to keel over. The basil is.. fine. Every time I cut a shoot off to use in dishes, and I have too much, I put it in water to keep and some of those cuttings have also spontaneously rooted. We're trying to root a sweet basil that we bought cuttings of from the supermarket for another dish, too.

    1 vote

  16. Comment on METRO 2039 | Official reveal trailer in ~games

    lynxy
    Link
    This feels a little more horror-coded than the gameplay in prior games has felt, to me, but the trailers often do. The series does include a number of unknown phenomena, and I distinctly remember...

    This feels a little more horror-coded than the gameplay in prior games has felt, to me, but the trailers often do. The series does include a number of unknown phenomena, and I distinctly remember (and hate) the spider level in Exodus- though the Caspian was my favorite area in all three games. I'm excited for this entry. I've enjoyed the others immensely.

    4 votes

  17. Comment on No-stack web development in ~tech

    lynxy
    Link
    Something I will always argue for- stacks get products out of the door quicker, at the expense of both the users and the maintainers. Everything I make and host personally requires only HTML5,...

    Something I will always argue for- stacks get products out of the door quicker, at the expense of both the users and the maintainers.

    Everything I make and host personally requires only HTML5, CSS, and vanilla JS. Tens of kilobytes, not multiple megabytes (unless serving large amounts of visual media, of course).

    6 votes

  18. Comment on What programming/technical projects have you been working on? in ~comp

    lynxy
    Link Parent
    I ended up setting up half of the seedbox, and then getting distracted by writing my own dockerfile and accompanying configuration for running llama.cpp, built with SYCL support for the Intel GPU,...

    I ended up setting up half of the seedbox, and then getting distracted by writing my own dockerfile and accompanying configuration for running llama.cpp, built with SYCL support for the Intel GPU, on my rackserver. That works, although it doesn't feel particularly polished and I might be looking at other quantisations of Gemma-4-26B-A4B than the one I am currently using, as well as alternative front-ends than the default one that llama-server provides.

    I also finally got around to spending a little time on improving the coherency of my various domains- my primary and secondary domain have both self-hosted services running on a range of subdomains, and custom REST endpoints for which no fallback web-pages existed. My primary site now catches requests, to each of the subdomains that have only REST endpoints, which aren't within the [URL]/api/v1/ scope, and redirects them to an info page- as well as acting as a friendly failure-and-auto-refresh page for when the above mentioned self-hosted services are unavailable or offline for maintenance. I'm really happy with how clean the solution feels, and how minimal and un-complex it is.

    Now, when clients try to access the base URL for a subdomain which only serves REST, they get a friendly heads up and a prompt to navigate to the correct path, and when upstream services are down, they get a friendly heads-up which doesn't even require interaction to "try again".

  19. Comment on What programming/technical projects have you been working on? in ~comp

    lynxy
    Link Parent
    I appreciate the thoughts, and I hope I don't come across as too fussy for my own good in my response. I've just had a look at qbittorrent-nox, and while it seems like it might be more functional...

    I appreciate the thoughts, and I hope I don't come across as too fussy for my own good in my response.

    I've just had a look at qbittorrent-nox, and while it seems like it might be more functional (certainly more well documented), I'm loathe to lose the TUI interface that I am used to. It feels to me like qbittorrent was built to be client-first, not with the server/client architecture in mind, and so few bittorrent projects provide a modern and clean TUI.

    As for transmission-cli, that is another interesting option! Both transmission and deluge were part of my considerations initially. I'm still not certain about either- there are a number of front-ends for transmission which are either unmaintained or actively in "maintenance mode".

    I'm quite happy with the solution in which a specific user is set up with a bashrc snippet which jails them inside a comprehensive TUI which allows for simple control of active torrents. I'm going to continue to experiment, and perhaps I'll settle on a solution. Thanks for the input!

    1 vote

  20. Comment on What programming/technical projects have you been working on? in ~comp

    lynxy
    Link Parent
    That's so cool! And it tunes the parameters using re-enforcement learning in order to improve the number of handshakes it captures, or the number of devices it "pwns"? I might try setting one up-...

    That's so cool! And it tunes the parameters using re-enforcement learning in order to improve the number of handshakes it captures, or the number of devices it "pwns"? I might try setting one up- I have a bunch of spare Pi Zeros lying around..

    2 votes