<neggles> stintel / dwfreed: fwiw I do have a 4090
<dwfreed> stintel's almost done with the 8 char ascii
<dwfreed> 32 hex chars is impossible regardless of what GPU you have
<neggles> yeah thats what i was about to say
<\x> based 4090 enjoyer
<\x> I hope you paired it with a well tuned cpu and memory
<stintel> how many 4090s would you need to make that possible :P
<dwfreed> more than the number of 4090s that will ever exist
<neggles> \x: 7950X and 64GB of 6000 CL20
* neggles does it properly the first time these days
<stintel> only 64GB? :P
<neggles> DDR5 is *expensive* dude
<neggles> I was not going to spend $2400 on RAM
<dwfreed> especially 6000
<neggles> 2x32 kits of 6000 were $1200 and aren't a lot cheaper now
<neggles> technically I got 5600 CL18
<neggles> CL28?
<\x> dont worry too much on ram size
<neggles> sorry yeah CL30 not 20
<\x> actually its better to have less for speed
<\x> less ram you have better performance could be attained most of the times
<neggles> depends, but going above 6000MHz on ryzen 7000 is a losing battle
<\x> ive seen 6400 on 2 dimmers
<\x> needs a lucky cpu oftc
<neggles> yeah but the performance boost from the faster RAM is mostly lost from the FCLK mismatch
<\x> ofc
<neggles> 6000MHz runs FCLK 3:1 which works quite well
<neggles> and I have 4 DIMMs so much higher was never happening :P
<dwfreed> stintel: if you had 2.5 thousand trillion (10^21) 4090s, it would still take you a month to scan the entire 32 char hex space
<stintel> welp :P
<neggles> 16 options per slot, 32 slots
<neggles> 3.4028237e+38 combinations
<stintel> yeah that number I got but was too lazy to do the math for the rest :P
<stintel> thanks
<dwfreed> oh, thousand trillion is also known as sextillion
<neggles> shame it wasn't sha256
<neggles> then you could reuse bitcoin ASICs :P
<dwfreed> heh
<stintel> I'm off to bed, almost 4:00
<dwfreed> pft
<neggles> 213083729851004000000 years
<Habbie> pft
<neggles> with one card
<stintel> did a PR to enable GSSAPI in bind, which is needed for Samba4 AD DC, at least with the internal DNS backend
<neggles> just goes to show, the most important thing for password security has always been "make it longer"
<stintel> and wrote down a bunch of things I need to report, bugs I hit during server migration
<stintel> neggles: yeah
<neggles> s'why microsoft/NIST/ACSC/etc all just say "require at least 12 characters, preferably 16, don't restrict what people can use" now
<neggles> in my experience the most helpful thing is teaching people that space is a legal character in a password
<Habbie> that's a good summary
<Habbie> of course CorrectHorseBatteryStaple is okay too
<Habbie> but that again shares some of the problems with the other case (the upper half of the comic)
<neggles> we built a fairly simple password generator at work for when we reset users' passwords or create new accounts
<neggles> picks four words out of the 5,000 most commonly used words in english, with some filtered out just to prevent horrors
<neggles> (these are all used with "force password change on first login")
<neggles> but we've had a lot of users reply with "...wait, you can have spaces in there?"
<dwfreed> that's still 2^49 possibilities
<Habbie> xkcd says 44, but i don't know how long that list of common words was
<neggles> it's a pool of just under 5000 words, started with 6000, stripped everything less than 4 characters, swearwords, stuff like "kill" etc
<Habbie> so you're likely right :)
<neggles> and there's a sanity check at the end to make sure it's at least 21 characters so it won't pick four 4-letter words
<Habbie> i'm reminded of the first graphical password prompt i ever wrote, which would light up half of a key if you got the first half right
<Habbie> in my defense, i was 13
<neggles> eh
<neggles> this was an improvement over using "ChangeMeClient2023!"
<Habbie> hah yes
<neggles> we've also turned off password expiration, mandated MFA, and set minimum pw length to 16 for all but a couple of stubborn clients who are at 12
<Habbie> <3
<dwfreed> neggles: would take 3.5 hours for a 4090 to crack if it was a sha1 hash
<dwfreed> but that requires stealing the hash
<dwfreed> vs online attack
<dwfreed> (and also being a sha1 hash)
<neggles> yeah online attack won't work
<neggles> more than a handful of incorrect attempts and it gets locked and we get a ticket opened about it
<dwfreed> right
<neggles> how many is variable, ask AAD Password Protection (which also does some nice things like check against the pwned passwords list and a list of keywords associated with the client's business)
<neggles> plus the attack window is very small, matter of hours
<Habbie> great when you're small enough that you can just go for "5 strikes and you're out" instead of having to implement something complex that considers location etc.
<neggles> it does consider location etc
<Habbie> ok
<Habbie> but still locks pretty quickly
<neggles> yes
<Habbie> my coworker implemented such a system
<Habbie> he discovered some fun things i didn't think of before
<Habbie> like, if somebody enters the -same- wrong password 10 times, that's probably just their old phone, and it's not a problem
<neggles> well and if you're *not* a brand new user you can reset it yourself by supplying 2 MFA methods, one of which must be MS Authenticator or a U2F key
<neggles> unless you're an exec, then it's two MFA methods and approval from our on-call tech
<Habbie> :)
<neggles> and you get *one* incorrect password attempt if you're outside australia for the majority of our clients
<Habbie> ack :)
<neggles> and for one client, self-service password reset will only work from a device we have under MDM :D
<Habbie> hah
<Habbie> ok, bed
<Habbie> have a good rest of day :)
<neggles> it has taken me *five years* to get to this point and, well, the only clients who've had breaches in the last year are ones who refused to do it until said breach :P
<neggles> fairo, g'night :P
<neggles> (...and the one who had a shared account with more permissions than it should've had, with a password of 'bubble2', when they are a bubblewrap company...)
<Habbie> lol
<neggles> luckily they got in an hour after the daily backup ran & it was some kid in Queensland who had no idea what they were doing, but jeez... they use U2F tokens for shared accounts now :D
<neggles> anyway
minimal has quit [Quit: Leaving]
floof58 has quit [Remote host closed the connection]
floof58 has joined #openwrt-devel
danitool has quit [Ping timeout: 480 seconds]
tSYS has quit [Quit: *squeak*]
tSYS has joined #openwrt-devel
rua has quit [Quit: Leaving.]
valku has quit [Quit: valku]
rua has joined #openwrt-devel
dansan has quit [Remote host closed the connection]
rua has quit [Quit: Leaving.]
matoro has quit [Quit: ZNC 1.8.2 - https://znc.in]
matoro has joined #openwrt-devel
tatel has joined #openwrt-devel
<tatel> Hi, I would need help with imagebuilder
<tatel> It fails to buil images: missing directories
<tatel> openwrt/ImageBuilder/staging_dir/target-mips_24kc_musl/root-ath79': No such file or directory
<tatel> staging_dir/host/bin/mklibs", line 421, in <module>
<tatel> inode = os.stat(prog)[ST_INO]
<tatel> FileNotFoundError: [Errno 2] No such file or directory: 'mips-openwrt-linux-musl'
Tapper has joined #openwrt-devel
device has quit [Quit: ZNC - https://znc.in]
dev1ce has joined #openwrt-devel
dansan has joined #openwrt-devel
rua has joined #openwrt-devel
tatel has left #openwrt-devel [#openwrt-devel]
rua has quit [Remote host closed the connection]
rua has joined #openwrt-devel
wvdakker_ has joined #openwrt-devel
wvdakker has quit [Ping timeout: 480 seconds]
wvdakker_ is now known as wvdakker
robimarko has joined #openwrt-devel
rua has quit [Quit: Leaving.]
danitool has joined #openwrt-devel
floof58 has quit [Remote host closed the connection]
floof58 has joined #openwrt-devel
Borromini has joined #openwrt-devel
rua has joined #openwrt-devel
Borromini has quit [Remote host closed the connection]
Borromini has joined #openwrt-devel
Tusker has quit [Remote host closed the connection]
rua has quit [Quit: Leaving.]
KGB-2 has quit [Remote host closed the connection]
KGB-2 has joined #openwrt-devel
Borromini has quit [Ping timeout: 480 seconds]
rua has joined #openwrt-devel
hexagonwin has quit [Ping timeout: 480 seconds]
hexagonwin has joined #openwrt-devel
dangole has joined #openwrt-devel
Borromini has joined #openwrt-devel
<swalker> updated openwrt/upstream, https://sdwalker.github.io/uscan/index.html
<soxrok2212> robimarko: i know you posted a wiki link to add a buildbot builder. is 4 cores enough? i have an 8c/16t server only
Acinonyx_ has joined #openwrt-devel
csharper2005 has joined #openwrt-devel
csharper2005 has left #openwrt-devel [#openwrt-devel]
Acinonyx has quit [Ping timeout: 480 seconds]
olitv_ has joined #openwrt-devel
csharper2005 has joined #openwrt-devel
csharper2005 has quit [Read error: Connection reset by peer]
olitv_ has quit []
Borromini has quit [Ping timeout: 480 seconds]
Borromini has joined #openwrt-devel
minimal has joined #openwrt-devel
shoragan has quit [Quit: quit]
shoragan has joined #openwrt-devel
<f00b4r0> the coverage range that the old qca953x devices provide never cease to amaze me. I just set a new personal record at 300m, through at least one building wall and vegetation, from a tiny AP with shitty PCB F-antennas. Impressive.
<hurricos> nothing beats ath9k
<f00b4r0> seems so
<hurricos> well, lots of things beat ath9k. It's just a great 802.11n implementation
<f00b4r0> heh
<f00b4r0> what impresses me even more is that I wasn't even in direct LoS: uneven terrain had a hump between the device and the AP
<stintel> the key is "no firmware" ;)
<Borromini> :)
<f00b4r0> stintel: heh, indeed ;)
<hurricos> Sounds like M300 is locked by new bootloader? I know P-series CPUs read pins in the bootrom to forumate the RCW and change boot media, sounds like the T-series must not :(
<f00b4r0> hurricos: locked?
<hurricos> from stintel / hauke up there talking about the new u-boot password.
<hurricos> Does the M300 have presoldered JTAG? I haven't got a full board image
<f00b4r0> don't remember seeing a connector or a footprint
<hurricos> and I see no obvious 2x8 other than J2
<hurricos> That sucks
<stintel> it's not locked
<stintel> you can end up in u-boot shell by installing OpenWrt on the sd card
<stintel> we were just looking for ways to avoid opening the box
<hurricos> Oh, cool!
<hurricos> OK, that makes perfect sense
<hurricos> phew
<stintel> I'm happily running dual M300 in an HA OpenWrt setup :)
<stintel> for ~1.5y
<hurricos> I was worried they overreacted to that vulnerability they had in like 2021 and pushed a locked down u-boot to their hardware
<hurricos> read as, cut off supply >:(
<aiyion> If you found a way, I'd really liked to know about it. I spent an evening without success on keeping it closed.
<stintel> contacted an ISP here that offers 2000/2000, but after their initial response and my reply to that, didn't hear from them again
<stintel> so I have no real incentive to replace the m300s yet ;p
<stintel> well, the fact that fman uses firmware, maybe
<stintel> but it's a fine device, rackmount, has standard PSU so easily replaceable, rj45 console port, ...
<aiyion> The day that thing does not drop my batman-adv traffic, I'll chime in ;)
<stintel> :P
<stintel> yeah it would be a cool project to figure that out
<f00b4r0> hmm, luci bites me again
<f00b4r0> adding a new ssid, trying to associate with an interface that's not a bridge, does not automatically create the bridge. Fail :(
<stintel> maybe making the vanilla kernel work with the userspace fmc (?) tool would not be that hard
<SlimeyX> my girl misplaced her old macbook for a few years, found it the other day https://imgur.com/a/KHQcZOS
<stintel> also maybe we should document that batman might not work with dpaa/fman based devices
<aiyion> stintel: I'll focus on my exam phase the next weeks, but If there's something to test, I can provide results.
<stintel> aiyion: I have no time to work on that anytime soon, moved to different project at work, no longer involving OpenWrt
<aiyion> Maybe I'll bug you with that again, when I'm done with the phase and try to do it myself ;)
<stintel> currently busy migrating some stuff to other hardware at home, after that I need to make a new "home" vlan, isolated from my company vlans, but with the smart tv, chromecasts, home automation etc accessible for the gf
<stintel> (she's now limited to the guest network and can't access anything but the Internet)
<f00b4r0> stintel: if you do decide to get rid of your m300s, do ping me ;)
Borromini has quit [Ping timeout: 480 seconds]
<stintel> f00b4r0: will try to keep it in mind!
<f00b4r0> thx!
<stintel> yw
<stintel> I replaced the PSU in both, they use a bit less power since doing that, don't remember the numbers though
valku has joined #openwrt-devel
<stintel> and one of the old PSUs is running my esp32 controller 6x PWM fans in my rack
<stintel> the other one was DOA
<stintel> got a partial refund from the seller
<stintel> I tried to get them to refuned the full price for a 2nd hand replacment PSU but then they said "you can ship everything back for a full refuned"
<stintel> but I really wanted to keep them ;)
<stintel> wtf refuned, twice
* stintel steps awaye from the computer
<f00b4r0> ;)
<robimarko> soxrok2212: f00b4r0 and ynezz can tell you
<f00b4r0> soxrok2212: 4c won't get you anywhere I'm afraid.
<f00b4r0> besides it's not just the number of core, you need a sizeable amount of memory, plus storage
floof58 is now known as Guest2790
floof58 has joined #openwrt-devel
Guest2790 has quit [Ping timeout: 480 seconds]
indy has quit [Ping timeout: 480 seconds]
swegener has quit [Quit: leaving]
T-Bone has joined #openwrt-devel
f00b4r0 has quit [Read error: No route to host]
f00b4r0 has joined #openwrt-devel
T-Bone has quit [Read error: Connection reset by peer]
<soxrok2212> f00b4r0: 8c helpful?
<soxrok2212> i have plenty of ram and storage
<soxrok2212> 8tb ssd, i can cut out a chunk of that
<f00b4r0> 8c is always better than 4c. How about you describe your hardware more precisely though?
<f00b4r0> a buildbot will chew through ssd like butter, fwiw
<soxrok2212> i7-7820x, 64gb ram, 8tb ssd running on proxmox
<soxrok2212> i also have a few tb of hdd space
<f00b4r0> that's ok-ish. At the end of the day I'm not the one making the decision anyway, you'd have to ask ynezz
<f00b4r0> i'd suggest grabbing a fresh tree, getting say https://downloads.openwrt.org/releases/22.03.3/targets/ath79/generic/config.buildinfo as your local .config, running make defconfig, make world -j`nproc` and timing how long that takes. That'll give you a somewhat meaningful reading of your setup performance vs current bots
soxrok2212 has quit [Read error: Connection reset by peer]
<f00b4r0> the baseline for this config is about an hour.
<Znevna> 1 hour including the toolchain?
<f00b4r0> i would also recommend you pay attention to your energy meter during the build ;P
<f00b4r0> yes
<Znevna> geez
<Znevna> :P
<Znevna> ok
soxrok2212 has joined #openwrt-devel
<soxrok2212> well hey, just offering some resources :)
<f00b4r0> see https://buildbot.openwrt.org/openwrt-22.03/images/#/builders/72/builds/219 1h22, on a comparable 8 proc builder
swegener has joined #openwrt-devel
<f00b4r0> soxrok2212: it's kind of you and much appreciated, I just want to highlight all pitfalls, because a new resource that is added to the pool only to be removed and/or being on-and-off due to admin realizing the true cost of running an openwrt buildbot is not ideal.
<soxrok2212> understood :) thanks for the input!
<f00b4r0> these resources are typically expected to be available (and crunching) 24/7, so there's that too.
<f00b4r0> last important point is your internet pipe
<f00b4r0> anything below 50/50 is going to be rather underwhelming, to put it nicely :)
minimal has quit [Remote host closed the connection]
<soxrok2212> will have symmetric 1g soon
Borromini has joined #openwrt-devel
aiyion has quit [Ping timeout: 480 seconds]
aiyion has joined #openwrt-devel
minimal has joined #openwrt-devel
rua has quit [Remote host closed the connection]
rua has joined #openwrt-devel
<f00b4r0> hmm wth. bridge device declared with one eth iface, comes up without the eth as bridge member
<f00b4r0> Error: Unknown error (DEVICE_CLAIM_FAILED)
<f00b4r0> manually adding the iface works. /me scratches head
<Znevna> boy that RT-AX1800HP PR is copy pasta from AX53U
Borromini has quit [Quit: Lost terminal]
robimarko has quit [Quit: Leaving]
<hauke> Znevna: if the devices are very similar they can also share a common dtsi
<hauke> I haven#t looked closely into the pull request