This is a joke, I didn’t really lock myself out
Happened to me once. Had a little Pi at my parent’s house and that was a nice excuse to visit them.
Except when you get there and don’t want to talk or do all the meeting and greeting until you know the server still works.
deleted by creator
even worse. I regularly have to get up out of my chair and go down 2 stairs.
Also this took a while to find, but : https://sourceforge.net/p/shorewall/svn/HEAD/tree/branches/4.2/Samples/one-interface/shorewall.conf
ADMINISABSENTMINDED=YesIs an actual setting in the config for the (now apparently unmaintained) Shorewall Firewall software/tool for linux.
If I remember correctly, it always checks on firewall rule changes if there is an active connection on port 22, and adds a special rule at the end to maintain that connection.
They don’t build them like they used to anymore.
They don’t build them like they used to anymore.
Well if we did, the way it works would be by telling a chatbot to enable ssh on port 22 at the end.
What’s really fun is hearing “oh shit” from the UPS maintenance tech followed by darkness and silence.
Console
Fuck, that is really good wordplay.
Most secure box is the one that does nothing.
I try to remember to always open two SSH connections when altering iptables or the ssh config - just in case
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
Most data centers have some kind of service where you can request a KVM to be connected to the server. It’s not instant as an actual human has to do so but a lot sooner than another human driving long distance. I guess in this case, it’s a mid size company that is big enough to have multiple locations yet small enough to still manage to use on-premise infra instead of data centers.
I guess some smaller companies might have simpler setups they self-host
iptables default DENY and flush the rules. Done by at least two people I know (then me) at the same company. Led to them moving the servers in-house and virtualizing some services to connect to the hypervisor. It does happen though.
This is precisely the problem that deploy-rs solves!
why is everything in rust now
It’s easy to write, easy to build, produces lightweight and fast executables, and the type system is great. Why not rust?
Rust does not have an ABI. Everything is linked into the executables. I would not call them lightweight.
A standard Docker container with a NodeJS/PHP/Python app is usually around 200-300 MB (yes really), the OpenJDK JVM is around a hundred MB, but a fully statically compiled rust binary that doesn’t even depend on libc is just a couple MB and can be deployed as a tiny distroless Docker container.
It’s a lot heavier than your 8kb C++ executable but it’s nothing compared to what is required to deploy anything else.
Oh, so it’s inconvenient for GPL-circumventers, too? That just sounds better and better.
To me, it is mostly a real blocker for using it in some embedded Linux devices due to size constraints, otherwise I personally would be using it extensively.
I’m having a hard time imagining this Goldilocks embedded device that is simultaneously big enough to run Linux (so not an actual microcontroller), yet too small for a few megabytes worth of statically-linked libraries. Got an example?
i feel that. Hetzner support has a special place in my heart
That is why I always put any:any for ssh on all my firewalls!
Rescue mode with networking, mount drive, make changes and reboot.
good reason to take a day out, will tell it to my boss.
Nice drive to clear your head.
No connection, no hackers.
deleted by creator
