HaGeZi blocklist format migration

FYI -

If you use HaGeZi DNS blocklists, they're deprecating their hosts and domains format lists on August 1. After that date, those URLs stop updating from the main repo.

Firewalla users are mostly unaffected. The Unbound and RPZ formats stay put with the same URLs.

The one edge case check - if you run Pi-hole or AdGuard Home behind your Firewalla and you're subscribed to a HaGeZi list in hosts or domains format, swap it for the equivalent RPZ or AdGuard format before August 1.

Browser extension users (uBlock, AdBlock) are not affected.

github.com
u/Great-Cow7256 — 7 days ago

Empress through the lock

I remember taking a trip on one of the gateway clippers when I was very very young and going through the locks, but I haven't seen this recently.

Edit - highland park bridge, taken from allegheny rivertrail park.

The boat turned around right after this, went through the lock again, and headed back downtown.

u/Great-Cow7256 — 12 days ago
▲ 77 r/podman

podman 6.0.0 is out. Has anyone updated from 5.7.x or 5.8.x yet?

massive changelog...

Security

  • This release addresses CVE-2026-57231, where a malicious image using malformed Env entries could cause host environment variables to leak into containers run based on the image, including the ability to use the * glob operator to leak large numbers of environment variables without knowing their exact names (GHSA-4hq8-gpf5-8p68).

Breaking Changes

  • Due to breaking changes in this release, Podman v6.0.0 must be used with Buildah v1.44.0, Skopeo v1.23, Netavark and Aardvark v2.0.0, and configuration files from the container-libs repository's common/v0.68.0 release.
  • Support for BoltDB databases has been dropped. Starting Podman 6 when the BoltDB database is in use will have Podman attempt an automatic migration from BoltDB to SQLite.
  • Support for running on Intel Macs has been removed.
  • Support for running on Windows 10 has been removed.
  • Support for running on cgroups v1 systems has been removed. Please update your system to use cgroups v2.
  • Support for running on iptables has been removed. Please use nftables instead.
  • Support for CNI networking has been removed. Please use Netavark instead.
  • Support for the slirp4netns rootless network stack has been removed. Please use Pasta instead. As part of this, the --network-cmd-path global option, only used with slirp4netns, has been removed.
  • Podman's configuration file parsing logic has seen a major rewrite. Please see this document for exact details.
  • Podman's import path has changed from github.com/containers/podman/v5 to go.podman.io/podman/v6 as part of our move into a CNCF-owned GitHub organization.
  • Network isolation now defaults to enabled, improving Docker compatibility and security. A special workaround for the Docker-compatible API related to isolation being disabled has been removed (#27349).
  • The way the podman quadlet suite of commands functions has been changed. Previously, Quadlets and their associated files were tracked using a .app file, ensuring that removing a Quadlet also removed all associated non-Quadlet files. Now, Quadlets and associated files are placed in subdirectories, which should reduce bugs and make manual management of Quadlets added by podman quadlet install much easier.
  • VMs made by podman machine on Linux now mount volumes from the host using systemd. Volume mounts on existing podman machine VMs on Linux have been broken by this change, and the VM will need to be recreated.
  • The podman volume prune command now matches Docker's behavior by only pruning unused anonymous volumes. Please use the newly-added --all option for the previous behavior (pruning all volumes).
  • The podman volume list command now combines multiple filters using logical AND instead of logical OR (meaning all filters must match for a container to be included in output) (#26786).
  • The label!= filter used in many commands now combines the output of multiple instances of the filter with logical AND instead of logical OR.
  • The --format='{{json .Labels}} option to the podman pspodman pod ps, and podman volume ls commands now prints its output as comma-separated key=value pairs instead of as a JSON map, improving Docker compatibility (#21847).
  • The --all-providers option to podman machine list has been removed, as machines from all providers can now be accessed by all commands.
  • The MemorySwappiness field of podman inspect is now set to nil when not explicitly set by the user (instead of -1), improving Docker compatibility (#23824).
  • The podman commit command now pauses the container while committing changes, improving security by restricting concurrent modification. The prior behavior can be restored by using podman commit --pause=false ....
  • The Go bindings for the REST API have removed the redundant nameOrID parameter from the artifacts.Remove() function.
  • The minimum Go version required to build Podman is now v1.25.

Features

  • All podman machine commands can now operate on VMs from all providers, regardless of what the current provider is set to. The provider set in the configuration only determines the provider used by newly-created VMs, and can be overridden by the new podman machine init --provider option. This should make operation of Mac and Windows installs mixing use of applehv and libkrun VMs, or hyperv and wsl VMs, much easier.
  • A new command has been added, podman machine os update, which updates the operating system of a podman machine VM. Please note that this is not supported with the wsl provider.
  • A new command has been added, podman system hyperv-prep, allowing Windows administrators to prepare a host for their users to run podman machine VMs using the hyperv provider.
  • When starting a VM with podman machine start and podman machine init --now, if the connection to that VM is not the default, users will be prompted whether they want to change the default to the machine that was just started. This can also be controlled by a new option, --update-connection, which controls whether the default will be updated. If the --update-connection option is set, a user-interactive prompt is not displayed.
  • The podman machine init and podman machine set commands now support a new option, --import-native-ca, which, when set, causes podman machine VMs on Windows, Linux, and Mac to import the host's trusted CA certificates each time the VM boots.
  • The podman exec command now has a new option, --no-session, disabling API session tracking and database operations to increase performance (#26727).
  • The podman image list --format json command now includes two new fields for each image, Repository and Tag (#27632).
  • The manpages for Quadlets have been split into multiple files, one for each type of Quadlet file, and should be much more readable.
  • Quadlet .volume units now support three new keys, UID= and GID= (to set the UID and GID that the volume will be created with) and Options= (to set generic volume options).
  • Quadlet .container units now support mounting anonymous volumes (using a Mount= key with no source specified) (#28497).
  • Two new search paths for Quadlets have been added, /usr/share/containers/systemd/users and /usr/share/containers/systemd/users/${UID}, to allow distributions to more easily package and distribute Quadlets (#27843).
  • The podman quadlet list command now has a new alias, podman quadlet ls.
  • The podman quadlet list command now has a new option, --noheading, which disables printing the table header. This is set automatically if the --format option is used.
  • The pomdan quadlet list command now includes a new field in its output, Pod, which prints the pod a Quadlet .container unit is part of.
  • The podman quadlet list command's --filter option now supports a new filter, status= (#28369).
  • The --gpus option to podman create and podman run is now compatible with AMD GPUs.
  • The podman createpodman run, and podman pod create commands can now specify volumes with a new option, nocreate (e.g. podman run --mount type=volume,src=myvol,dst=/mnt,nocreate) which will error if the specified volume does not exist, instead of creating it.
  • The --log-opt option to the podman run and podman create now supports a new option, label=, to attach additional labels to logged messages (only usable with the journald log driver).
  • Many Podman commands now expose a --tls-details option, allowing custom tuning of TLS settings using a containers-tls-details.yaml(5) file.
  • The died event for Containers now exposes a new attribute, OOMKilled, which (if set) indicates the container was stopped due to running out of memory (#26701).
  • Containers can now set multiple static IP addresses by passing the ip= option to --net multiple times (e.g. --net mynet:ip=10.0.0.2,ip=10.0.0.3,ip=10.0.0.4).
  • The podman volume prune command now includes a new option, --all, to prune all unused volumes, not just anonymous volumes (#24597).
  • The podman volume prune command now includes a new option, --dry-run, which returns the volumes that would be removed but does not actually remove them (#27838).
  • The podman image scp command now includes a new option, --format, to set the archive format used for the image transfer (#28183).
  • A new field has been added to containers.confdefault_host_ips, to set the default host IP that ports are forwarded from if an IP is not specified by the user (#27186).
  • The podman image trust suite of commands now support a new --signature-policy option, which is mandatory for podman image trust set.
  • Events now include artifact lifecycle events (createpullpush, and remove) (#27260).
  • A new experimental option for the rootless_port_forwarder field in containers.conf has been added, rootless_port_forwarder="pasta". When set, rootless bridge networks will use Pasta's kernel-level port forwarding via Pesto instead of rootlessport, preserving the original client source IP in network traffic in rootless containers. The default remains rootlessport (the default for Podman 5.x), but we will investigate switching at a later date when stability is more certain.
  • A new filter has been added to the podman ps and podman container prune commands, --filter annotation=, to filter containers based on their annotations (#28562).
  • The podman network create command's --route option can now create blackhole, unreachable, and prohibit routes to prevent containers from reaching certain networks (e.g. podman network create --route 10.20.30.40/24,blackhole ...) (#20022).
  • Add support for blackhole, unreachable, and prohibit route types in podman networks. Supported since netavark 2.0.
  • The podman info command now reports CDI spec directories and discovered CDI devices.
  • Events generated by pods and volumes now include the pod/volume's labels as attributes, matching the behavior of container events (#26480).

Changes

  • VMs created by podman machine now mount the host's user configurations (e.g. ~/.config/containers on Linux) into the machine at /etc/containers, allowing users to edit the config files controlling Podman's behavior directly.
  • The default podman machine provider on Macs has been changed to libkrun.
  • Starting and stopping podman machine VMs on Windows with the hyperv provider no longer requires administrator privileges (creating machines still requires admin, however). Operations requiring elevated privileges will prompt for administrator access. Please note that this only works with newly-created VMs.
  • The podman pod inspect command now prints arrays in its output in deterministic order.
  • The podman machine os apply command has been updated, and now uses bootc switch to apply changes. All transports supported by bootc switch can be used for the new image to apply.
  • An experimental feature has been added where, on systems using Kernel 6.18 and newer, rootless Podman will no longer need to create a pause process to hold open the rootless user namespace, instead using an nsfs file handle. This behavior is currently gated behind an environment variable, drop-pause-process, being set.
  • Containers created with --net=host will now use 127.0.0.1 for their host.containers.internal address, instead of a public IP of the machine (#27823).
  • Containers in multiple networks now have these networks configured in a deterministic order based on the order they were passed on the command line.
  • When building an image with process substitution, such as podman build -f <(<<<"FROM scratch") , an empty temporary directory is now used as the context directory (#28113).
  • In Podman versions 5.x and under, image IDs (for both OCI and Docker v2s2 images) were always equal to the SHA256 digest of the image's config data. A future version of Podman will add support for non-SHA256 digests, and image ID format will change for images that are not using the SHA256 digest. The exact format of the new IDs has not yet been decided, but the assumption that image IDs are valid hashes will no longer be true in future Podman versions.

Bugfixes

  • Fixed a bug where creating a Quadlet from a templated .container file that was part of a pod would incorrectly add a dependency on the template used for the container to the pod (#27844).
  • Fixed a bug where Quadlet .pod files would unconditionally set Restart=on-failure even when the user specified an alternative restart policy (#28081).
  • Fixed a bug where starting a podman machine VM on Windows using the hyperv provider would fail if the machine failed to start on first boot (#27930).
  • Fixed a bug where podman machine init and podman machine set allowed creating VMs with more CPUs than were available on the host, creating VMs that could not be started (#28322).
  • Fixed a bug where artifact volumes only checked the validity of the artifact when the container was started, allowing containers to be created that referenced artifacts which did not exist and thus could never be started (#27747).
  • Fixed a bug where containers with environment secrets could lose the value of the secret after a restart under some circumstances (#28075).
  • Fixed a bug where the podman container restore --publish command would silently ignore the --publish option instead of erroring when used without the --import option or a checkpoint image.
  • Fixed a bug where running nested rootless Podman containers on Windows using the wsl provider was not possible (#27411).
  • Fixed a bug where the podman container clone command would fail with containers created with environment secrets (--secret type=env,...) (#28130).
  • Fixed a bug where creating a container with the tag= log option (--log-opt tag=mytag) was allowed when a log driver other than journald was selected.
  • Fixed a bug where the output of --help with some commands was incorrectly formatted (#28178).
  • Fixed a bug where containers in pods with multiple volume mounts could have mount options from one volume mount leak to other mounts.
  • Fixed a bug where the remote Podman client's podman version command would error if the server could not be connected to (e.g. the podman machine VM was shut down). In this case, client version is now printed (#28222).
  • Fixed a bug where rootless Podman would display errors and refuse to launch if the pause process was killed and its PID recycled to another process (#28157).
  • Fixed a bug where running podman kube generate on a container including volumes with . characters in their names produced invalid YAML (#27620).
  • Fixed a bug where patterns in .containerignore and .dockerignore files that began or ended with slashes were silently ignored during remote builds (#25458).
  • Fixed a bug where healthchecks on containers created using the --transient-store option would fail (#28483).
  • Fixed a bug where the podman generate spec command would panic when run on a pod with no infra container (#21609).
  • Fixed a bug where the podman container inspect command could HTML-escape certain characters in its output (#28560).
  • Fixed a bug where pods with entries added to /etc/hosts containing multiple containers would incorrectly remove entries from /etc/hosts for all containers in the pod when any container stopped.
  • Fixed a bug where hosts without /dev/mqueue could be unable to start containers as Podman attempted to add the device unconditionally.
  • Fixed a bug where inspecting networks without a gateway set would show the gateway as <nil> instead of the showing nothing (#28705).
  • Fixed a bug where creating a container or pod with port mappings including duplicated host ports was allowed, when this configuration could never be started due to the port conflict.
  • Fixed a bug where the remote Podman client was unable to connect to any host with a custom HostName in the user's SSH config (#25067).
  • Fixed a bug where the podman inspect --type=all command would, when attempting to inspect multiple networks, output only one of the networks multiple times.
  • Fixed a bug where Quadlet .container files using the http_proxy=true setting did not properly escape special characters in the environment variables added to the container when creating the systemd unit file (#28698).
  • Fixed a bug where containers created using the remote Podman client ignored the log_path setting in containers.conf (#28792).
  • Fixed a bug where the remote Podman client's podman save command would fail on Linux when using the -f oci-dir or -f docker-dir arguments.
  • Fixed a bug where podman machine VMs on Linux would fail to mount the directories under a symlinked path into the VM (#28911).
  • Fixed a bug where the podman container checkpoint --leave-running command could produce inconsistent checkpoints because the rootfs and named volume diffs were performed after the processes were allowed to run for a time; the container is now paused until the checkpoint is fully complete.
  • Fixed a bug where the podman kube play command would incorrectly set memory limits if the user specified the limit as a fractical BinarySI quantity (e.g. 1.5Gi) (#28789).

API

  • An improvement pass has been made over API documentation to document fields which were missing documentation. Look forward to more API documentation improvements in future releases!
  • The supported Docker Compatible API version has been bumped to v1.44.
  • All API requests that accept JSON body parameters will no longer error if an empty body is provided.
  • The Compat List endpoint for Containers now includes a new field in its output, Health, providing information on the status of the container's healthcheck (#27786).
  • Added a new API, POST /libpod/local/artifacts/add, for loading artifacts from the local system (not requiring transmission of a tarball).
  • The POST /libpod/local/images endpoint for loading images from the local system now requires that the path query parameter is an absolute path, not a relative path.
  • The Libpod Pull endpoint for Images can now report pull progress when the pullProgress query parameter is set to true.
  • The Libpod Pull endpoint for Images now returns error status codes on failure to pull imges, instead of always returning HTTP 200.
  • Fixed a bug where the subpath option for volumes when creating containers was ignored (#27171).
  • Fixed a bug where the Libpod Create endpoint for Containers ignored the OCIRuntime field.
  • Fixed a bug where the Compat Create endpoint for Containers returned a 500 (not a 409) when attempting to create a container with a name that was already in use.
  • Fixed a bug where the Compat Create endpoint for Containers incorrectly handled CDI-qualified entries in HostConfig.Devices, greatly improving the reliability of CDI devices when using the Compat API.
  • Fixed a bug where the Compat Info endpoint did not return the location of the Seccomp profile if a non-default profile was in use (#28379).
  • Fixed a bug where the Compat List endpoint for Containers could return an invalid string for container status (#28359).
  • Fixed a bug where the Compat List endpoint for Containers did not include the HostConfig field in its responses.
  • Fixed a bug where the Compat Wait endpoint for Containers would hang indefinitely when waiting for the next-exit condition (#28514).
  • Fixed a bug where the Compat and Libpod Update endpoints for Containers would clear the rlimits of the container if they were not explicitly set in the API request.
  • Fixed a bug where the Compat Push endpoint for Images did not return a final JSON object including tag, digest, and size of the pushed image, as Docker does.

Misc

  • Autocomplete has been enabled for inspecting artifacts with podman inspect.
  • Updated Buildah to v1.44.0
  • Updated the image library to v5.40.0
  • Updated the storage library to v1.63.0
  • Updated the common library to v0.68.0
github.com
u/Great-Cow7256 — 12 days ago
▲ 14 r/enteio

Ente GitHub repo changed names seemingly just today, causing repo pull errors.

From ente-io to just ente. Took me 10 minutes to figure out why my Podman containers kept throwing errors with podman auto-update.

This affects docker users too.

If you pull ente from GitHub with podman or docker, make sure to change from ente-io to just ente in the repo name.

reddit.com
u/Great-Cow7256 — 13 days ago

Remember the guy who gets in the news complaining about how stuff is ruining Italian South Oakland?

The one who lives in Hawaii most of the year?

This is what his latest stink was about.

Totally ruined this part of South O. /s

u/Great-Cow7256 — 13 days ago

remote LUKS unlock + TPM auto-unlock on Ubuntu 26.04 (Dracut), is it possible?

I'm setting up a headless home computer on an Intel 13 NUCs running Ubuntu 26.04 server.

I was thinking of using LUKS to encrypt the drive and bind it to TPM7 (or maybe 1+7), but this will be headless and I don't want to have to run over with a monitor and keyboard every time something changes to put in the LUKS password so I can then boot in to re-bind LUKS to the TPM.

This seems to have been easier before Dracut with `dropbear-initramfs`, but I'm 99% sure that you can't mix solutions (Dracut for binding the tpm and `dropbear-initramfs` for spinning up a SSH server for failover/password entry.

What have people done to solve this? Or am I making things way too complicated by a) using LUKS and b) not seeing a way to mix Dracut and `dropbear-initramfs`.

thanks!

reddit.com
u/Great-Cow7256 — 15 days ago
▲ 3 r/Ubuntu

remote LUKS unlock + TPM auto-unlock on Ubuntu 26.04 (Dracut), is it possible?

I'm setting up a headless home computer on an Intel 13 NUCs running Ubuntu 26.04 server.

I was thinking of using LUKS to encrypt the drive and bind it to TPM7 (or maybe 1+7), but this will be headless and I don't want to have to run over with a monitor and keyboard every time something changes to put in the LUKS password so I can then boot in to re-bind LUKS to the TPM.

This seems to have been easier before Dracut with `dropbear-initramfs`, but I'm 99% sure that you can't mix solutions (Dracut for binding the tpm and `dropbear-initramfs` for spinning up a SSH server for failover/password entry.

What have people done to solve this? Or am I making things way too complicated by a) using LUKS and b) not seeing a way to mix Dracut and `dropbear-initramfs`.

thanks!

reddit.com
u/Great-Cow7256 — 15 days ago

Switching from early/beta back to production...

I think it's straightforward but wondering if Firewalla can add this to the bottom of their beta pages (if it's not there... I didn't see it but I may have missed it)

Go into the AP7s one by one and change from early/beta back to production. It'll take a few minutes for these to switch back.

Go into the firewalla itself and switch from early/beta back to production. This will also take a few minutes.

What about the app? (I'm on android). Should I go into play store and "leave" the beta program?

reddit.com
u/Great-Cow7256 — 16 days ago
▲ 9 r/podman+1 crossposts

I made a script to smoothly upgrade Podman on Ubuntu from source – with a safe rollback (tested on 5.7.0 → 5.8.3)

Apt on Ubuntu 26.04 ships Podman 5.7.0 and Ubuntu doesn't update Podman until its next release (which will be 26.10), and most likely even the 26.10 version of Podman will be "behind" the newest release on Github.

I wanted to try and install 5.8.3, the newest version, from Github without breaking anything just to see if I could do it, and, for the future, to keep up to date with changes in Podman.

After manually building from source a few times (and once accidentally logging myself out by stopping the wrong services... oops), I wrote a script to automate the whole process safely.

What it does:

- Pulls a Podman release tag from GitHub (e.g., v5.8.3), builds it, and installs it to /usr/local.
Your original system binary at /usr/bin/podman is never touched, so you always have a fallback.
- Supports --rollback to instantly revert to the apt-managed version.
- has a --fresh-install mode if you don’t have Podman installed at all and you want to install the newest Github version.
- Only stops podman.service and podman.socket (the script learned its lesson: it never touches your login session).
- Has full error recovery - if the build or install fails, it automatically removes any half-installed files and leaves your existing Podman working.

I ran this on two Intel 13i7 nuc machines with Ubuntu 26.04 and Podman 5.7.0.
- Successfully upgraded to 5.8.3.
- then rolled back to 5.7.0 (the rollback flag works perfectly).
- then updated again to 5.8.3. - and I did not cry or swear, even once. All containers and Quadlet services came back fine.

The “please be careful” part:

this compiles and installs a system binary. It’s not an apt package, and that inherently carries some risk.

- Back up your containers, volumes, and anything you care about. - It’s only been tested on Ubuntu 26.04 / Podman 5.7.0. If you’re on a different distro, another version of Ubuntu, or a different target version, check that your build dependencies are new enough (the script doesn’t verify that for you).
- I’m not responsible if something melts.

github.com
u/Great-Cow7256 — 18 days ago
▲ 79 r/podman

I turned my collection of rootless Podman Quadlets .container files into a public repo

After migrating everything to rootless Podman with Quadlets on Ubuntu 26.04 (Podman 5.7.0), I cleaned up the configs and put them on GitHub. they all ready to deploy with systemctl --user start. Every .container file comes with hardening and tmpfs options commented out to increase compatability, and secrets are pulled from separate .env files.

Included so far: Audiobookshelf, BentoPDF, ConvertX, Homepage Dashboard, Omni-tools, Stirling-PDF, Syncthing, Tdarr (server + remote node), Uptime Kuma, Vert File Converter, Podman Socket Proxy, a full ADSB Ultrafeeder stack (Airspy/dump978 receivers, Ultrafeeder, and feeders for FR24, OpenSky, PlaneFinder, RadarBox, PlaneWatch, ADSBHub, RadarVirtuel, PlaneFence), Plex + Tautulli, Calibre (GUI & Web), Ente Auth, Immich (with optional Google Photos sync & internet public proxy), MinusPod CPU (with optional OpenVINO transcriber), and Paperless NGX.

Everything’s been running reliably on my homelab — hope it saves someone else some time. Feedback and PRs welcome!

I use an Intel box, and a beefy one at that, so everything is optimized for its GPU and memory, but in podman most of this is adjustable.

if there's a container that you want me to try and get working as rootless instead of rootful, or if you're having problems converting something from a Docker, let me know under Issues in github.

github.com
u/Great-Cow7256 — 19 days ago

PIT Airport's microgrid, in the news twice over the past few days

PIT has a large solar array (10,000 panels) and multiple (5) tiny natural gas electric plants. It made the news twice in the last few days -

  1. https://flypittsburgh.com/microgrid-power-outage/ The electrical storm on June 11 -

>Safety and security are always the top priority along with resiliency, which is why we operate a microgrid to ensure we are as site-hardened as possible.
This afternoon, the storm produced a power surge that was so extraordinary that it triggered safety breakers from the traditional electrical grid power feed as well as our microgrid.
We were able to partially restore power in under an hour and fully restore power in under 90 minutes. Because of our microgrid, we were able to restore that power much more quickly and potentially prevented a significantly longer outage.
Our microgrid and the traditional grid functioned as intended with safety features, the electrical breakers, acting to stop the surge before it could do damage to our systems.
Throughout this issue, the airfield and air traffic control tower were not affected, maintaining power throughout because of redundant feeds. As a result, planes were able to land and takeoff at PIT resulting in no cancellations due to the outage.

  1. NPR Shortwave podcast https://www.npr.org/2026/06/17/nx-s1-5814725/is-sewage-the-future-of-green-aviation

End of the podcast (about sustainable aviation fuels) mentioned PIT's microgrid and how it's being used to help advance sustainable aviation fuels.

PITs own info about their microgrid. I think they're missing a prefix in front of "watt" because a 23 watt microgrid could probably be made by getting a lot of Costco size bags of potatoes... https://flypittsburgh.com/acaa-corporate/our-impact/strategic-initiatives/energy/ I'm 99% sure it's megawatt.

Edit -- oops, you'd need like 19,000 potatoes. Forget my idea of taking over the world with a few Costco potato sacks.

reddit.com
u/Great-Cow7256 — 20 days ago

Bicycle rider injured after being hit by car in Lower Burrell

>A man was taken to the hospital after being hit by a car while riding a bicycle in Lower Burrell Wednesday afternoon.

>Emergency responders reported to the intersection of Leechburg Road and Reed Street at around 2 p.m.

>Lower Burrell Police sergeant Scott Miller said an older man was riding a pedal bike on Leechburg Road when he was hit from the side by an oncoming car. The driver stayed on scene to speak with police.

>A medical helicopter was initially called to the scene, but was canceled.

>“They were going to fly him,” Miller said. “Now they’re going to drive him, so that’s a good sign.”

>Officials started to clear the scene around 2:30 p.m.

>Miller said police would be continuing their investigation and taking witness statements after the incident.

>

triblive.com
u/Great-Cow7256 — 20 days ago

Updated my quick Suricata + Eve Box container setup (Great test drive if you're eyeing the Gold Pro!)

If you’ve been on the fence about whether stepping up to the Gold Pro hardware is in the cards for you, this project serves as a perfect, ​though limited, i​ntroduction to exactly what Suricata does under the hood.

A few things to keep in mind if you play around with it:

Suricata is an absolute firehose of information. Running it raw will quickly show you just how much noisy data flies across a network.

Every enterprise provider (like Firewalla) uses a carefully tuned, proprietary mix of rules and specific actions on those rules.

There is a massive balancing act between the depth of the rule sets you load and the sheer processing power/memory required to parse that traffic in real time without bottlenecking your network (which is exactly why it demands the beefier specs of the Gold Pro). You can dumb it down for less beefy equipment but then the rulesets can be pretty worthless as a tradeoff

This sample project is purely a playground to get a feel for the data and the UI. I​t is not meant to replace a real, hardened Suricata instance or a dedicated security gateway. There is a dedicated suricata website with a ton of info too.

Also just to make this clear- do NOT run this on your Firewalla. This needs to go on a server/homelab/regular computer.

github.com
u/Great-Cow7256 — 20 days ago
▲ 29 r/Psychiatry+1 crossposts

GitHub - upmcplanetracker/nts-for-firewalla: Enable Chrony NTS for NTP intercept on Firewalla

one more big update of my firewalla github trinity - very much beefed up the ability to run Chrony/NTS on Firewalla with many different lan configurations taken into account.

Basically:

Time in the sky <-----NTS/secure----> Firewalla <---NTP/not secure/intercept---> everything behind the firewalla/on your lan(s)

since NTS intercept is almost impossible to do it gives you secure NTS via your firewalla ntp intercept.

Thoughts or comments welcome. I've really made this a lot more robust.

github.com
u/Great-Cow7256 — 19 days ago