09:10 <tankf33der> morning all

09:10 <tankf33der> implementing

09:10 <tankf33der> https://adventofcode.com/2021/day/4

09:11 <Regenaxer> Hi tankf33der! Good ☺

13:59 <razzy> I plan on building open source "hardware firewall" on opensource hardware. Rock Pro 64. I want to have at least one trusted network node. any ideas?

14:20 <aw-> razzy: sure

14:21 <beneroth> does openbsd run on rock64 ?

14:21 <aw-> rockpro64 only has 1 ethernet...

14:21 <beneroth> xD

14:22 <aw-> how do you plan to make a HW firewall with only one NIC?

14:22 <aw-> or, do you plan to add a PCIe NIC?

14:23 <aw-> probably better to use hardware more suited for the purpose

14:23 <aw-> like Macchiatobin

14:24 <aw-> which has multiple NICs and SFP adapters for fiber optic

14:27 <aw-> or don't focus on the "hardware" aspect and just make the software/UI to manage a firewall that can run on Linux on any hardware

14:28 <aw-> beneroth: hey, i think it does btw

14:29 <aw-> those rock64/rockpro64 hardware can run a bunch of different OS's nowadays

14:29 <aw-> OSS community put a lot of work into them over the last few years

14:30 <beneroth> nice

14:31 <beneroth> for a pure firewall, OpenBSD / pfSense would probably be the best choice. or a firewall/router-distro based on Linux.

14:32 <beneroth> razzy, MicroTik hardware. not open I guess? but the software offers more control than you need.

14:36 <aw-> oh yeah i like MicroTik despite their wonky updates that fix one thing and break two

14:36 <aw-> MikroTik*

14:36 <beneroth> T

14:37 <aw-> i just stopped updating my switch, it gives me nightmares haha

14:40 <beneroth> hehe

14:41 <beneroth> good software should not need updates all the time. but nobody wants to pay properly completed software except space stuff.

14:42 <beneroth> I had to learn that business customers are more happy with broken software delivered on arbitrarily chosen deadline dates (before scope/feature-creep to the moon) than having working software delivered

14:44 <beneroth> people who make the pay decisions in companies are often not the users. they want to buy good feelings, not tangible benefits.

14:44 <beneroth> depressing

14:45 <beneroth> or I should improve my way of selecting customers *g*

14:48 <aw-> hmmmm

14:48 <aw-> yes i think you need better customers ;)

14:49 <aw-> indeed, "good software should not need updates all the time."

14:49 <aw-> agreed 100%

14:50 <aw-> and "buggy software guarantees a job" is bullshit

14:51 <aw-> we've been too conditioned to accept that bad software is acceptable

14:51 <aw-> too conditioned to believe it

15:18 <razzy> aw-: beneroth: I plan on double NICs in PCIe. I want opensource HW, because I cannot trust my closed source unupdatable network HW.

15:23 <aw-> razzy: sure, but the rockpro64 is not open source.. i mean.. the schematics are available but you can't just go and get JLCPCB to fab the board for you, also the CPU (arm64) is closed source

15:23 <aw-> and your PCIe NIC is likely closed source as well

15:23 <aw-> it all depends on your threat model.

15:24 <aw-> if you're super paranoid, your only option is to build all the hardware yourself, including the PCB and the ICs you solder onto them

15:26 <aw-> razzy: if you just want a small personal HW firewall that you have full control over, I would recommend a different board.. not rockpro64+pcie.. that's a bit ridiculous for your purpose unless you already own the hardware

15:27 <aw-> razzy: check out the NanoPi RS2

15:28 <razzy> aw-: I am super paranoid, i also have limited resources. I have 2 RPIs, but RPIs have huge close sourced blobs in graphics chips with acess to everything

15:29 <razzy> so RPI is not an inmprovement over current state

15:30 <razzy> rock64 seems better in that regard

15:30 <aw-> i agree, RPi is not good if you want 100% open

15:31 <aw-> i have a bunch of rock64 devices, they're good but not recommended for your goal

15:31 <aw-> razzy: check this: https://wiki.friendlyarm.com/wiki/index.php/NanoPi_R2S

15:32 <razzy> aw-: why not recommnded?

15:32 <razzy> aw-: i do not mind few euros.

15:33 <aw-> razzy: i explained it above.. with rockpro64 you'll need an extra PCIe adapter because it only has 1 onboard NIC

15:33 <aw-> so more $$$ and more power usage

15:38 <aw-> PCIe adapters can draw a lot of current.. just my SFP fiber optic PCIe uses about 15W, the rockpro64 will need ~40W.. so 55W for a shitty SBC with shit specs just to act as a firewall? whereas the NanoPi RS2 has 2 onboard NICs, costs less money, and will run around 5W to 10W MAX

15:38 <aw-> and you dont need high specs for a personal firewall

15:42 <beneroth> aw-> if you're super paranoid, your only option is to build all the hardware yourself

15:43 <beneroth> supposedly there is a super-talented family into electronics in Mexico. you can fly there and they teach you. but you have to learn old Aztec language first. true story. (no idea where the links are though..)

15:43 <beneroth> <aw-> we've been too conditioned to accept that bad software is acceptable

15:43 <beneroth> THIS

15:43 <beneroth> it's so horrible

15:44 <razzy> aw-: true, thank you for advice.

15:45 <beneroth> see also all the ransomware cases.. in Europe it's handled (esp. in media) as natural disaster which are nobodys fault, and advanced superdupercyberevil hackers, clearly Russian state (without a shred of evidence) - both at the same time

15:46 <beneroth> or even: yeah we need to close office/system/street tunnel for a weekend because software updates

15:47 <beneroth> natural, nothing can be done about that

15:48 <beneroth> probably decided by an algorithm, so it's not a human fault and nobody is responsible

15:49 <beneroth> my mum had some wise proverbs on the fridge. reminds me of "Winners always look for a strategy, Losers always look for an excuse".

16:03 <aw-> razzy: if you want truly open, perhaps you can look into an ice40 FPGA soldered to a pair of Magjack RJ45s

16:05 <aw-> the ice40 FPGA is the closest thing you can get to "open" IC without going down the route of 8-bit TTL breadboard CPUs

16:07 <aw-> this rabbit hole goes very deep ;)

16:55 <razzy> aw-: indeed deep rabbit hole. I think FPGA is next stage propably never implemented..

17:58 <beneroth> razzy, maybe you should aim for smaller goals, to have some success to motivate yourself. if you pick them well, then they're not a waste on the road to reach your bigger goals.

19:19 <razzy> beneroth: agreed. I found nanoPi R2S with big machined heat sink/case, good value. I will be ok with it for a while.

19:24 <beneroth> cool. let us know how it goes :)

22:19 <razzy> how can i close only one buffer in vip? qq close all buffers.