nevalem

joined 1 year ago
[–] nevalem@programming.dev 2 points 9 months ago

I might have a few hours a month to help out if there's something I feel I can help with.

[–] nevalem@programming.dev 11 points 9 months ago (2 children)

There are total bypass options now to completely remove their hardware from your network using an ONT that lets you clone the att device serial number. Just a heads up.

[–] nevalem@programming.dev 2 points 9 months ago

You forgot to say unsubscribe

It's just a feed posting stories from https://news.ycombinator.com/ which at times has good stuff and relatively insightful user discussions.

[–] nevalem@programming.dev 39 points 10 months ago

You aren't giving us enough information to even speculate the answer. Are these Enterprise grade servers in a datacenter? Are these home made servers with consumer or low grade hardware you're calling servers? Are they in the same datacenter or do they go out to the Internet? What exists between the hops on the network? Is the latency consistent? What is the quality of both sides of the connection? Fiber? Wi-Fi? Mobile? Satellite?

Does it drop too nothing or just settle into a constant slower speed? What have you tried to trouble shoot? Is it only rsync or do other tests between the hosts show the same behavior?

Give us more and you might get some help. If these hosts are Linux I would start with iperf to do a more scientific test. And report to us some more info.

[–] nevalem@programming.dev 1 points 10 months ago

Yeah the previous bypass used a certificate that you'd have to authenticate periodically via 802.1x. This new method does not have that requirement. Just need the specialized hardware for it, like that Azores d20 box or one of the SFP+ xgs-pon modules that you can program.

I've been using it without any intervention for a little over a 8 months now. Even have my /29 static IP block allocated on it, while still being able to also use the DHCP address they give out. You get to use the whole /29 too without the att box stealing one of them as well.

[–] nevalem@programming.dev 7 points 10 months ago* (last edited 10 months ago) (1 children)

I think the originator of it was on dslreports but I couldn't find the link on mobile. I'm sure if you can search on Google you could find a secondary source for some tech blog or medium about it if that makes you feel better. There's also a discord that covers most xgs-pon bypass methods that I could share too. They keep turning it to private at times for whatever reason.

Other links and info of you are being serious and not passive aggressive. ATT is quick with DMCA takedowns so that's probably why the info can be fleetingly available at times but dslreports seems to be pretty reliable/resistant to them.

https://www.dslreports.com/forum/r33665048-AT-T-Fiber-XGS-PON-SFP-Modules-for-AT-T-Fiber

https://hackaday.io/project/193110-bypassing-the-bgw-320-using-an-azores-cots-ont

https://forum.netgate.com/topic/99190/att-uverse-rg-bypass-0-2-btc/440

https://simeononsecurity.com/guides/bypassing-the-bgw320-att-fiber-modem-router/

[–] nevalem@programming.dev 19 points 10 months ago (6 children)

You can totally bypass ATT Fiber now with your own SFP+ xgs-pon, fiber terminated to your device, without needing to exfil certs or do anything other than clone the identifying info of the att router's label depending on the technology they're using in your area.

https://docs.google.com/document/d/1UIAgtxkImgFRwyaGDGtISD0JXnxWNvuuNDrnRac6wGc/edit#heading=h.f8l0utlsram6

[–] nevalem@programming.dev 1 points 1 year ago

We have a custom nix package each for the org, teams, down to the project level that a dev can use to bootstrap what they need from day one with a no-knowledge-about-nix installer.

[–] nevalem@programming.dev 1 points 1 year ago (1 children)

Probably not 30k. Maybe closer to 5-10k depending when he bought it and how. Second hand stuff can be real cheap, whereas brand new server gear costs an arm and a leg so it could be 30k+ if he bought most of it new. The real cost is the amount of time it has taken to configure it all and get it working well, which I can attest can be a boatload of time.

My setup is maybe a bit more overkill and I've probably spent closer to 30k, especially once you factor in storage, nearly all of the server equipment second hand. You know you've gone overboard when you're talking about running 100gbit to more rooms, you have a categorization system for keeping the compatible sfp modules and cabling organized, and needing a second whole 42u rack with a couple in service servers on chairs waiting for said rack.

[–] nevalem@programming.dev 4 points 1 year ago

There is a storied history in computing to use tongue in cheek self referential acronyms to denote some humor and finality in distinguishing things that purposely fill a niche in the world of competing, often pricey, commercial software and other hackable reasons.

So I bet you're rubbing wrong those of us who remember that gnu is not unix, and more specifically wine is not an emulator. Because they really aren't.

[–] nevalem@programming.dev 12 points 1 year ago

I don't believe this is possible and actively protected against in the dht protocol implementation.

The return value for a query for peers includes an opaque value known as the "token." For a node to announce that its controlling peer is downloading a torrent, it must present the token received from the same queried node in a recent query for peers. When a node attempts to "announce" a torrent, the queried node checks the token against the querying node's IP address. This is to prevent malicious hosts from signing up other hosts for torrents. Since the token is merely returned by the querying node to the same node it received the token from, the implementation is not defined. Tokens must be accepted for a reasonable amount of time after they have been distributed. The BitTorrent implementation uses the SHA1 hash of the IP address concatenated onto a secret that changes every five minutes and tokens up to ten minutes old are accepted.

I believe you would have to know the torrent first, then you could discover other nodes. This is probably why that tool can't tell you anything outside of it's known list of torrents.

Source: http://bittorrent.org/beps/bep_0005.html

[–] nevalem@programming.dev 6 points 1 year ago

Maybe I'm misunderstanding the purpose or goal but wouldn't this be perfect use case for a virtual machine? I'm surprised no one has suggested that. A one off temporary, easily reverted back to pristine with snapshots sounds like exactly what you would want for testing something like this out.

view more: next ›