this post was submitted on 01 Jul 2025
737 points (100.0% liked)

Selfhosted

46677 readers
1377 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
737
My reason for wanting HomeAssistant and a locked down VLAN... (lemmynsfw.com)
submitted 2 days ago by [email protected] to c/[email protected]
90 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/32265822

xkcd #3109: Dehumidifier

xkcd #3109: Dehumidifier

Title text:

It's important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a "SALE" label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 19 hours ago* (last edited 18 hours ago) (1 children)

Depends on you hw. That seems rather poor implementation.. I believe my TP switch might handle that, because it rejects traffic to its management interface from mac X from vlan 20 because it sees the same mac in vlan 10.. (only vlan 20 is allowed for management)

[–] [email protected] 1 points 5 hours ago (1 children)

That’s a very cool feature actually but how does it stop a hacker if he has obtained a trusted MAC address from another device and connect to vlan 20 directly while the real device is offline?

[–] [email protected] 1 points 1 hour ago (1 children)

You configure vlans per physical port, so in a properly implemented system your attack won't be possible. When the packet comes to the switch the vlan tag is added to it according to the configuration for the port it was received from.

Or are you talking about mac-vlans?

[–] [email protected] 1 points 1 hour ago

Ok maybe I don’t fully understand yet. Let’s say an access point has 3 SSIDs, lan, guest and iot each client on each SSID gets a vlan tag accordingly. So it’s only connected to a single physical port, i think that’s what confused me. But SSIDs are interfaces just like an physical port afaik so your analogy still stands. The security here is the WiFi password anything that connects to LAN gets a LAN vlan tag. but it’s not like anything that connects to any of the SSIDs can get the DHCP lease of some random device on any vlan cuz it got tagged before. Or am I missing something?