lemmyvore

I'm trying a new CPU in my PC (Ryzen 5500GT) and I'm seeing:

• Sporadic kernel panics during boot.
• Random .ko.zst module files (different one each boot) complaining that ZST decompression failed checksum.
• Random .so's failing to find a symbol and causing programs to crash/fail to start.
• Started a stress-ng sequential session at 5s per stressor and it hung up after a dozen stressors. Couldn't ctrl-c it and also ps didn't work anymore. 😅

Funny thing is, other than that the system runs fine (when it boots, that is).

Switched back to my old CPU (that's the only change in the machine) and all of these things stopped.

That CPU that's doing that is defective, correct? Just double-checking I'm not missing anything else.

I've reset BIOS between CPU swaps and left it at defaults. Could default settings cause a CPU to act like this?

Edit: cooling is good, all temps (chipset, CPU etc.) are in the 30's C in idle, CPU went up to 75C when stressed. Have a tower cooler (Scythe Kotetsu) with a 120mm fan.

I'm also adding some voltage readings I took from sensors while the problematic CPU was installed:

Vcore: 840mV
+3.3V: 3.31V
+12.0V: 12.10V
+5.0V: 5.01V
VSOC: 780mV
VDDP: 900mV
DRAM: 1.21V
3VSB: 3.29V
VBAT: 3.26V

It doesn't seem to be doing anything for me, even on large websites like YouTube or Amazon, it basically just copies the link as-is.

I wanted to run my VPN/Tailscale setup past you, see if anybody has suggestions on how I could do things better.

• Setup: home LAN (10.0.0.0/24), router+DNS on 10.0.0.1, server running docker containers on 10.0.0.2.
• LAN DNS points *.local.dom.tld to the server, public DNS points *.dom.tld to my dynamic public IP.
• Containers run in bridge mode with host, expose ports on host IPs via "ports:" mapping.
• NPM with LE certs also in container, exposes 10.0.0.2:443, forwards to various other services.

Goals for Tailscale:

• Accessing HTTP services via NPM from my phone when away from home.
• Exposing select UDP and TCP non-HTTP services such as syncthing (:22000) or deluge RCP admin (:58846) to other tailnet devices or to phone on the go.

Goals in general:

• Some containers need to expose ports on the LAN.
• Some containers need to expose ports via Tailscale.
• Some containers need to broadcast on the LAN (DLNA stuff) – but I don't want them broadcasting to Tailscale.
• Generally speaking I'd like to explicitly control what's exposed from each container on either LAN or Tailscale.
• I'd like to avoid hacking images with Dockerfile. I can make my own images to do stuff, just don't want to keep up with hacking other images.

How I progresed with Tailscale:

1. First tried running it directly on the host. Good: tailnet IP (let's call it 100.64.0.2) available on the host's default network stack. Containers can use "ports:" to map to 100.64.0.2 (tailscale) and/or 10.0.0.2 (LAN). Bad: tailscale would mess with /etc/resolv.conf on host. Also bad: tailscale0 on host picked up stuff that binds to 0.0.0.0.
2. Moved tailscale to a container running on the host network stack (network_mode: host). Made it leave /etc/resolv.conf alone. tailscale0 on host stack still picks up everything on 0.0.0.0.

This is kinda where I'm stuck. I can make the tailscale container bridged which would put the tailscale0 interface inside the container. It wouldn't pick up 0.0.0.0 from host but how would I publish ports to it?

• The tailscale recommended way of doing it is by putting other containers in the tailscale's container network stack (network_mode: container:tailscale). This would prevent said containers from using "ports:" to map to host anymore. Also, everything they publish locally would end up on tailscale0 whether I like it or not.
• Tailscale has an env var TS_DEST_IP that can mirror another IP. I could allocate an IP on host eth0 like 10.1.1.1, mirror that from the tailscale container, and target it from other containers explicitly with "ports:" when I want to publish a port to tailscale. Downside: 10.1.1.1 would be in the host's network stack so still picks up 0.0.0.0.
• I could bridge the tailscale container with other containers on a private subnet, say 192.168.1.0/24 and use tailscale serve to forward specific ports to other containers over that subnet. Unfortunately serve is fairly limited; it can't do UDP and technically it refuses to forward TCP either to non-localhost (but you can dump the serve config to JSON, and hack that config, and use it with TS_SERVE_CONFIG= 🤮).
• I could bridge tailscale with other containers and create a special container with a fixed IP on that subnet, mirror the IP from tailscale, and use iptables on that container to forward specific ports to other containers. This would actually solve everything I want except...
• If I ever want to use another VPN which doesn't have the mirror feature. I don't know how I'd deal with that.

I'm thinking of putting all my email archive (55k messages, about 6 GB) on a private IMAP server but I'm wondering how to access it remotely when needed.

Obviously I'd need a webmail client but is there any that can deal with that amount of data and also be able to search through To, From, Subject and body efficiently?

I can also set up a standalone search engine of some sort (the messages are stored one per file in regular folders) but then how do I view the message once I locate it?

I can also expose the IMAP server itself and see if I can find a mobile app that fits the bill but I'd rather not do that. A webmail client would be much easier to reverse proxy and protect.

I've repurposed a 32 GB M.2 SATA SSD as a bootable "USB stick" and I'm putting useful tools on it. So far I've got memtest, seatools, gparted live, system rescue, clonezilla, and a live install iso of the distro installed on my PC. What other great bootable tools am I sleeping on?