All the measures you listed amount to nothing against a zero day remote exploit. They bypass the normal authentication process.
If you’re not able to use a VPN then use a IAM layer, which requires you to login through another method. You can use a dedicated app like Authelia/Authentik in front of the reverse proxy, or if you use nginx as reverse proxy you also have to option of using the vouch-proxy plugin.
And yet Microsoft made Copilot, and there are currently lots of clueless programmers out there using it to inject code with god knows what licenses into their company’s software.
You own the original, which you’ve written on your pc or phone. But the one that ends up on the website is a copy, on which you’ve granted the website owner a non-revokable license to do with as they please ie. a copy-right.
They can if the license you granted them says they can. Read it. These platforms usually make you grant then extensive rights. Yes they don’t own the content but given such broad permissions it makes very little practical difference.
So I was looking into getting port forwarding set up and I realized just how closed-off the internet has gotten since the early days. It’s concerning. It used to be you would buy your own router and connect it to the internet, and that router would control port-forwarding and what-have-you....
Are you trying to offer a port for peer sharing (XDCC/BT)? I’ve never tried using it like this but I think Tailscale Funnel could work.
It’s a sort of reverse VPN, I guess you could call it. Tailscale maintains the public IP and when someone connects to your advertised port they tunnel it to you through (encrypted) WireGuard. It passes through NAT because connections are outgoing to their servers.
The catch is that wireguard is easily detectable through deep packet inspection so if your ISP is a real asshole they can kill the connections, but if they go that far then NAT traversal is the least of your worries.
There is an alternate verification method using an API key to your DNS provider, if it’s a supported one. That method doesn’t need any IP to be assigned (doesn’t care if there are A/AAAA records or where they point because it can verify the domain directly).
deSEC.io is a good example of a good, reputable and free DNS provider that additionally allows you to manage API keys. The catch is that they require you to enable DNSSEC (their mission is similar to Let’s Encrypt, but for DNS).
I see that you want to use the cert for intranet apps btw.
What I did was get two LE wildcard certs, one for *.my.dom and one for *.local.my.dom. Both of them can be obtained and renewed with the API approach without any further care to what they actually point at.
Also, by using wildcards, you don’t give away any of your subdomains. LE requests are public so if you get a cert for a specific subdomain everybody will know about it. local.my.dom will be known but since that’s only used on my LAN it doesn’t matter.
Then what I do for externally exposed apps is to point my.dom to an IP (A record) and either make a wildcard CNAME for everything *.my.dom to my.dom, or explicit subdomain CNAME’s as needed, also to my.dom.
This way you only have one record to update for the IP and everything else will pick it up. I prefer the second approach and I use a cryptic subdomain name (ie. don’t use jellyfin.my.dom) so I cut down on brute force guessing.
The IP points at my router, which forwards 443 (or a different port of you prefer) to a reverse proxy that uses the *.my.dom LE cert. If whatever tries to access the port doesn’t provide the correct full domain name they get an error from the proxy.
For the internal stuff I use dnsmasq which has a feature that will override all DNS resolves for anything ending with .local.my.dom to the LAN IP of the reverse proxy. Which uses the *.local.my.dom LE cert for these ones but otherwise works the same.
Well known KDE developer Nate Graham is out with a blog post today outlining his latest Wayland thoughts, how X11 is a bad platform, and the recent topic of “Wayland breaking everything” isn’t really accurate....
Not supporting Nvidia cards will make Wayland unusable for at least half the Linux desktop users, probably more. Stats I recall range from 50-75%.
“Just buy non-Nvidia” is not, I repeat, a simple option. Lots of people stick with old GPU models because the price/performance ratio has gone out the window and they cannot afford to drop hundreds or thousands on one. Many others have Nvidia in their laptops.
There’s nothing preventing Wayland from working with Nvidia except the political insistence that it be open sourced. Which Nvidia is not interested in, never was, and never will be. And it’s a red herring to begin with.
TLDR either Wayland bends their stance on open source or their adoption will be severely limited.
I mean I’m fully with you on the fact screen autodetect isn’t stellar on X but there’s no need to exaggerate with “2 or 3 scripts”. It’s one xrandr command.
They’ll recant after their usage drops to a fraction. This move makes zero sense no matter how you look at it. As a generalist distro it’s too early to drop X.
If they want to become a niche distro whose only claim to fame is “we only pack Plasma 6”, big whoop, like there’s any shortage of that. What kind of distro defines itself by what it does not offer? And is that the kind of distro that Fedora aims to be?
Wow you got that backwards. They don’t do any of that for the sake of Nouveau or Vulkan or Wayland or whatever. They don’t care what people use their open scraps for.
They open up the minimum they can get away with because it’s ultimately meaningless — their proprietary stuff is still hidden away and it’s not like you can use the parts they open with anything else.
This, btw, applies to AMD and Intel too. The only choice you get with proprietary hardware that you have to use (like GPUs) is whose dick you want to suck. They’re not your friend and they won’t let community pressure then into decisions.
Currently I set up Tailscale in my Synology NAS and I can access selfhosted services on my phone using the Android app. I want to use some services in my work PC too but I’m blocked from installing any software. So my question is, is there any solution that allows me to connect to selfhosted VPN via browser extension? (Just...
Proton is in the process of removing their PC bridge in favor of a custom app. After they’re done you won’t be able to migrate your email away from their service anymore.
Which is ironic, when people are trying to flee from Google. Out of the fire and into the frying pan…
If you’re giving those companies personal info (name, phone, address, CC) they can track you regardless of what emails you use with each of them.
And if you’re not giving them personal info I don’t see how that works. Yeah so I register on both random site A and random site B with aliases @tfyuhegddssgvd.com, so what? How are they going to find out about each other? What will they tell each other even if they did? And why risk a GDPR violation for such silly reasons?
I don’t self host my email either. I got my registrar, DNS and email separate from each other so if any of them goes bad I can switch with minimum fuss.
But that makes it all the more important to be able to download all your mail from your provider.
Proton currently has two proprietary things you can use to download, a “bridge” PC app that pretends to speak IMAP, and a download tool. The bridge will be discontinued after they launch their propeietary PC mail app so that leaves just the proprietary download tool, which only does .eml. format.
I found this its the cheapest 10TB Exos drive on Newegg and looking to buy 4 of them. I will be putting them in my NAS that I use for my media library and pc backups. The price I’m posting this is $130, I’m also looking similar Exos drives that are $250 is there a difference? Should I shell up for the more expensive drives?
What kind of attributes did you find relevant? I imagine the 19x codes…
I’ve read the Blackblaze statistics and I’m using a tool (Scrutiny) that takes those stats into account for computing failure probability, but at the end of the day the most reliable tell is when a drive gets kicked out of an array (and/or can’t pass the long smart test anymore).
Meanwhile, I have drives with “lesser” attributes sitting on warning values (like command timeout) and ofc I monitor them and have good drives on standby, but they still seem to chug along fine for now.
Yeah I expect acting as SSD bays could become popular in the future if SSD prices drop low enough. Although they might be M.2 bays by then.
I have a bunch of old 60 GB 2.5" SSDs around but they’re so small it’s not worth bothering to set up an array of them. Plus they’re more useful individually for stuff like upgrading an old laptop, portable USB storage or installing Windows the one time in three years I need it.
In the meantime I’ve liberated the 2x HDD cage from a Define C Mini’s shroud and mounted it on the floor in a fan slot.
New to Linux, running Debian (if that matters), dot files are configuration files, yes? Do I need to explore each app/UI/program to figure out the possible options? Are there any universals in Linux? Across distros?...
You don’t have to edit the config files, if that’s what you mean. Generally speaking you should never need to edit any of them except in very unusual cases.
The config files are generally specific to apps and they can get transferred between distributions.
It’s actually common practice to take your /home with you too a new distro, it to put it on a separate partition so it’s still there after you reinstall the system partition. The app versions might be a little different and sometimes they’re may be small glitches when you do that but for the most part it works very well.
The only dot dirs you might care about is .cache which you may want to empty every once in a while (if you run out of space on /home). There’s also trash, if you use that, but that usually has its own widget on the desktop so you can explore or empty it.
Nextcloud zero day security
What is everyone doing? SELinux? AppArmor? Something else?...
Is DNS Bloat too? (lemmy.sdf.org)
Me vs my ISP
So I was looking into getting port forwarding set up and I realized just how closed-off the internet has gotten since the early days. It’s concerning. It used to be you would buy your own router and connect it to the internet, and that router would control port-forwarding and what-have-you....
What's the point of a reverse proxy and does cloudflare give all the benefits of one?
KDE's Nate Graham On X11 Being A Bad Platform & The Wayland Future (www.phoronix.com)
Well known KDE developer Nate Graham is out with a blog post today outlining his latest Wayland thoughts, how X11 is a bad platform, and the recent topic of “Wayland breaking everything” isn’t really accurate....
Self-hosted VPN that can be accessed via browser extension
Currently I set up Tailscale in my Synology NAS and I can access selfhosted services on my phone using the Android app. I want to use some services in my work PC too but I’m blocked from installing any software. So my question is, is there any solution that allows me to connect to selfhosted VPN via browser extension? (Just...
Started to move off Google (not strictly self-hosted)
Started to move off Google’s services to proton:...
Is this Seagate Exos drive too good to be true?
I found this its the cheapest 10TB Exos drive on Newegg and looking to buy 4 of them. I will be putting them in my NAS that I use for my media library and pc backups. The price I’m posting this is $130, I’m also looking similar Exos drives that are $250 is there a difference? Should I shell up for the more expensive drives?
Those who are self hosting at home, what case are you using? (Looking for recommendations)
TLDR: If you were building a NAS for 8 HDDs and 1 SSD today, what case would you use?...
What is a nifty little feature modern gadgets have lost? (lemmy.world)
For me it’s the notification light you used to find on older phones, was particularly good to know if your phone was charged without picking it up
[Request] Where to start with dot files?
New to Linux, running Debian (if that matters), dot files are configuration files, yes? Do I need to explore each app/UI/program to figure out the possible options? Are there any universals in Linux? Across distros?...