Wireguard.

Dunno if Cloudflare does effective auth for the tunnel or if you have to set that up yourself, but I don’t bother trying to expose services to the internet in any way because some of this stuff was just never designed for proper web security (cough Jellyfin).

It’s still worth setting up a wildcard cert with ACME so you get nice https and a real domain.

I’ve been trialing Vaultwarden for a while and while I do like the server sync setup and clean web access, the Bitwarden browser plugin is just okay despite being an “enterprise” solution. It misses probably about 20% of websites when creating a new account, forcing you to grab the password from the generator history and make a new entry manually.

KeepassXC is much better in that regard, and it’s almost as good as the default credential handler of Firefox, and it lets you set up a bunch of custom stuff to extend the functionality if you want. Plus it has some neat kbdx options aside from AES256.

Only downside is syncing, which I’m debating how I’ll deal with something better than syncthing on android (protocol is great, android makes it a PITA to have a background process if its not Google spyware).

I’m too lazy to find it now, but one of the tests they tried long before NASA started sending people into space was eating a banana upside down where they figured out the digestive tract can function against gravity.

There was also an encyclopedia brown story about this in which I remember Geese and Ducks rely on gravity to swallow, therefore they wouldn’t be able to eat in space.

Ahaha jokes on you, I haven’t updated my dependencies in years so I only have to deal with debilitating CVEs

Fedora

OpenSUSE if you want something non American and not directly related to RedHat

I read the title in the same voice as youtube’s “That’s how the law works.”

I’m really disappointed that someone hasn’t just made a standalone userspace addon to implement the feature, shoved in down California’s throat, and told them to come back with complaints once they can find where BSD came from.

Adding this type of “support” is just giving legitimacy to crappy legislation. I would not bother even creating the underlying system so some underpaid google intern can make his age verification app 2% faster.

This entire fiasco could have been a bash script that uses a new file in /etc to store birthdays.

The modern web is an insult to the idea of efficiency at practically every level.

You cannot convince me that isolation and sandboxing requires a fat 4Gb slice of RAM for a measly 4 tabs.

sneak up into a dark street corner at night

“Ay you got that ed25519?”

No sweat, try mirroring a private tracker and you’ll very quickly run out lol. You need a couple of petabytes worth.

The real problem is the price of HDDs not going down due to lower production in light of SSDs.

I fully expect WD to drop this as some stupidly expensive SAS drives that almost no consumer will buy. They should at least apply the dual heads for speed tech so we get faster HDDs for the same price.

Very critical. GNOME and KDE have two very different UX paradigms.

Usually people used to Windows opt for KDE, and Mac or older Ubuntu users opt for GNOME.

The thing is though, a golden standard DE can easily be setup to act as both. XFCE is so customizable that I’ve seen both DE types setup as UNIX like or Windows like workflow.

I’m not sure if KDE or GNOME can do the same because I’m pretty sure they focus on a target audience.

What are your issues with KDE exactly? I always hated GNOME’s lack of standard window buttons and handling multiple windows in a Mac like fashion. Also the app menu which gives me flashbacks of ChromeOS.

Knowing full well this would be coming from a FAANG company, a funnier answer would be to replace the switch with the equivalent smarthome switch, and then spend the next 20 minutes explaining their uttery stupid network pathway from your phone, through the cloud, back to your device to turn on a lightbulb.

wth is the point of a guest network if you have 443 blocked lmao.

Even my VPN port is 443 so it gets past basic port filtering because HTTPS is usually the only one allowed compared to other protocols.

“Man if we had the original source code, it’d be so much easier than reverse engineering this binary in Ghidra”

The source code in question:

This one is funny because it 100% still exists somewhere, but I haven’t had the chance to verify it again.

Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.

Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.

I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn’t really much use for other users.

Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.

Here’s the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.

Meaning you could just mitm the connection to grab the hash, and then login with the hash.

I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think “hey let’s use password hashing to keep this secure” and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).

It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.

I never got to check if this was fixed in a newer firmware version.

One one hand, a superior ROM choice

On the other hand, subpar crappy Google hardware

Me flipping on reverse thrust and parking brake before touching the ground in FSX because I’m like 100 kts above the landing speed

Couldn’t you just lazy build your own images if you don’t trust the source?

Even then most of these containerized apps can be run perfectly fine as a host binary, you just have to make your own start script and a systemd unit which isn’t that bad.

You could then build a completely custom image if you’d like, or move it into a VM if you don’t like the idea of running it baremetal.

How does it compare to Photoprism? Been on that solution for a while and I really like it, but have seen lots of people suggest Immich as well.

EDIT: https://github.com/photoprism/photoprism

Does Minecraft have a client side server blacklist?

I thought they only did this for BE servers because of the way they have the multiplayer tab setup, but I don’t see how Mojang would be able to successfully enforce a server ban outside of litigation.

As someone else mentioned, these seems more like its because MO has “Minecraft” in their server name more than anything because afaik the server definitely isn’t as huge and popular as it used to be.