tux7350
@tux7350@lemmy.world
- Comment on Tailscale Services GA: App-aware connectivity with more control 6 days ago:
Not OP but I use headscale and have it configured using Authentik for SSO. Works flawlessly once its up and running. I also use headplane for the UI. It has SSO integration as well which makes everything a breeze.
- Comment on What does the process of disobeying illegal military orders look like? [US] 1 week ago:
Its not as cut and dry as everyone here is making it out to be. This is an organization of people, rules are bent and broken CONSTANTLY.
Each branch has a form of peer-mentoring. In some form or another you’re graded on your ability to do your job and those grades get looked at for your promotion.
It starts off as a negative counseling. Sometimes written, most times just verbal. These are the “oh man I forgot to do this duty at the end of the day” type offenses. Most than likely someone is just gonna tell you to pull you’re head out of your ass and fix it.
Get enough of these and eventually you will get whats called a “non-judical punishment”. These are punishments handed out by commanding officers. See “UCMJ Article 15”. These are offenses under the rest of the UCMJ. Some things like adultery are still chargeable offenses. If they cant find something to charge you with “UCMJ Article 134” is a general offense. Basically “hey we didnt like what you did, its not illegal, but were gonna charge you anyway”
Think of NJPs as a misdemeanor, smaller but still serious infraction. When you leave the military, nobody will know that you got charged with something. But these do come with punishments. You basically get “grounded” cant leave your barracks room / get put on restriction. Also loss of pay.
Decide to commit a serous crime defined in the UCMJ? Well thats what a court-martial is. That is equivalent to a felony and will show up on any criminal background check. These often include jail time and reductions in rank.
Its all incredibly suggestive and depends on all the parties involved.
- Comment on Los Angeles aims to ban single-use printer cartridges — new ordinance will target ink and toner that can't be properly recycled 4 weeks ago:
Looking into the history of Kodak is crazy. They used a 13 month calendar and secretly kept a nuclear reactor in the basement for years.
People forget that Kodak was a chemical company, not just photography.
- Comment on Pornhub, YouPorn, and Redtube and other content sharing platforms will block New users in the UK starting next week(February 2) 4 weeks ago:
c/unixsocks
- Comment on My apartment building gives me free water but I pay for electricity. What if I run the faucet nonstop and rig up a hydro turbine in my bathtub to generate my power from it? 1 month ago:
Thank you for the laugh (⁀ᗢ⁀)
- Comment on genius 1 month ago:
Yeah you just have to deal with mast bumping, as if thats any less worrying.
- Comment on Is there a self hosted mTLS manager? 1 month ago:
You can use Authentik to setup an LDAP outpost then use a jellyfin LDAP plug-in to sync everything up.
- Comment on The Typical First-Time Homebuyer Is Now 40 Years Old, a Record High 3 months ago:
Big Bear is such an under rated part of southern California. I loved going there and looking at the giant pinecone. I never realized housing wasn’t too bad out that way. How are the taxes?
- Comment on What OS do you like for digital signage/kiosk/dashboard only? 3 months ago:
Ooo I do love me some Nix modules. Any particular options to look out for in order to configure something like that?
- Comment on Fooling a self-driving car with mirrors on traffic cones 5 months ago:
- Comment on Reddit is dropping subscriber counts on subreddits: Users will now see seven-day metrics that track active visitors and contributions instead. 5 months ago:
Hmm these are some pretty cool features I’d be interested in. I currently use Voyager for lemmy and quite like the layout. Does Piefed have any good mobile clients? Is there something you’d recommend?
- Comment on The Job Market Is HellYoung people are using ChatGPT to write their applications; HR is using AI to read them; no one is getting hired. 5 months ago:
Hmm im not sure anything I can say will truly help, but I’d like to try. But I hope you’re okay. I know things can get pretty tough in life, and your outlook seems pretty bleak given all the ups and downs. But I really hope that this degree works out for you. The fact that you’re at a new university tells me that you still care enough to keep trying.
Even if we are in hell, Im happy to know that one person is stubborn enough to pursue something they’re passionate about in the odds of it all. Seems like a fitting way to stick it to the system and do what makes you happy.
Anyway, I hope your situation improves. There’s at least one stranger out there rooting for ya :)
- Comment on do what you love 5 months ago:
Don’t ya think this might be a bit bias? They have a vested interest to sell you a philosophy degree.
- Comment on Would we be able to use the measles virus to reset the immune systems of people with autoimmune disorders like MS or rheumatoid arthritis? 6 months ago:
Did you watch ‘I am Legend’? This is exactly what starts the apocalypse lol
Side note, book was waaaayyyyy better
- Comment on Multi zone and domain setup question. 6 months ago:
The routers or computers you are using for this have to support forwarding traffic. With Linux this is pretty straight forward for other OSes I’m not sure how easy it is.
You can get around this by having tailscale installed on the default gateway (router) of each network. It might be quite a pain for OP to change routers at each location. On the plus side, OpenWRT has some other cool features like PXE booting.
- Comment on [deleted] 6 months ago:
:3
- Comment on Just created my own zero trust network! 7 months ago:
Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.
Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.
Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.
- Comment on Just created my own zero trust network! 7 months ago:
Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.
But yeah I know how to fucking Google lol
- Comment on Just created my own zero trust network! 7 months ago:
Oooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.
Any good resources / insight into mTLS? I appreciate the response btw!
- Comment on Just created my own zero trust network! 7 months ago:
Ya got three options.
Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.
Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.
Option C is to buy a certificate from your DNS provider aka something like cloudflare.
IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.
I like helping and fixing stuff, if you’d like to know anything just ask :D
- Comment on The good old days 7 months ago:
( ͡° ͜ʖ ͡°)
- Comment on Vintage gaming advertising pictures: a gallery 7 months ago:
Might not be exactly vintage but it is getting close to 20 years old (ouch my age).
The Halo 3 advertising campaign.
And specifically this “Believe” video.
I cannot describe the emotions of excitement I felt for this game to be released. Waiting for the midnight release for this game is still one of my favorite memories haha. And once we got the game, the hours and hours of fun with friends… really was something looking back on it.
- Comment on Unless users take action, Android will let Gemini access third-party apps 7 months ago:
I use a smart watch for contact less payments ¯\_(ツ)_/¯
- Comment on My reason for wanting HomeAssistant and a locked down VLAN... 7 months ago:
I wish I had setup an identity management system sooner. Been self-hosting for years and about a year ago took the full plunge into setting up all my services behind Authentik. Its a game changer not having to deal with all the usernames and passwords.
In a similar vein, before Authentik, I used Vaultwarden to manage all my credentials. That was also a huge game changer with my significant other. Being able to have them setup their own account and then share credentials as an organization is super handy.
- Comment on You got it, buddy 7 months ago:
Yeah its awful. Ive had the BV situation happen with two different partners. And God forbid, you bring up anything thats considered outside the heterosexual spectrum in an educational setting. Could you imagine if men were taught about the possibilities of the prostate in a judgement free environment?
- Comment on Friendly reminder that Tailscale is VC-funded and driving towards IPO 8 months ago:
Thats just how IPv6 works. You get a delegate address from your ISP for your router and then any device within that gets it own unique address. Considering how large the pool is, all address are unique. No NAT means no port forwarding needed!
- Comment on I hope i don't get downvoted for this 8 months ago:
That is the Forest Spirit from the movie Promcess Mononoke. Wonderful movie if you haven’t seen it! Watches more like a Disney movie than an anime.
- Comment on Steam Deck / Gaming News #16 9 months ago:
This is amazing!! Thank you for the hard work 😁
- Comment on Horror 10 months ago:
Windsurfing? 🏄♀️
- Comment on Help with 504 Error and UFW+NPM Setup on AlphaVPS 11 months ago:
The rules still apply to the host, just not inside the container. Docker is just ignoring the rules. If you block all ports but then have port 81 open like you do in that section of docker compose, you would think that UFW would block docker but thats not the case. Going to yourip:81 will show then NPM gui, even if you specifically use ufw to block 81. If you only expose port 80 and 443, you should be fine. Your NPM container would have to be compromised then they would have to break out of the container.
Also I think your issue is with your DNS. You should have an A record for the IP pointing to example.com and then a CNAME record pointing to sub.example.com
