elvith

@elvith@feddit.org

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨NEVER OBSOLETE⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
There aren’t many i386 distributions anymore, but you should still have some selection, I think
⁨Comment⁩ on ⁨Why?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
This!
⁨Comment⁩ on ⁨Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
That’s basically any modern network. There is no more trivial “inside our network” vs. “outside on the internet”. Networks are segmented on a need-to-know principle. You can access some information from the public internet. Some other things can be accessed from the internet, but only on corporate devices, if your user AND device is whitelisted. And then you have one or more VPNs on top of that for more sensitive stuff. Also those VPNs may be “dynamic” in the sense that it may also be dependent on the user, device and authentication method what is currently accessible over that VPN connection.
⁨Comment⁩ on ⁨In 1982, a physics joke gone wrong sparked the invention of the emoticon - Ars Technica⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

:-(
⁨Comment⁩ on ⁨We have one at home⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I didn’t get mine to have less than about a second latency LOL
⁨Comment⁩ on ⁨🚣 🚣⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
There’s a boat emoji?
⁨Comment⁩ on ⁨If Valve creates an "entry point" for living room PCs, the console-beating Steam Machines will follow, argues Baldur's Gate 3's publishing director⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You can disable UAC (thinking practical, not necessarily security minded - but for an auto login w/o password, what’s security?)

Popups: yes. But then you’d need to actively use other software besides steam. Why would you do that, if using only a controller? Also that can happen in Linux, too. If you mean those desktop notifications - those should be silenced automagically when running games.

For the logoff or shutdown: Set or createHKEY\_CURRENT\_USER\\Control Panel\\Desktop\\AutoEndTasks to 1 to auto kill hanging/not ending processes automagically. Also you can use WaitToKillAppTimeout there to define how long windows should wait before killing the processes (in milliseconds).

And regarding bitlocker after a bios update: why would you use bitlocker on such a machine (auto login on boot which would allow access to all files anyways)? Anyways, set or create HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker\\PreventDeviceEncryption to 1 to prevent bitlocker from running after an upgrade. With Pro, you could also leverage GPOs for that.

At least for the new Steam Gamepad they announced trackpads to be able to control the mouse with the gamepad, so clicking away a popup or sich shouldn’t be a problem.
⁨Comment⁩ on ⁨If Valve creates an "entry point" for living room PCs, the console-beating Steam Machines will follow, argues Baldur's Gate 3's publishing director⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Any other Distribution and even Windows would work fine, as long as you set up passwordless autologon as a default user and then put Steam in Big Picture Mode as autostart.
⁨Comment⁩ on ⁨She strongly disagrees⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
370 to go
⁨Comment⁩ on ⁨Microsoft: Windows Task Manager won’t quit after KB5067036 update⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It is. To close the Taskmanager, you simply start a new instance and kill the old ones…

So, just don’t forget to select Taskmanager in the list and kill it instead of clicking X and closing the window. Otherwise you need to start a new instance and use that.
⁨Comment⁩ on ⁨Help? Caddy reverse proxy⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
No, that’s just another hypothetical app that you’re using a reverse proxy for. I just included it to show how you can also set settings for a single subdomain/reverse proxy entry that isn’t used globally on all domains that get served. I used a hypothetical REST API that needs a CORS Header that other apps don’t need (or maybe serve themselves).

admin off disables Caddy’s admin interface (which shouldn’t be public and if you’re using config files this usually isn’t needed. So just a bit of gardening)

servers sets some general server options.

and then I just inserted several blocks that each define a reverse proxy to a different app / backend to show that you can just dump them all in a single Caddyfile. And the last example to show that you can set specific settings only for a specific subdomain instead of globally. As I set headers mostly used by REST APIs, I just called that api.example.com instead of app3.example.com.
⁨Comment⁩ on ⁨Help? Caddy reverse proxy⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:
```
admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8080
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}
```
⁨Comment⁩ on ⁨Microsoft Teams can record office presence from December⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I mean… Is it really spying? Your company can detect which AP or Switch you’re connected to (or if you’re using a VPN from home), so they do have that data anyways.
⁨Comment⁩ on ⁨Internal domain and reverse proxy⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.
⁨Comment⁩ on ⁨Internal domain and reverse proxy⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 <your registrar> to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.
⁨Comment⁩ on ⁨If you want to be classy and impress people⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Wouldeth youeth liketh toeth seeth myeth dicketh?
⁨Comment⁩ on ⁨The AWS Outage Bricked People’s $2,700 Smartbeds⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Wasn’t it also some kind of DNS problem on top?
⁨Comment⁩ on ⁨do it cowards⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
For effective shitposting, right?
⁨Comment⁩ on ⁨English moment⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
A little bit:

hose: ˈhōz

dose: ˈdōs
⁨Comment⁩ on ⁨Immich 2.1 Released with Better Slideshow Shuffle, New Notifications⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Hey everyone has a learning opportunity. Some even have a separate production system!
⁨Comment⁩ on ⁨English moment⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Our Strange Lingo

When the English tongue we speak.
Why is break not rhymed with freak?
Will you tell me why it’s true
We say sew but likewise few?
And the maker of the verse,
Cannot rhyme his horse with worse?
Beard is not the same as heard
Cord is different from word.
Cow is cow but low is low
Shoe is never rhymed with foe.
Think of hose, dose,and lose
And think of goose and yet with choose
Think of comb, tomb and bomb,
Doll and roll or home and some.
Since pay is rhymed with say
Why not paid with said I pray?
Think of blood, food and good.
Mould is not pronounced like could.
Wherefore done, but gone and lone -
Is there any reason known?
To sum up all, it seems to me
Sound and letters don’t agree.

- Lord Cromer
⁨Comment⁩ on ⁨I don't mean to brag, but I made a killer joke on my company Teams group 😎⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
My boss makes a dollar
and I just a dime
that’s why I post jokes
on company time
⁨Comment⁩ on ⁨I don't mean to brag, but I made a killer joke on my company Teams group 😎⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
😆
⁨Comment⁩ on ⁨We'll never have anything like the DVD screensaver ever again⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Remember “After Dark”?
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
This is a nice demonstration - and it probably isn’t even much work to run this segment in the show. Those people do not think about covering their tracks, as they do not have “anything to hide”. Also you only need to find a few easy targets in the whole audience group.

As for shooters and such - some have a message to broadcast with their actions and make it easy to link those posts to them. Others may not grasp the amount of tracking and surveillance and may be just bad at covering their tracks. Also they probably didn’t factor in OpSec that much. Granted, they might cover up in the days or weeks before, but there may still be some (years) old posts that they didn’t think about that makes them easy to identify.
⁨Comment⁩ on ⁨SearXNG doesn't load the settings ...⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
@maki@discuss.tchncs.de - I finally got around to be on my PC, so… Maybe this helps? Thats basically my setup on podman. I hope I didn’t break anything, when I scrubbed the files from secrets and also removed everything related to all other deployments (especially the Caddyfile). See the included Instructions.md

gist.github.com/…/fecd13bb05209fb7abf5ae473483534…
⁨Comment⁩ on ⁨it's time⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I lose hair, have no feathers, but will accumulate fat. So at least that’s going for me…
⁨Comment⁩ on ⁨SearXNG doesn't load the settings ...⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’m also using podman to host SearXNG on a cloud vps. If you’d like, I can provide you my quadlet and config files to get it running with podman’s systemd generator.

With those you can just systemctl enable/disable/start/stop/restart searxng. Also my files do have podman’s auto update activated for the SearXNG stack.
⁨Comment⁩ on ⁨SearXNG doesn't load the settings ...⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
uwsgi isn’t used anymore since a change from about 2 months ago IIRC, so this file will probably not be created.
⁨Comment⁩ on ⁨Which timezone would win in a conflict?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
GMT+3 would like a word