IHawkMike @ IHawkMike @lemmy.world

Posts

0

Comments

255

Joined

2 yr. ago

Yeah but $30 USD vs $100 USD targets completely different customers and use cases.

I was willing to spend $30 per TV. But not $100.

Well they're discontinuing the OG Chromecast and Chromecast w/ Google TV for this. So you're probably right.

https://www.theverge.com/2024/8/6/24214471/google-chromecast-line-discontinued

Never invest too heavily in Google anything.

Use a Chromium browser to inspect the cert.

If anyone knows how to get Firefox to show a bad cert before loading the page, I'd love to know.

Assuming you're the one adding HSTS, you'll have to inspect the cert and/or view the content that is getting returned. On desktop Chromium you can type "thisisunsafe" to load a page even with HSTS. Not sure how to do it on mobile FF.

Would seem weird for it to be intercepting your domain's traffic but not the rest of the internet.

Edit: just noticed you're not even loading an SSL page. Are you using https in the URL?

Are you getting redirected to their captive portal?

Try this:

http://neverssl.com

Did you have to install an app called Company Portal or Intune? If no, then they probably don't have access to your device, except for possibly being able to selectively wipe school data. They could also be using another MDM solution like Airwatch, but again, you would have had to have installed something (and unlikely, since universities get massive discounts on Microsoft licensing).

Even if you do have Company Portal, it doesn't necessarily mean it's managed as it's still used to broker communication and authentication between Office apps on Android. The app itself would be able to tell you if the device is managed.

And as the other poster mentioned, if they had you install a root certificate for the university they can intercept and inspect HTTPS traffic from your device while on their network. But that still doesn't give them access to the data-at-rest on your device.

Also bacon. Just.....just bacon.

Can we have dogs too, as long as I promise they won't eat all the bacon?

I'm not sure about color support without HTML or add-ons, but Obsidian is a good markdown editor with a lot of functionality and extensibility.

It's not open source but it runs on everything.

If you're sure you've got a DNS entry for the Pihole FQDN pointing at Traefik, open the dev panel in your browser (F12), switch it to the Network tab, and visit the pihole URL.

See if you get anything back and especially take note of the HTTP status codes.

Can you see the router and service in the Traefik dashboard and do they show any errors there?

I think you're close.

You need to change service: pihole-rtr to service: pihole-svc.

Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

No, you just need to reference it like you have. Define once, reference many.

No worries for the question. It's not terribly intuitive.

The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:

  YAML

    
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /config
    watch: true

  

And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it's near instant when you create them, no need to restart Traefik).

Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):

  YAML

    
http:
  routers:
    homeassistant-rtr:
      entryPoints:
      - https
      service: homeassistant-svc
      rule: "Host(`home.example.com`)"
      tls:
        certResolver: examplecom-dns

  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://hass1.internal.local:8123"

  

Hope this helps!

I use the Traefik file provider for this.

https://doc.traefik.io/traefik/providers/file/

It picks up all my .yml configs in the watched folder which define the routers and services external to Docker.

Thank you. Why does everything have to be a goddamn video?!

(rhetorical question)

I know plenty account SNI already, but thanks. You might want to study more yourself, since we're being condescending.

https://blog.cloudflare.com/encrypted-sni/

So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)

I'll trust Cloudflare over Comcast/AT&T/etc. any day of the week.

I found it amusing that these posts were adjacent.

Exactly. Show me the Authentication-Results header or gtfo.

Yeah, but that security patch level.

Sooo many good memories.