HTTPS on homelab (just locally)
All the bold text, italics, and headings would need to be saved in a database column to be retrieved later in their correct positions.
Nobody does that. People simply store HTML, Markdown or BB code. Check out TinyMCE, Milkdown, tui-editor, stackedit... all of them have a "see source" button and you'll see the text with the formatting code right there.
Deleted
Permanently Deleted
Jump
. I just started working in IT and I am a bit worried if I were to restrict myself from using it. I definitely don’t want to stick with using ChatGPT,
Don't worry, the hype will pass soon. LLMs are the new crypto.
... Pyramid Schemes > Forex > ETFs > Crypto > LLMs > ?? those influencers have got to sell something.
Just be aware of the risks involved with running your own CA.
You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.
For what's worth, LetsEncrypt with DNS-01 challenge is way easier to deploy and maintain in your internal hosts than adding a CA and dealing with all the devices that might not like custom CAs. Also more secure.
Just be aware of the risks involved with running your own CA.
Yes, LetsEncrypt with DNS-01 challenge is the easiest way to go. Be it a single wildcard for all hosts or not.
Running a CA is cool however, just be aware of the risks involved with running your own CA.
You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.
I want the WAN coming in from the router from the Pi’s Ethernet port, and the LAN coming out as Wi-Fi. I may also stick an additional Ethernet adapter to it in the future.
Can you try to explain this a bit more?
Anything with GNOME is visually appealing but unfortunately the usability is pure garbage. KDE is the exact opposite and Xfce is quick but sits on an awkward place.
Two things I've noticed about American politics: first, the most left-wing American politician would be seen as borderline far right in Europe. Second, in the US there's no left, because left would imply socialism that eventually lead to communism and that goes against the ideia of America, the American dream, the constitution etc. The entire country was built and maintained on the ideia of being against any form of communism.
Define "negative way"... GNOME changes in negative ways in a weekly basis so... Notification DDoS? :P
Link wasn't there when the original post was made.
Well, it's a container, in most situations you would be running as root because the root inside the container is an unprivileged user outside it. So in effect the root inside the container will only be able to act as root inside that container and nowhere else. Most people simply do it that way and don't bother with it.
If you really want there are ways to specify the user... but again there's little to no point there.
lxc exec container-name --user 1000 bash
lxc exec container-name -- su --shell /bin/bash --login user-name
For your convenience you can alias that in your host's ~/.bashrc with something like:
lxcbash() { lxc exec "$1" -- sudo --login --user "$2"; }
And then run like:
lxcbash container-name user-name
When your device requests an IP it sends over a significant amount of data.
Like...?
What do you do if you want to find the IP address of an instance, but incus list does not give you one?
If that's the case then it means there's no networking configured for the container or inside it. The image you're using may not come with DHCP enabled or networking at all.
I often just find the IP of the container and then ssh in as that feels natural, but perhaps I am cutting against the grain here.
You are. You aren't supposed to SSH into a container... it's just a waste of time. Simply run:
lxc exec container-name bash # or sh depending on the distro
And you'll inside the container much faster and without wasting resources.
Those are alternatives not the 100% compatible solutions that professionals who spend 8h/day in front of those tools need.
And that's okay, however those same people are the ones saying Windows is unusable because it would take a very long time to disable analytics. This is the thing, people aren't consistent.
No. It means if you upgrade a system from 21h2 to 22h2 Microsoft may have added new stuff in there that you've to review because if you connect it the internet right away those new "features" may connect to them.
Consider this example: Windows 11 before and after the Copilot shit. You can completely disable Copilot and other AI features using group policy however if you're on the "before" version you can't disable the feature because it isn't there already, if you upgrade, the features would be there with defaults and on the first boot it might great you with a "welcome to copilot" that will connect to Microsoft.
I am assuming that is on purpose?
Most likely, "normie" don't even know Enterprise exist...
With that said, you may find links here:
https://massgrave.dev/windows_10_links
Business ISO includes both Pro and Enterprise versions. On the same website you can find activation tools including HWID that will give you a valid digital license for your hardware that will survive a reinstallation of windows.
Just as a note if you've any Windows 10 Pro machines around you can upgrade them to Enterprise by just changing the key to a generic one under settings. A clean install of Enterprise would be better but you can still do it that way if you don't want the trouble / spend more time with it.
Never seen that guide. Does it actually work?
Yes, best results with Enterprise.
It won't implode, and it becomes a zero maintenance OS.
Windows out of the box is full of crap but we all know that a lot of large companies use it and Microsoft is kinda forced into making it feasible enough for those companies. If you're managing let's say 500+ machines you can't deal with the bullshit that comes with Windows 10 Home / Pro and systems that break every week.
There are also a lot of govt agencies and private companies with very strict security policies that can't just allow Windows to connect to MS and leak information around. If you simply disable what you don't need by following that manual things will really work out.
On the corporate world those changes are typically applied using AD, however, if you apply them manually in group policy they'll stick and you won't be bothered. Don't forget to check the link every time there's a major version because they usually add stuff.
I installed Windows 10 Enterprise 1709 on my main desktop in 2018 and applied the stuff documented there... I've been upgrading since then and it's currently running 22H2 just fine. No policy regressions like some people claim.
Microsoft is forced to provide ways for big customers to make Windows usable and those aren't going away anytime soon, they've a financial incentive to do so.
While I agree with you, an attacker may not need to go to such lengths in order to get the PK. The admin might misplace it or have a backup somewhere in plain text. People aren't also prone to look to logs and it might be too late when they actually noticed that the CA was compromised.
Managing an entire CA safely and deploying certificates > complex; Getting let's encrypt certificates using DNS challenges > easy;