chiisana @ chiisana @lemmy.chiisana.net

Posts

4

Comments

500

Joined

2 yr. ago

(Most) Bots don’t do JavaScript — because that’d require an entire new engine on the client end, which consumes some resources; resources that they’d rather use to do more bottling. By turning off cookies and JavaScript, the “privacy conscious” user is making themselves look like bots. Vast majority of site operators doesn’t want bots, so they employ mechanisms to detect bots to prevent bots from accessing their site… so if users make themselves look like bots, and operators don’t want bots, then the users must be prepared to deal with the repercussions of their actions (of disabling JS and cookies).

If that is a concern (I don’t see much of an issue, but everyone’s got different requirements, so no judgment here at all), then you’d probably want to setup a recursive DNS server inside your network, configure that DNS server to resolve those internal services to your intranet IP address, when it cannot resolve, it recurses to a public one (ie ISP, CloudFlare, quad 9, Google etc). Then, change your network’s DNS to that internal one, so when you’re on your network, you get internal IP address while off network you get CloudFlare tunnel routing.

You'd need more than their DNS, as DNS cannot forward ports for you (and before anyone mention SRV records, no, it just tells supported applications which port to use; it does not and cannot externally reassign the port used).

I believe the tool for the job here is the Zero Trust Tunnel; in the Dashboard, on the left, look for Zero Trust, and then on the new dashboard, go Access > Tunnels to setup the tunnel. Documentations are here: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/

You’d need to de-solder the existing IC chips and solder new ones; while I’d imagine they’re standard chips, it’s hard to say if you’re going to find the right ones unless someone else has a sacrificial board to donate you the chips, which would make this more likely to be a cost prohibitive adventure.

I don’t know your soldering skill level, but I’m terrible at it, and I am already not the typical nerd in my circle of nerds; so I’d suspect most people will have better bang for their bucks (in case if things go sideways and then need to buy new system anyways) by looking at Apple for refurbished M2 MacBook Air instead.

COVID social distance recommendations (although important and should still stand) has opened the doors to a lot of strange outcomes for delivery companies. Most of them seem to no longer require signature, despite packages being shipped as signatures required. By extension, it doesn’t really surprise me if they’ve changed Cash to Charge and sending bills after the fact :(

This is the first reverse proxy I saw, where docker is not an obligation

This is the broader direction. I lament the days where everyone can just use shared hosting and never worry about infrastructure, but everything seems to be moving towards larger and larger stacks… and to abstract as much of that away as possible so people can focus on the apps, docker/Kubernetes is playing a larger and larger role.

Which is also why you’re seeing more and more CLI/scripting — so infrastructure pieces that get in the way of development/apps can be abstracted away and managed in a repeatable fashion between deployments. As you start to work with more and more moving pieces, it is generally a good idea to expand your area of expertise beyond just GUI and move into the more scriptable side, so you can gain more control over your stack more effectively.

Another +1 for Cloudflare. They’re selling the domain at their wholesale rate, which is generally cheaper than everywhere else. There’s also many DDNS clients as well as an API to allow you to roll your own (which is what I did).

If pre-built media server solutions doesn’t work for your use case, then you’d need to create a custom site.

For the most part, ISPs tends to care more about:

1. Covering their butt legally — if they don’t know you’re engaging in anything like piracy, then it’s not really their concern; and
2. Ensuring their network stability — if you’re within your contractual usage limits and not using disproportionate amount of traffic causing other customers problem, then your network security is your problem.

As such, as long as the intended sharing audience are limited to only people you trust, and you put the content behind authentication w/ encryption (I.E. https), no one other than the intended recipient would know what you’re sending over the wire. That is as long as none of your users leak their credentials/report you for the content you’re sharing… which, a media server solution wouldn’t protect you from either.

Perhaps it is listed in reverse chronological order; edit, check content, change permissions (for deployment)?

Sometimes it is worthwhile to be mindful of users’ instances… dude you’re replying to is from one of those instances.

I finally just deployed it as a test. So far so good. Was able to setup a WebAuthN only flow, so passwordless as I hoped, but the flow isn’t as smooth as FusionAuth’s social flow. Authentik seems to have each stage as an individual page, so lots of full page refreshes as opposed to just click redirect redirect and done. I’ll be toying around a bit more and see which one I end up settling with.

Thank you!!

Archive.is has been throwing forever Cloudflare challenge loops for me the last couple days. Would you mind sharing the original pre-archive link?

Speaking of archive today; since yesterday or so, I’ve been getting nothing but the cloudflare challenge loops. I recall maybe four or so years back, they were adamantly against cloudflare, and if one were to use 1.1.1.1 for DNS, it would refuse to load or throw errors. I wonder what’s happening behind the scenes?

That is indeed mind boggling. Thank you for sharing this with me. I did not realize it is that thin out there!

Last I checked, which was honestly two or more years prior, CloudFlare doesn’t handle second level sub domains (I.E. a.b.domain.ext) properly… when I tried it, I could make the DNS records, it did resolve, but the certificates didn’t work. I don’t know if that has since changed.

Second on if affordable, I’d buy it… and I don’t even code much anymore. For anything that doesn’t need to be rapidly refreshed (I.E just about anything that’s not watching/editing videos or playing games), this will be so much more comfortable for extended use!

Wouldn’t friction (however little in deep outer space) eventually decay the crafts way before Earth is engulfed by the Sun?

I’m skipping over Authelia. Social federation is important for me because I do not want to deal with password (see also the WebAuthN bit). Last thing I want is trying to maintain and keep up-to-date a separate service that’s supposed to keep my other services secure, but becoming a single point of failure for my password(s) (so same goes with no self hosting password manager).

Do you mind touching on the integration issues you mentioned? What was the problem, and what were the side effect as result of it?

How is Authentik? Do you like it? Are their feature set currently available to all? I’m using FusionAuth and really like the setup/workflow, but they’re keeping WebAuthN behind paywall and I’d rather not pay so much for just myself and my family.