Your ISP might make you go through another layer of NAT. Can you find the WAN IP address of your router and compare it to your public IP address from a website such as ipinfo.io ?
If they do not match, you're probably out of luck and will need to forward your port from an actually public IP in order to achieve what you want
More details : CGNAT (Carrier Grade Network Address Translation) is basically a second router between your router and the public internet. This second router is configured in the same way as your personal one, the main difference being that your ISP fully manages it. From the viewpoint of this second router, your WAN IP is a private IP, and you share one actual public IP with several other customers (the same way all devices on you LAN share one single WAN IP)
Performing port forwarding from the public internet to your LAN, when behind a CGNAT, would require you to be able to configure a forwarding rule in the ISP's NAT, which you usually cannot do.
Migrating all my IPv4 stuff (firewalls, VPN, routing tables, etc) to IPv6 is probably the one thing I've procrastinated for the most time in my life :/
Something's odd with the numbers from fediverse observer. Numbers shown in monthly graphs should be about 30 times higher than numbers shown in daily graphs, but they are about the same
A blog post I wrote got shared there a while back, but I did not ask for an invite back then. 2 years later, and I don't feel legitimate to ask for an invite anymore
KOReader is by far better than the crappy stock firmware from Kobo. While the interface is not the prettiest, it still has a lot of advantages :
it adds the ability to browse the filesystem (how do people use an e-reader without folders ?)
loading medium to large PDFs takes ages in kobo's stock UI, while it's almost instant in koreader
there are a bunch of plugins you can add to koreader
While I really hate Kobo's stock UI, I still recommend getting one if you like truly owning your hardware. It's really easy to enable ssh access and then it's just regular Linux. It's even possible to run an X server and launch Linux graphical apps on the e-ink display (not quite usable though)
Having a certificate for any subdomain has implications for other sibling domains, even without a wildcard certificate.
By default, web browsers are a lot less strict about Same Origin Policy for sibling domains, which enables a lot of web-based attacks (like CSRF and cookie stealing) if your able to hijack any subdomain
On January 28, 2015, the ACME protocol was officially submitted to the IETF for standardization.[28] On April 9, 2015, the ISRG and the Linux Foundation declared their collaboration.[9] The root and intermediate certificates were generated in the beginning of June.[29] On June 16, 2015, the final launch schedule for the service was announced, with the first certificate expected to be issued sometime in the week of July 27, 2015, followed by a limited issuance period to test security and scalability. General availability of the service was originally planned to begin sometime in the week of September 14, 2015.[30] On August 7, 2015, the launch schedule was amended to provide more time for ensuring system security and stability, with the first certificate to be issued in the week of September 7, 2015 followed by general availability in the week of November 16, 2015.[31]
So we'll have another anniversary to celebrate in nearly a year
I did not have the money to pay the insane amounts these greedy for-profit certificate authorities asked, so I only remember the pain of trying to setup my self-signed root certificate on my several devices/browsers, and then being unable to recover my private key because I went over the top with securing it.
I was exited to read about the recent surge of brute force attempts I received from IPs my fail2ban has not previously seen, but this is just a generic piece from 6 months ago :(
Thank you for the link. I've seen it posted a few days ago.
The caching proxy for this tutorial should easily work with any tile server, including self-hosted. However, I'm not sure what the benefits would be if you are already self-hosting a tile server.
Lastly, the self-hosting documentation for OpenFreeMap mentions a 300GB of storage + 4GB of RAM requirement just for serving the tiles, which is still more than I can spare
I did not expect such a detailed code review (the fact that you wrote it on mobile impresses me even more), but I strongly agree with everything you mentioned. I think I was so caught up learning GLSL and its quirks, then playing and experimenting with the simulation, that I "forgot" my coding standards. Anyway, I'll make sure to take some time to update both the code and the article following your recommandations.
Thank you for the feedback. I had a lot of fun playing with the model (and still have some improvements on my mind that might require porting it outside of Shadertoy)
Is there any part that was especially hard to understand ? I'm trying to make it as clear as possible for developers without a scientific background.
I can recommend some stuff I've been using myself :
Dolibarr as an ERP + CRM : requires some work to configure initially. As most (if not all) features are disabled by default, it requires enabling them based on what you need. It also has a marketplace with a bunch of modules you can buy
Gitea to manage codebases for customer projects. It can also do CI but I've not looked into it yet
Prometheus and its ecosystem (mostly promtail and grafana) for monitoring and alerting
docker mail server : makes it quite easy to self host a full mail server. The guides in their doc made it painless for me to configure dmarc/SPF/other stuff that make e-mail notoriously hard to host
Cal.com as a self hostable alternative to calendly
Authentik for single sign-on and centralized permission management
plausible for lightweight analytics
a mix of wireguard, iptables and nginx to basically achieve the same as cloudflare proxying and tunnels
I design, deploy and maintain such infrastructures for my own customers, so feel free to DM me with more details about your business if you need help with this
Thank you. I'm definetly gonna check it out