• 0 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 4th, 2023

help-circle


  • The typical way involves something outside your network acting as a proxy. Your home network VPNs to this proxy, then the proxy sends requests down to your homelab.

    I used a VPS and a VPN, I would connect to the VPN endpoint on the VPS, and then route all traffic back down to home.

    You can also run a reverse proxy on the VPS, so it does TLS for clients, and speaks to the servers direct over the VPN.

    Another option is things like Cloudflare tunnels, which means cloudflare does the “VPS and VPN” part of the above, but the tradeoff is that your have to trust cloudflare, rather than yourself (may be a positive or not depending on your perspective).

    Lastly you could use something like tinc (which needs something on the outside to act as a negotiator) to form a mesh between NAT’d devices.







  • I have a Windows AD domain and have my preferences and some apps as GPOs.

    In the server world we use Ansible, or in some cases maybe PowerShell DSC.

    Ansible is much more focused on Linux and orchestration, but does have some support for Windows, and DSC is for Windows Servers.

    Both use YAML or similar structured config to impart a state, e.g.

    - name: Install Firefox
      Ansible.builtin.package:
        name: firefox
        state: present
    

    Meaning that ansible does the legwork to make sure FF is installed.








  • The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.

    That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.

    Android is a mobile phone OS, not desktop / embedded Linux.


  • NRoach44toLinuxWhat exactly does systemd do?
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    1 year ago

    One thing that people miss - either out of ignorance, or because it goes against the narrative - is that systemd is modular.

    One part handles init and services (and related things like mounts and sockets, because it makes sense to do that), one handles user sessions (logind), one handles logging (journald), one handles networking (networkd) etc etc.

    You don’t have to use networkd, or their efi bootloader, or their kernel install tool, or the other hostname/name resolution/userdb/tmpfiles etc etc tools.



  • NRoach44toFirefoxFirefox 115 released
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    1 year ago

    So allowing any random, possibly compromised, possibly installed by malware, add-on to run during the Firefox account login pages (see the list of URLs in this thread) isn’t a security concern to you?