• 0 Posts
  • 49 Comments
Joined 2 years ago
cake
Cake day: June 26th, 2023

help-circle

  • Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.

    Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.

    Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.




  • Ya got three options.

    Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.

    Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.

    Option C is to buy a certificate from your DNS provider aka something like cloudflare.

    IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.

    I like helping and fixing stuff, if you’d like to know anything just ask :D


  • Most people don’t know but you can get the best of both. You can push for what called “community care” through the VA. If the VA admits there isnt a VA doctor close enough to you, they will send you to a private doctor of your choosing and pay for the whole thing.

    I was able to get back surgery by the best doctor in the region this way. I refused to work with the VA doctor due to a bad appointment. I waited weeks to see this doctor and he spent 5 minutes looking at my chart to say I was too young to be helped. Could’ve just told me over the phone. Went back to my primary and complained and they signed me up for community care since they were the only other in the area.



  • I wish I had setup an identity management system sooner. Been self-hosting for years and about a year ago took the full plunge into setting up all my services behind Authentik. Its a game changer not having to deal with all the usernames and passwords.

    In a similar vein, before Authentik, I used Vaultwarden to manage all my credentials. That was also a huge game changer with my significant other. Being able to have them setup their own account and then share credentials as an organization is super handy.



  • Lol naw TOW missile just looks like a gray puff when it blows up. Not as exciting unless the thing you’re hitting is full of fuel and ammo. Then the boom is what you think it would look like (fire ball and all that).

    Pink mist is for snipers. You’re so zoomed in from the scope you can actually see the splat and it looks like a pink mist. You can also achieve the same effect with large caliber weapons like a 25mm cannon. Interestingly enough, the Barrett .50 cal sniper that everyone knows is classified as a SASR, Special Application Scoped Rifle. Its not meant for people, its an “anti-material” weapon. You’re only supposed to use it to shoot out engine blocks.



  • Hurting people is wrong and should be avoided at all costs. Nothing cool about that.

    But when a tank is also full of fuel and ammo, the boom is much bigger lol

    I got lucky and shot around 15 to 20 for training. I lost track after 10. Some missilemen never get the chance to shoot one.

    Interestingly, I had that kill zone question asked to me by another higher up (different job) and it took me a long time to come to a conclusion. The kill radius is actually not defined in the manuals. There are zones for the shooter to ensure you don’t get hit with back blast, but usually it’s assumed that the vehicle you hit will be destroyed.

    Edit:

    To explain further, the missile doesn’t hit the target. It flys above it and uses the munroe effect to cause an implosion (not an explosion) that makes the vehicle explode from the inside out. First munroe charge punches a hole into the vehicle, second charge gets sucked in and blow it up from inside. YouTube munroe effect to see how that shape charge works.




  • People who play War Thunder want to know lol you can actually find cut outs that show the internals online. The TOW has been around for awhile.

    But the wires were for X and Y navigation. Theres an IR beacon that flashes out the back of the missile. The camera sees the beacon and when you move the controls the missile will follow. Theres a Russian T90 tank that has a defense system that spoofs the beacon. Looks like headlights, called the Shtora-1 check it out.

    Wire was made out of the thinnest, strongest metal I’ve ever seen. It would cut your boot if you snagged it and pulled, but it could be cut with scissors.

    If you lost a wire the missile would go erratic and would lose control depending on which wire was lost. Really depened on what youre trying to shoot over if you broke a wire. Can’t shoot over buildings.

    My favorite fact though, it flys above the tank! Search YouTube for a slow mo and you’ll see what i mean. Explodes from above.





  • The rules still apply to the host, just not inside the container. Docker is just ignoring the rules. If you block all ports but then have port 81 open like you do in that section of docker compose, you would think that UFW would block docker but thats not the case. Going to http://yourip:81/ will show then NPM gui, even if you specifically use ufw to block 81. If you only expose port 80 and 443, you should be fine. Your NPM container would have to be compromised then they would have to break out of the container.

    Also I think your issue is with your DNS. You should have an A record for the IP pointing to example.com and then a CNAME record pointing to sub.example.com