If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.

But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)

Something like this should work:

admin off 

servers {
		client_ip_headers X-Forwarded-For X-Real-IP
}

app.example.com {
    reverse_proxy 127.0.0.1:8080
}

app2.example.com {
    reverse_proxy 127.0.0.1:8081
}

api.example.com {
    reverse_proxy 127.0.0.1:8082
    header {
        Access-Control-Allow-Methods "GET, OPTIONS"
        Access-Control-Allow-Origin "*"
    }
}

Also modders had reversed all relevant code at some point (at least to the extend of this function does X) and then offered those symbols (=their class names, method names,… And where to find them in the bytecode) for others to mod the game. Later Mojang even released the official symbols, but at that point everyone was already using the community made ones. IIRC they kept releasing these symbols for every new version since then which drastically sped up modding compatibility for those versions.

So I think it’s not completely unexpected that they’d do this since the most important information was already oit in the open.

Go ahead and give them your Social Security number, and see what happens.

“Socially I’m rated 3/10, but for security I’m an 8/10. Now that I’m replying to this, I think my security score just dropped a bit, though.”

I mean… Is it really spying? Your company can detect which AP or Switch you’re connected to (or if you’re using a VPN from home), so they do have that data anyways.

Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)

It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.

I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.

Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.

Wasn’t it also some kind of DNS problem on top?

Just use the terms as every layman does:

• Dumb X <- offline/manual/no app (or none that works if you’re not in your home network/no cloud
• Smart X <- requires a increasingöy more costly monthly subscription, spies on you and shits itself on the thought of losing internet access. Usually yields worse results than Dumb X

PC / General:

• Nextcloud with Collabora Office CODE Server for Filesync and Online editing. I also setup STUN and TURN for Nextcloud Talk, which I use to groupcall friends for virtual board game nights. And I use Deck as a Kanban-Board.
• Bitwarden/Vaultwarden - I do not need to say more, I think.
• Firefox + uBlock Origin. This combo also works on mobile, so… Good Bye ads!
• Thunderbird. Also available on Android. Though Thunderbird Mobile is the same as K9 Mail, but reskinned IIRC.
• PiHole (at least in my home network). Same as above, but also (somewhat) blocks ads in proprietary apps/devices. Even works on the ad supported tier of streaming services to at least reduce ads.
• SearXNG - Meta search engine, that you can self host. There are public instances, but if you want full control over the available feature set/ available search engines, etc. just host it yourself.
• I host a private instance of an unofficial open source web app of the board game Terraforming Mars, as one person in our game group has incompatible hardware for the official implementation. One of the options for the mentioned virtual board game nights.
• Jellyfin. My BluRay Player died. I had most of my library ripped anyways, so… I finally got around to set it up.

On Android:

• DAVx5 and ICSx5 to Sync contacts and calendar with my Nextcloud.
• Etar Calendar. It’s a simple calendar. Just a simple “no bullshit” app. I like it.
• Firefox/uBlock Origin/K9 Mail
• Signal/Threema/SchildiChat(Matrix) - secure messengers
• OSMAnd/Street complete/Organic Maps - all three are Open Street Map apps. OSMAnd is the killer-app that does everything. Organic Map for a more streamlined experience. Street complete, to quickly contribute to OSM by doing “quests” (= answer questions) in your surroundings to fill in incomplete data. (Street names, types of streets, house numbers, opening times, is X still here?,…)
• Shattered Pixel Dungeon. Roguelike Dungeon Crawler, high quality. Looks easy, but hard to master.
• Lichess - Chess app/plattform.
• Öffi - Germany centered, but also somewhat usable in other places. Open Source public transit app, with many integrations of local and national networks. The developer has had some problems with Google and their app review process (IIRC regarding donation instructions?), so better to get it from FDroid, where updates are not blocked by some company policy…

Hey everyone has a learning opportunity. Some even have a separate production system!

Remember “After Dark”?

Possible. On the other hand, modern games a crammed full of analytics. Wouldn’t be hard to send signals for every secret and then check if any game has reported those in question as found yet.

According to that bill, does a wss connection count as a securely tunneled connection? If so, that’d break several webapps LOL.

This is a nice demonstration - and it probably isn’t even much work to run this segment in the show. Those people do not think about covering their tracks, as they do not have “anything to hide”. Also you only need to find a few easy targets in the whole audience group.

As for shooters and such - some have a message to broadcast with their actions and make it easy to link those posts to them. Others may not grasp the amount of tracking and surveillance and may be just bad at covering their tracks. Also they probably didn’t factor in OpSec that much. Granted, they might cover up in the days or weeks before, but there may still be some (years) old posts that they didn’t think about that makes them easy to identify.

@maki@discuss.tchncs.de - I finally got around to be on my PC, so… Maybe this helps? Thats basically my setup on podman. I hope I didn’t break anything, when I scrubbed the files from secrets and also removed everything related to all other deployments (especially the Caddyfile). See the included Instructions.md

https://gist.github.com/elvith-de/fecd13bb05209fb7abf5ae473483534b#file-instructions-md

I’m also using podman to host SearXNG on a cloud vps. If you’d like, I can provide you my quadlet and config files to get it running with podman’s systemd generator.

With those you can just systemctl enable/disable/start/stop/restart searxng. Also my files do have podman’s auto update activated for the SearXNG stack.

Edit: There’s also a matrix room for SearXNG if you need help: https://matrix.to/#/#searxng:matrix.org

uwsgi isn’t used anymore since a change from about 2 months ago IIRC, so this file will probably not be created.

GMT+3 would like a word

By the way, it’s completely open source (GPL-3.0)

Yeah. When they announced the new Silent Hill I was somewhat interested - although I felt the peak was back then with SH2. But having read about the remaster of SH2 and some reviews that said, it’d return to the roots? Nice!

Then I saw a streamer play it early, watched a bit and it looked promising. So I went to wishlist it. Then the release day comes and steam lists it for 70 bucks (available in two days) or 90 bucks now. Well, no. Let’s see how long the price will be that high, but WTF? I don’t wanna know what’s the price on console for it - usually it’s 10-20 bucks more?!?