Perhyte

It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware.

For TLS-based protocols like HTTPS you can run a reverse proxy on the VPS that only looks at the SNI (server name indication) which does not require the private key to be present on the VPS. That way you can run all your HTTPS endpoints on the same port without issue even if the backend server depends on the host name.

This StackOverflow thread shows how to set that up for a few different reverse proxies.

If there happens to be some mental TLS handshake RCE that comes up, chances are they are all using the same underlying TLS library so all will be susceptible…

Among common reverse proxies, I know of at least two underlying TLS stacks being used:

• Nginx uses OpenSSL.
  • This is probably the one you thought everyone was using, as it’s essentially considered to be the “default” TLS stack.
• Caddy uses crypto/tls from the Go standard library (which has its own implementation, it’s not just a wrapper around OpenSSL).
  • This is in all likelihood also the case for Traefik (and any other Go-based reverse proxies), though I did not check.

There was some kind of incident between the artist and a camera woman. The exact details aren’t public, AFAIK.

This is probably the only type of rules violation that could be fixed by creating another account, so this was exactly my thought.

Then they probably wouldn’t say it was okay to make another alt though.

Aurora is no longer maintained, but it still works just fine. It’s a Windows app, so not web-accessible or anything, but it’s free. It only contains the SRD content by default (probably for legal reasons), but there’s at least one publicly-accessible elements repository for it that you can find using your favorite search engine.

If they have the root access typically needed to reboot a server¹ they could also just wipe the logs without rebooting.

¹: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

That domain currently hosts a “this domain may be for sale” page, but it’s been registered since 2005 so it’s definitely not because of this post.

Two words: underfloor heating.

When walking around barefoot, warm tiles are so much nicer than cold ones.

Is that why I haven’t had any problems? I thought it was either Google A/B testing again or my ad blocker updating often enough to keep up, but I do have a user-agent changer installed in Firefox that’s configured to tell YouTube I’m on Chrome…

There may not have been much to tell until it actually started, which was one day before the start of this month (modulo time zones, it was held in UTC+04).

It’s an annual thing apparently (except during the height of the pandemic) and this was the 28th time, hence the “28” in the name. Presumably they’ll hold COP29 next year, and now you’ve heard of that one about a year beforehand! 😛

If a deaf person decides to get an implant, or their (hearing?) parents decide for them, and later decides they no longer want it then it’s pretty much reversible, right? They can just not turn it on, or perhaps even have it removed again?

This article is talking about gene therapy, not an assistive device. It’s probably a much more permanent decision.

Given the state of US politics, what are the odds a “commitment” like this will survive the next election cycle?

Additionally, HTTPS if very easy to set up nowadays and the certificates are free¹.

¹: Assuming you have a public domain name, but for ActivityPub that’s already a requirement due to the push nature of the protocol.

According to Halioua’s post, breeding large dogs for their size caused elevated levels of IGF-1, a hormone that promotes cell growth. Though this hormone contributes to the animals’ great size, it also hastens their aging. LOY-001 reduces the levels of IGF-1 in large and giant dog breeds, extending healthy life spans.

Would that also cause them to grow to smaller sizes? (I suppose that may depend on whether this drug is administered before or after the dog is full-grown though)

Viaplay. In my country (the Netherlands) the only reason anyone’s heard of them (AFAIK) is that they have the rights to broadcast Formula 1 races here so they get a lot of signups at the start of the racing season, and a lot of cancellations at the end of that season.

AFAIK docker-compose only puts the container names in DNS for other containers in the same stack (or in the same configured network, if applicable), not for the host system and not for other systems on the local LAN.

I have a similar setup.

Getting the DNS to return the right addresses is easy enough: you just set your records for subdomain * instead a specific subdomain, and then any subdomain that’s not explicitly configured will default to using the records for *.

Assuming you want to use Let’s Encrypt (or another ACME CA) you’ll probably want to make sure you use an ACME client that supports your DNS provider’s API (or switch DNS provider to one that has an API your client supports). That way you can get wildcard TLS certificates (so individual subdomains won’t still leak via Certificate Transparency logs). Configure your ACME client to use the Let’s Encrypt staging server until you see a wildcard certificate on your domains.

Some other stuff you’ll probably want:

• A reverse proxy to handle requests for those subdomains. I use Caddy, but basically any reverse proxy will do. The reason I like Caddy is that it has a built-in ACME client as well as a bunch of plugins for DNS providers including my preferred one. It’s a bit tricky to set this up with wildcard certificates (by default it likes to request individual subdomain certificates), but I got it working and it’s been running very smoothly since.
• To put a login screen before each service I’ve configured Caddy to only let visitors through to the real pages (or the error page, for unconfigured domains) if Authelia agrees.

I believe on the free ARM instances you get 1Gbps per core (I’ve achieved over 2Gbps on my 4-core instance, which was probably limited by the other side of the connections). What you say may be correct for the AMD instances though.

The Tasks.org android app (and Astrid, its predecessor) have been my external brain for over a decade now. Reminders which automatically repeat on a configured interval (if necessary) are just extremely useful.

I don’t use it for actual appointments with other people (dentist, game night with friends, etc.), those go in a calendar app¹. But one-time reminders and everything that’s even remotely on a timed interval (household chores, paying bills, scheduling car maintenance², “check if a new book is out in that series I like”), those live in my tasks list.

I then use the Todo Agenda widget to show both calendar appointments and tasks in a single overview.

¹: Google Calendar in my case, which is not open source. But something like NextCloud would probably work too.

²: The task is to make an appointment with my car guy. The appointment itself then gets put in my calendar app.