27·
12 hours agoKnow what you’re running when you pipe to a bash script. Curl-bash pipes are a security mess.
- 12 Posts
- 272 Comments
Joined 2 years ago
Cake day: June 23rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·1 day agoDuty cycle.
Something that’s less annoying than Anubis is fail2ban tarpitting the scrapers by putting in a hidden honeypot page link that they follow, and adding the followers to fail2ban.
Why Radicale when you have a caldav-capable calendar in NC?
python3 -m http.server
1·6 days agoMaybe the repos don’t have non-free software that Devuan has? IDK, it’s not very obvious from the blurb on the webpage.
I wonder why that RoboNope doesn’t just make a fail2ban entry for anything that accesses a disallowed url and drop them entirely.
Actually this look like it would do something similiar, then dumps them to fail2ban after the re-access the honeypot page too many times: https://petermolnar.net/article/anti-ai-nepenthes-fail2ban/
deleted by creator
That last one always pisses me off. “It just gets out of my way”. Who sits there and interrupts their thought process because a window animation they’ve seen a thousand times before happens again?
It’s like Gnome tries to make it impossible to search for troubleshooting help on any of their core apps.
Papers
Manuals
Mail
Videos
Files
Disks
20F isn’t much of a fluctuation anyway.
Don’t expose anything outside of the tailnet and 99% of the potential problems are gone. Noobs should not expose services across a firewall. Period.
That sounds like the way to do it. It’s under your control and it’ll always work.
And it’ll be bricked when their app shuts down.
I don’t get the sudden interest in Filebrowser. Never heard of the project before it went into Maintenance, now it seems like everyone wants to use it.
For some reason, when I registered my phone number for delivery notifications, it made a passkey and registered it with my account. It never prompted me to save the passkey, so I had no idea where it was supposed to be used. I immediately deleted it because I was concerned I wasn’t going to be able to log in if I logged out without knowing what that passkey was and had it in my password manager.
If you’ve been using passkeys, you’ll need to generate new ones when you switch. AFAIK, they aren’t exportable from Google or Apple. Which, among other reasons, is why I’ll just stick to high-entropy passwords. I’ve had some sites like Amazon try to sneakily make me register passcodes, I’ve had to go back and tear them out before they screw me somehow.
I’m pretty familiar with TTech’s legacy, I just mention it because if the repos ever got compromised, it could be a shitshow. IDK what security measures the new maintainers use to secure their access or check PRs, but I get nervous when it’s as popular as it is and such a good vector for complicated installations that are hard to check out. I also don’t know the new maintainers from Adam.
Personally, I’d use the scripts as a guide for DIY.