Hey Google, how about you fucking fix voice so that “navigate to Dutch Bros” works for both Android Auto and just Android instead of randomly trying to open the Dutch Bros app?
Oh and maybe look at your voice to text quality and actually navigating to places correctly.
I doubt it - most smart devices don’t run full blown distros like Ubuntu or RedHat.
But some might?
As a bonus, if you go with newsgroups, you don’t have to expose anything to the internet!
Maybe I ditch my plans and just establish a VLAN for IoT and guests.
That’s a good starting point. Keep IoT away from your primary vlan (for all things holy don’t use VLAN ID 1). You can limit your outbound traffic for that vlan more easily if you want to cut your smart things off from the Internet.
Guest WiFi/vlan can be just a straight shot to the internet, probably no need for visitors to get to your internal services.
Eventually, you could add a DMZ where any Internet available systems like your VPN - with specific firewall rules only permitting VPN to specific locations inside your primary vlan.
It’s only the mini Pepsi cans iirc, so they aren’t as load bearing as I’d like. God willing, I’ll upgrade to fanta boxes one day.
A little late to the party, but here’s mine.
That’ll be part of the “concessions” that foreign made routers make to get approval.
Why the fuck else would the department of defense need to weigh in?
Man, I really should look into hacking my kona’s infotainment center.
it’s not security, just obscurity
IIRC for my setup it’s a bit of both. My DNS API key is scoped to only handle the specific subdomain updates instead of my entire DNS account.
I still use a wildcard for that subdomain for non-kubernetes systems, but the cert plugins for kubes is excellent at handling a LE cert per lan fqdn.
You don’t need to register a local CA
This was my biggest reason to move to Let’s Encrypt. I have a Hashicorp Vault instance in my homelab for secrets and I tried using it for an internal CA (like how the lab at work is set up), but trying to get on every device and add the full Vault chain to each individual system’s trust store was massive pain in the ass.
I do DNS challenges with let’s encrypt for either host fqnds (for my kubes cluster) or wildcard for the few other services.
The trick is to do a subdomain off of a domain that you own (e.g. thing.lan.mydomain.com) this way, you can scope the DNS to only *.lan.mydomain.com if you’re conscious about scoped api security.
Using let’s encrypt is nice because you can have a valid ssl chain that android, iOS, windows, and Linux all trust with their default trusts without having to do something with a custom CA (ask me how awful that process can be).
Jesus Christ people. Terraform has a plan output option to allow for review prior to an apply. It’s trivial to make a script that’ll throw the json output into something like terraform visual if you don’t like the diff format.
I’ve fucked up stuff with Terraform, but just once before I switched to a rudimentary script to force a pause, review, and then apply.
Someone else in here said the laws are confusing age verification for identity verification. If anything, I’d be okay with identity verification for banking as an additional check. (Plus my bank already knows what I spend money on)
They mention this in the article. The difference is that since the tire sensor sends out an RF signal, direct line of sight isn’t necessary. You could throw a tracker up on a roof and grab signals from a block over.
The missing part may be tying that signal to a specific car, but say your car gets pulled over - they could read your tires’ sensor ID and compare it to where they captured it and bam! Now you’re fucked.
I wonder if you could run it on a dedicated piece of gear like FlockYou…
My dog could have killed with what came out of his butt.
Yeah, in that case, I’d probably split my DNS duties. I started with internal resolution by having Pihole do hard coded DNS entries for internal systems, but my current setup seems to be much more resilient.
I have two PowerDNS servers (main and replica) with recursors to Open DNS internet servers and resolvers for my lab network. It plays very nicely with Terraform or (crucially lately) Kubernetes.
Could you do a subdomain for internal? Using Nginx host base routing to get to the same port would let you have a valid cert for both service.lan.your.fqdn and service.your.fqdn.
Let’s Encrypt wildcard certs for the *.lan.your.fqdn would simplify things.
Your DNA server could then resolve the lan fqdns to your internal network and the non-lan to your Internet exposed?
Why the fuck would we want to invade the country that made the world go, “uhh Canada you got a bit too creative during WWI - here’s the Geneva Convention”.
https://www.warhistoryonline.com/world-war-i/canada-germany-wwi.html
Yup, shared storage is a requirement. I’m using a combination of Ceph and NFS at the moment, but I wouldn’t recommend Ceph unless you’ve got a 10gb connection between nodes.
Here’s a guide to set up high availability with Proxmox: https://kiwicloud.ninja/2024/02/improved-high-availability-ha-for-vms-on-proxmox-ve-pve/
Got a few commands to try from a terminal:
curl https://google.com/ curl https://<your searxng fqdn>Try from the SearXNG terminal too.
Lastly, in the container with Apache, there should be some log directory, maybe
/var/log/apache2/? Try doing atail -f /path/to/error.log. You could also do something likedocker compose logs -fand (while tailing/looking at logs), try your search again.If all else fails,
sudo journalctl -xefand/orsudo dmesg -wTmay offer something interesting.