Elvith Ma'for

The DNS provider needs to provide an API, but not an ACME server.

Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let’s Encrypt to use DNS based authentication. Let’s encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let’s encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.

I already use certbot with my DNS provider, so it should generally be supported. And indeed, O found the docs, where all supported providers are listed.

https://doc.traefik.io/traefik/https/acme/#providers

Does Trafik also allow DNS based challenges with additional certbot plugins, or does it only work by serving a challenge in /.well-known/?

I’ve set up my internal homelab with LE certificates, but if I could get rid of certbot and do this automagically, it’d be nice…

Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!

Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.

Security technicians: takes a deep swig of whiskey I wish I had been born in the neolithic.

IIRC you can send a PM with a command to the remindme bot and it lists all future timers. Not sure whether past timers are included, though.

I’m currently experimenting if I can convert my stack to rootless podman.

I found in my notes, that

A user-mode networking tool for unprivileged network namespaces must be installed on the machine in order for Podman to run in a rootless environment.

Podman supports two rootless networking tools: pasta (provided by passt) and slirp4netns.

Could this be your problem?

Taken from https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md

Very verbose and communicative? Check

A constant stream of checks for skill in persuasion, deception, intimidation, perception, insight and investigation? Check

Rolling dices? Uhm… Maybe?

…orm removal pill?

If done correctly, those may only be open from the internet, but not from the local network. While SSH may only be available from your local network - or maybe only by the fixed IP of your PC. Other services may only be reachable, when coming from the correct VLAN (assuming you did segment your home network). Maybe your server can only access the internet, but not to the home network, so that an attacker has a harder time spreading into your home network (note: that’s only really meaningful, if it’s not a software firewall on that same server…)

Instead of thinking with layers, you should use think of Swiss cheese. Each slice of cheese has some holes - think of weaknesses in the defense (or intentional holes as you need a way to connect to the target legitimately). Putting several slices back to back (in random order and orientation) means that the way to penetrate all layers is not a simple straight way, but that you need to work around each layer.

…But will it run DOOM?

Don’t forget to release the P-sides to every of your albums

We do have a defined standard to send IP packets with avian carriers. It was even adapted for IPv6.

According to Wikipedia:

IPoAC has been successfully implemented, but for only nine packets of data, with a packet loss ratio of 55% (due to operator error), and a response time ranging from 3,000 seconds (50 min) to over 6,000 seconds (100 min). Thus, this technology suffers from extremely high latency.

On 28 April 2001, IPoAC was implemented by the Bergen Linux user group, under the name CPIP (for Carrier Pigeon Internet Protocol). They sent nine packets over a distance of approximately 5 km (3 mi), each carried by an individual pigeon and containing one ping (ICMP echo request), and received four responses.

Script started on Sat Apr 28 11:24:09 2001
 $ /sbin/ifconfig tun0
 tun0      Link encap:Point-to-Point Protocol
          inet addr:10.0.3.2  P-t-P:10.0.3.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:150  Metric:1
     RX packets:1 errors:0 dropped:0 overruns:0 frame:0
     TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0
     RX bytes:88 (88.0 b)  TX bytes:168 (168.0 b)

$ ping -c 9 -i 900 10.0.3.1
PING 10.0.3.1 (10.0.3.1): 56 data bytes
64 bytes from 10.0.3.1: icmp_seq=0 ttl=255 time=6165731.1 ms
64 bytes from 10.0.3.1: icmp_seq=4 ttl=255 time=3211900.8 ms
64 bytes from 10.0.3.1: icmp_seq=2 ttl=255 time=5124922.8 ms
64 bytes from 10.0.3.1: icmp_seq=1 ttl=255 time=6388671.9 ms

--- 10.0.3.1 ping statistics ---
9 packets transmitted, 4 packets received, 55% packet loss
round-trip min/avg/max = 3211900.8/5222806.6/6388671.9 ms

Script done on Sat Apr 28 14:14:28 2001

Oh, that’s an easy one:

Just constantly stick your finger up your nose, scratch your balls, etc. Make them dirty, greasy,… You get it. If there are “better” means (e.g. food) available, use that. Then play dumb and try to use their computer as if it was a phone and try to do everything as if it had a touch screen. Smear it all over their screen. Cuss as the PC doesn’t react, try again, get visibly angry and irritated.

They’ll stop asking questions fast. Probably right after they realize what you did to the first PC.

• Daily incremental (and occasionally full) backup to an external HDD - a full image of my PCs, so that I should be able to restore anything back to what it was in the last ~14 days, assuming no ransomware or fire or…
• All the data I care about gets synced to my Nextcloud (VPS, not home lab) - somewhat ransomware protected as I could restore VPS backups independently from my PC.
• Most precious data (mostly photos) gets backed up regularly to an encrypted zip file and then gets send to a glacier tier S3 bucket. Some manual retention is done on the zip file level, so that I can get a tad older backup restored.
• At least monthly a full backup image of my PCs is created on a separate external HDD which is not stored at home, but in a place I could access 24/7 if I really needed to restore something fast.

Phones, etc? Just sync to the mentioned Nextcloud, PC downloads from there and everything gets then into the aforementioned backups.

Homeserver? See “PC” above. With the caveat that some VMs/containers are not in the backup cycle, as they do not store any valuable data besides temp files, etc. For these, only things like docker compose files, custom config, ansible playbooks,… are in my backup.

Wait until you discover the Nightcore version of it

I really like them but they do have two downsides for “more advanced” users (or at least for me) - it is a home device as after all.

1. No support for VLAN or VLAN tagging - you can set up you WiFi and a guest WiFi. You can also map the guest network to an Ethernet port. But that’s about it.
2. There is no way to change the DNS suffix (*. fritz.box) to another value - I do own a domain that I use for the local services on my home server, etc. which then allows for Let’s Encrypt certificates, but I cannot use it “out of the box”.

If you’re an advanced user, there’s plenty of ways around that, though. I just wished that these two thing were to exist in the firmware to have less work with my home infrastructure.

I have a spelling checker,
It came with my PC.
It plane lee marks four my revue
Miss steaks aye can knot sea.
Eye ran this poem threw it,
Your sure reel glad two no.
Its vary polished in it’s weigh.
My checker tolled me sew.
A checker is a bless sing,
It freeze yew lodes of thyme.
It helps me right awl stiles two reed,
And aides me when eye rime.
Each frays come posed up on my screen
Eye trussed too bee a joule.
The checker pours o’er every word
To cheque sum spelling rule.
Bee fore a veiling checker’s
Hour spelling mite decline,
And if we’re lacks oar have a laps,
We wood bee maid too wine.
Butt now bee cause my spelling
Is checked with such grate flare,
Their are know fault’s with in my cite,
Of nun eye am a wear.
Now spelling does knot phase me,
It does knot bring a tier.
My pay purrs awl due glad den
With wrapped word’s fare as hear.
To rite with care is quite a feet
Of witch won should bee proud,
And wee mussed dew the best wee can,
Sew flaw’s are knot aloud.
Sow ewe can sea why aye dew prays
Such soft wear four pea seas,
And why eye brake in two averse
Buy righting want too pleas.

Jerrold H. Zar.