mTLS is great and it’s a shame Firefox mobile still doesn’t support it.

I’m pretty sure walk-in ovens, like walk-in freezers, are supposed to have a few safety features like interior handles that open regardless of any outside lock, alarms, etc.
This is certainly suspicious af.

Build one lane for each person.

have a nice cakeday

Who’s Dave?

Hey there’s 2 of us.
I wouldn’t care if my property stagnated or dropped in value if it meant people could afford a better life.
It only has said market value when I’m selling and I don’t intend on selling, probably ever.

I’d rather have a young family as neighbors instead of some management company doing the bare minimum maintenance and let it slowly crumble while milking renters. It’s a better community.

In a selfish roundabout way I’ve started giving a hand to the new renters nearby that I like and help them with small things that their landlord won’t fix.

10 hours is a fucking long ass time.
There’s no reason not to have called shuttles to get these people to their destination way before that.
They could have walked the rest of the way in less than that.
Utter lack of emergency response, let alone preparedness.

I’m sure they’ll receive a lousy apology email from the CEO about how they care and are deeply sorry (but still won’t fix their shit), and how this is an exceptional situation (but for which they have an email template).

I love trains, trains are great, but ViaRail needs to get their fucking shit together.

I hear ya.
I get 1-6 meetings in the same time slot, people don’t care to check so I don’t care to show.
I decide which meetings are important for actually moving stuff forward and screw the rest.

There’s only ever one guy who complained to my boss…
I didn’t show up for a meeting for a Friday 7pm, invite sent at like 4:58pm the same day for some inane and absolutely not urgent subject.
I saw that invite come in, chuckled, closed my laptop, went home and ignored it.

Later that night, the guy went nuts and CC’d everyone’s bosses because he had wasted the full hour and obviously no one showed up to his meeting “even though I made sure to check everyone’s calendar and everyone was available and you’re all unprofessional”.

I don’t do emails notifications on phones as a rule unless you wanna pay my rate 24/7, but I had forgotten to do my time sheet so I was logged in doing that…

I dabble in a bit of passive aggressiveness in the face of corporate bullshit, so I finished my timesheet and hit propose new time… Sunday 3:21 am…
“Checked your calendar and it was available. Sorry for the inconvenience.”
Closed my laptop and fucked off.

The guy went nuclear over several emails.
Sent a quick email to my boss “Just a heads-up, I think I angered someone by not attending their 7pm meeting they sent at 4:58pm and proposing an equally ridiculous time”

Never heard from the guy again and the next week he wasn’t in the company AD anymore.

Probably went full tilt cookie monster in the coke jar or something.

Pfff, there’s barely any double-booking in that calendar.

Source:
I sacrifice myself to the useless meeting altar so that others can focus on actual work in peace.

USB 3 micro B

Haven’t had to use port forwarding for gaming in like 30 or so years, so I just looked up Nintendo’s website…

Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1024 through 65535

LMAO, no thanks, that’s not happening.

For your question, you could likely route everything through a tunnel and manage the port forwarding on the other end of the tunnel.

Oh no…

Amazon can get fucked if they try and retaliate.

Hmmm… There are as many ounces in a cup as there are bits in a byte.
Maybe the first byte fit in a cup.

Sad that this is even a thing to begin with.

Ultimately, do whatever you think you’ll be able to keep up with.
The best documentation system is useless if you keep putting it off because it’s too much work.

It can be in git even if you’re not doing ‘config as code’ or ‘infrastructure as code’ yet/ever.
Even just a text file with notes in markdown is better than nothing. Can usually be rendered, tracked, versionned.
You can also add some relevant files as needed too.

Like, even if your stuff isn’t fully automated CI/CD magic, a copy of that one important file you just modified can be added as necessary.

are you alright?

I can appreciate someone voting for their ideals rather than for their interests.

Yea, if anything it makes good practice.
Swapping hard drives in the larger data pool isn’t as daunting anymore.
Although, I gotta be honest, swapping drives in the zpool from which proxmox boots itself is still a bit iffy to me.
I had to set a reminder, because otherwise I won’t do it often enough.

Personally I use a ZFS pool in my Linux homelab that’s been rock solid. However the pucker factor would be high if a drive fails.

I use a ZFS pool for my home stuff too.
To minimize the pucker factor, I have an extra drive of the same capacity and I rotate through them in the mirror pool.
It makes good practice replacing and resilvering drives and since it’s a mirror it’s also kind of an offline backup.
Also, I had bought the initial drives at the same time and figured rotating though them would minimize the odds of failing around the same time.
I’m much less wary of the whole thing now that I’ve resilvered the drives several times.

Are you trying to recover data here?
Seems like you didn’t use it and (maybe?) don’t have data to lose here?

Yea I’ve been using nextcloud for a while and it’s fine.
I remember when I used owncloud before nextcloud was even a thing and the upgrade experience was absolute shit.
These days it’s just fine.

Live TV is absolute garbage

High-income households would tend to be the biggest winners, lower-income households hurt the most

As is tradition.

I know big companies are selling your data, but I wouldn’t hadn’t imagined it like this.

What’s nice is it provides a similar level of protection to using a VPN with PKI, but just for that specific subdomain. While a VPN would be have to be connected manually before use (or all the time), this is built-in.

The odds of someone breaking through the mTLS and breaking through that application’s security at the same time are much smaller than either separately.
If you don’t have a valid cert, you’re dropped by the reverse proxy before anything even gets passed to the server behind it.

I’m a big fan of it.

Not really, although now that I have certs for those anyway, maybe I should.
More like I’m using some services on the go that I want to always work, whether I’m on the LAN or on the go.
Opening home automation or 3d printers to the Internet is unwise to say the least.
mTLS in the reverse proxy for those allows me to have more security without having to establish a VPN first.

I’m just doing mutual TLS to authenticate clients which I use the pricate CA for.
I could use the orivate CA for the server instead of lets encrypt and trust that on devices, but letsencrypt is easy enough and useful for other things that I open publicly. mTLS avoids needing a vpn for more sensitive services

I run a private CA for client SSL.
For traditional server SSL I just use let’s encrypt, although I already have the domain (less than $10 a year) for my public facing stuff, and just use a subdomain of that one for my homelab.

I have a container with openssl for the private CA and generating user certs as well as renewing the let’s encrypt ones. I just use openssl without anything fancy.
The output folder is only mounted rw in that one container
I only ever mount the subfolders in read-only in other containers that need those certs.
All these containers are running on the same server so I don’t even have to copy anything around, the containers don’t even need connectivity between them, it’s just mounted where needed.

I configure nginx with text condig files.
No clue how or where that is in your setup, but presumably somewhere where you configure the proxypass and server names.

in nginx:

server {
...
location / {
    ...
    proxy_pass https://redacted.......;
    proxy_pass_request_headers on;
    proxy_pass_header   Set-Cookie;
    proxy_set_header HOST $host;
    proxy_set_header Referer $http_referer;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
  }
}

I think the was a trusted proxy setting in owncloud itself that needed to be set too, or maybe I’m thinking of another service.

You need to forward the real IP from nginx.
I’ll upload an example when I get off work

Yea, you got it.
This problem is mostly a downward spiral.

Checked baggage sucks in general, even though it’s where the airlines charge today’s premium, the service is absolute shit. It’s either late, super late, damaged or lost. You can’t really win here.

There was never enough room for everyone’s max-sized carry-on to begin with.

People started to bring bigger carry-ons because checked baggage sucks and airlines crammed more seats in the same airframes, making carry-on space even worse.

Most people wouldn’t mind forgoing the carry-on, or bringing a smaller carry-on, if they could reliably get their undamaged checked luggage on time at their destination.

Layovers where you have to grab your checked baggage inbetween flights is just annoying.

Me? I’ve always preferred traveling light, not just for the flight, but I generally don’t wanna carry half the shit the average traveller brings with them.

Now, the airlines could mostly fix this by making the checked baggage experience less shit.
We all know that’s unlikely though.
They’ll just charge you premiums for the carry-on and change nothing else.

Next logical step is checked-in travelers, where they put you in a box in the cargo area.

If the checked in baggage experience wasn’t absolutely shit, this wouldn’t be such an issue.
I don’t think I’ve ever gotten my checked in shit in less than an hour.
Everyone’s carry-ons are often oversized as shit these days though.

Too late 😅

Un criss de bon point

Sure, let’s keep feeding the white elephant. 🙄

“I think it shows really how sad it is here. I mean people are – rightfully so – so committed to staying in the city that there is a market for stuff like this,”

“Rightfully so” is such a cope.

let his soaked woolen mittens freeze to the ice and put all his remaining energy into a single big attempt which worked.

That’s pretty fucking smart under pressure.

If anyone is at all surprised by this, I have a few bridges for sale.