TedZanzibar

joined 1 year ago
[–] TedZanzibar@feddit.uk 5 points 1 week ago

First one, on the 3DO. Small selection of exotics and sports cars, realistic (for the time) point-to-point road races with no music to obscure the engine noise, and an annoyingly/amusingly sarcastic rival racer that was obviously just one of the devs.

Each car had its own showcase video followed by a detailed specs sheet with a very enthusiastic voiceover explaining why you should be excited to drive this car. Even the courses had the voiceover treatment.

It truly was a love letter to cars and driving that has never been equalled, and is very telling that it's the only one to have had Road & Track branding. Every subsequent NFS game has been so in name only.

[–] TedZanzibar@feddit.uk 1 points 1 week ago

These are really cool, thank you. Added Spook and used it to clean up some broken entities.

[–] TedZanzibar@feddit.uk 0 points 1 week ago (1 children)
  1. Sure but there's no reason to openly advertise that yours has open services behind it.
  2. Absolutely. There are countries that I'm never going to travel there so why would I need to allow access to my stuff from there? If you think it's nonsense then don't use it, but you do you and I'll do me.
  3. See point 3.

We all need to decide for ourselves what we're comfortable with and what we're not and then implement appropriate measures to suit. I'm not sure why you're arguing with me over how I setup my own services for my own use.

[–] TedZanzibar@feddit.uk 2 points 1 week ago (1 children)

Yes and no? It's not quite as black and white as that though. Yes, they can technically decrypt anything that's been encrypted with a cert that they've issued. But they can't see through any additional encryption layers applied to that traffic (eg. encrypted password vault blobs) or see any traffic on your LAN that's not specifically passing through the tunnel to or from the outside.

Cloudflare is a massive CDN provider, trusted to do exactly this sort of thing with the private data of equally massive companies, and they're compliant with GDPR and other such regulations. Ultimately, the likelihood that they give the slightest jot about what passes through your tunnel as an individual user is minute, but whether you're comfortable with them handling your data is something only you can decide.

There's a decent question and answer about the same thing here: https://community.cloudflare.com/t/what-data-does-cloudflare-actually-see/28660

[–] TedZanzibar@feddit.uk 15 points 1 week ago (7 children)

Admittedly I'm paranoid, but I'd be looking to:

  1. Isolate your personal data from any web facing servers as much as possible. I break my own rule here with Immich, but I also...
  2. Use a Cloudflare tunnel instead of opening ports on your router directly. This gets your IP address out of public record.
  3. Use Cloudflare's WAF features to limit ingress to trusted countries at a minimum.
  4. If you can get your head around it, lock things down more with features like Cloudflare device authentication.
  5. Especially if you don't do step 4: Integrate Crowdsec into your Nginx setup to block probes, known bot IPs, and common attack vectors.

All of the above is free, but past step 2 can be difficult to setup. The peace of mind once it is, however, is worth it to me.

[–] TedZanzibar@feddit.uk 1 points 2 weeks ago

Check out Grip: Combat Racing for a modern take on Rollcage. I haven't played it since early access, though, so I've no idea if it's any good.

[–] TedZanzibar@feddit.uk 3 points 3 weeks ago

Dolby Atmos at no extra cost, except the headset is 10 bucks more than the old version. Seems to me like Dolby Atmos support actually costs 10 bucks.

[–] TedZanzibar@feddit.uk 5 points 3 weeks ago (1 children)

I do that a lot on my phone but keep forgetting it's a thing on desktop for some reason.

[–] TedZanzibar@feddit.uk 3 points 3 weeks ago

Better than using what? All I see is a bunch of stars.

[–] TedZanzibar@feddit.uk 2 points 1 month ago

It's quite normal as chip manufacturing improves and die sizes shrink. Smaller dies need less power and therefore run cooler, it's a win-win. It's also how the various slim models of consoles suddenly appear a few years after the regular version came out.

[–] TedZanzibar@feddit.uk 8 points 1 month ago

Presumably streamed via xcloud, which previously needed a separate app.

 

We have a bunch of shutters in our living room that don't have any kind of remote control, nor a rod to operate them - you just move any of the individual slats and the rest follow suit.

Is there anything out there that could make these smart? I'm really struggling to find the right terms to search for.

Update: Turns out they are plantation blinds which has helped me to find the sort of thing I'm after. Cheers, Emperor!

 

Quick overview of my setup: Synology NAS running a whole bunch of Docker containers and a couple of full blown VMs, and an N100 based mini PC running Ubuntu Server for those containers that benefit from hardware acceleration.

On the NAS I have a Linux Mint VM that I use for various desktoppy things, but performance via RDP or NoMachine and so on is just bad. I think it's ultimately due to the lack of acceleration, so I'd like to try running it from the mini PC instead but I'm struggling to find hypervisor options.

VirtualBox can be done headless, apparently, but the package installed via Apt wants to install X/Wayland and the entire desktop experience. LXC looks like it might be a viable option with its web frontend but it appears to be conflicting with Docker atm and won't run the setup.

Another option is to redo the machine with UnRaid or TrueNAS Scale but as they're designed to be full fledged NAS OSes I don't love that idea.

So what would you do? Does anyone have a similar setup with advice?

Thanks all!

Edit: Thanks for everyone's comments. I still can't get LXC to work, which is a shame because it has a nice web frontend, so I'll give KVM a go as my next option. Failing that I might well backup my Docker volumes, blat the whole thing and see what Proxmox can do.

Edit 2: Webtop looks to be exactly what I was looking for. Thanks again for everyone's help and suggestions.

 

Specifically from the standpoint of protecting against common and not-so-common exploits.

I understand the concept of a reverse proxy and how works on the surface level, but do any of the common recommendations (npm, caddy, traefik) actually do anything worthwhile to protect against exploit probes and/or active attacks?

Npm has a "block common exploits" option but I can't find anything about what that actually does, caddy has a module to add crowdsec support which looks like it could be promising but I haven't wrapped my head around it yet, and traefik looks like a massive pain to get going in the first place!

Meanwhile Bunkerweb actually looks like it's been built with robust protections out of the box, but seems like it's just as complicated as traefik to setup, and DNS based Let's Encrypt requires a pro subscription so that's a no-go for me anyway.

Would love to hear people's thoughts on the matter and what you're doing to adequately secure your setup.

Edit: Thanks for all of your informative replies, everyone. I read them all and replied to as many as I could! In the end I've managed to get npm working with crowdsec, and once I get cloudflare to include the source IP with the requests I think I'll be happy enough with that solution.

 

I work in tech and am constantly finding solutions to problems, often on other people's tech blogs, that I think "I should write that down somewhere" and, well, I want to actually start doing that, but I don't want to pay someone else to host it.

I have a Synology NAS, a sweet domain name, and familiarity with both Docker and Cloudflare tunnels. Would I be opening myself up to a world of hurt if I hosted a publicly available website on my NAS using [insert simple blogging platform], in a Docker container and behind some sort of Cloudflare protection?

In theory that's enough levels of protection and isolation but I don't know enough about it to not be paranoid about everything getting popped and providing access to the wider NAS as a whole.

Update: Thanks for the replies, everyone, they've been really helpful and somewhat reassuring. I think I'm going to have a look at Github and Cloudflare's pages as my first port of call for my needs.

 

Hey there, my local instance has had two admin posts pinned for the last 6 months-ish and they show right at the top of my Subscribed, Local, and All views. I can't imagine they're going to get un-pinned any time soon, so it would be great to get a feature where we can hide them.

Thanks for the consideration!

 
view more: next ›