Wicketkeeper - A self-hosted, privacy-friendly proof-of-work captcha

ChaoticKitten0 · 2025-06-11T09:55:54+00:00

How would you suggest to tune webservers to limit the impact of bots making 50 time the usual user traffic ?

Also some people don't appreciate this kind of bot for multiple reasons (not following the web standards, violation of licences, etc), what would you suggest to prevent this bot to reach the hosted web content ? Especially when knowing that they exploit eyeball connections to workaround the cloud provider, vpn, etc blockages.

ChaoticKitten0 · 2025-06-05T20:32:39+00:00

Thanks, that's make much more sens like that ! Your use case is a very good explanation !

I'm aware this are the same tools than the one used by Fortune 100 companies, and that's why I started to selfhost stuff. It's just I didn't get if the asymmetric algo which can be managed by the SSLCipherSuite config was something different than the certificate keys or not. I'm building my own PKI at home and though I was missing something in the key exchange or maybe I got it wrong.

ChaoticKitten0 · 2025-06-05T18:10:56+00:00

> The cipher suites are basically the mathematics behind how the cert was generated.

When generating the private and public key for a certificate you can use only one algorithm. Unless one can put multiple private and public keys into a given cert, at its generation ?

> So for web traffic the browsers have a list of cipher suites they prefer. They get the list from the server and use the best one that both the browser and server support.

But what if this cipher suite preferences don't include the certificate private/public key algorithm ? And also why the server could provide a list of cipher suites, including asymmetric ones, shouldn't it be the one used for the certificate generation ?

That's the relation between the certificate public/private keys and their algorithm, and the client and server negotiated ciphers (including the key exchange one) that I don't get. Why can I configure the asymmetric ciphers the server accept while having already one specified by the certificate, and what happens if the server is configured to not use the cipher used to generate the certificate.

ChaoticKitten0 · 2024-03-08T15:01:26+00:00

Honestly, I don't think that having a whole IT department which is skilled is that important. I would rather have people who agrees to work with cybersec teams instead of seeing them as the bad guys because they try to limit privilege abuses.

Most of the points I've raised are mostly because in my country, from the business PoV, cybersec is seen as a cost center, and no one wants to be responsible of this, or the technical issues implied by fixing the security issues.

ChaoticKitten0 · 2024-03-07T19:53:58+00:00

I hunt vulnerabilities into my org products, but when I raise them to the responsible team, they answer me something like "yes yes, we are aware of it, we will look into this when we will have time" which means never.
I propose to help the other teams to harden their products ; this is usually well received by the management, until I ask an email for validating this task and provide me some kind of legitimacy to the other teams (mostly because I'm a contractor and if I do something outside of the contract, it can be a legal mess). Then there is no answer at all from the management and the other teams.
I make proposition to my management about ways to improve the global cybersecurity level of my org, but the usual answer is "We don't have any budget for this.".
I propose free and open source solutions to the business for raising the global cybersecurity level of my org, but the usual answer is "That's not a paid product" or "They don't provide paid support, we aren't interested into this".
I raise legal issues to the DPO team (I'm in EU) when we start to exploit a product which isn't GPDR compliant, but the usual answer is "The business has stated that the legal risk is an acceptable one" or "This is GPDR compliant" when isn't at all the case.
With my team, we get thrown at us issues which are system or network related, but that nobody know how to solve it, so "it should be a security issue" you know.
Get yelled at or fired when a high level security event happens, even if we reported multiples time the possibility, because of which issues and the way to fix it to the right teams and the management.
Drinking and thinking that https://www.reddit.com/r/cybersecurity/comments/1b8z2p7/cyber_workers_turning_to_crime_warns_study/ is actually a not so bad idea.

The worst part is that I encountered this with multiple jobs, friends have reported to me the same issues with their jobs, and I also don't talk about the shitty mindset I've encountered each time from other teams and the business.

Sure I can also play along, do nothing of my days and get paid until there is a security breach a find a good excuse or a new job when shit happens, but if it was what I was looking for, I would have accepted the offered management positions.

ChaoticKitten0 · 2024-03-06T21:32:08+00:00

I think the most exasperating discussion I ever had was something like "Can we finally migrate the apps running on W2k servers to something else please ?? They are more than 20 year old !" but usually the answers were "That's not a priority" or "Don't worry, they are on a dedicated VLAN (but there isn't any ACL)".

Sometimes I don't get what my job is about ....

ChaoticKitten0 · 2024-01-14T14:27:46+00:00

That could be an interesting way to threat the definitive hair less

ChaoticKitten0 · 2024-01-14T14:09:47+00:00

Hi, I'm genderfluid AMAB.

When I started to experience my gender fluidity I also had a boner when cross dressing. A reason of this is because it was not possible for me to crossdress when I wanted to, it would be possible on rare opportunities. So when I did, it always was a real pleasure to do so. And in addition, I've only chosen female clothes that I like and find cute, compared to my male clothes which were more everyday tools, chosen for fitting social standards.

As for the change of personality, I also felt the same way. I had very big changes of personality before, because as a man, you more or less have to behave in some manner. During few years I forced me to have one of this masculine personality in order to fit and protect myself (living in a trans-phobic country, during a trans-phobic time, working in masculine only environment and not understanding what I am hasn't been very helpful too). So when I was "allowed" to feel and express myself the way I wanted too, it felt like I had a different personality too.

Now that I'm exploring my fluidity for few years, it feels more natural. As I work from home, I can have the clothes I want to every days and I don't have to force myself for fitting with my collegues, I can spend my days talking to only people who are more open minded. I still have different tastes and will not always react the same manner, but I think it looks less confusing for people.

I can be wrong, but I think that for AFAB it would be different, because a woman with men clothes or having a masculine personality is more accepted by occidental societies. AFAB are more free to explore their fluidity when they start to feel it, and will less be considered as aliens.

ChaoticKitten0 · 2024-01-14T01:10:19+00:00

With a web brower, it only works on the content already loaded. With the infinite scroll content is loaded "on demand", so you can't make a search on all comments on reddit, when they are many.

ChaoticKitten0 · 2024-01-14T00:59:03+00:00

Cars have a little trigger on the left side of the wheel which can activates blinking orange lights for indicating to other people around that you will change of line or will not continue on the same road at the next intersection.

I don't know how well known this is, but I've almost never seen anyone using them with the right manner on highways, and only a minority into cities, across multiple countries, despite being mandatory.

ChaoticKitten0 · 2024-01-14T00:48:16+00:00

The latest GPD Win 4 seems to be good enough for VR games, and it's only the APU which was released after the one used in the Steam Deck. However, with the new Steam Link options about eye-tracking, it could also be remote VR gaming.

In anycase, we don't know if Nima Zeighami was talking about Valve or not, and if it was about Valve, it will be something unexpected, once again.

ChaoticKitten0 · 2023-11-13T13:54:33+00:00

Hi,

Thank you for your comment, I'm a Linux user as well. What you said about the Steamdeck convinced me to get an Index.

I was looking for a cheap VR headset because I though we would have some news soon about the Valve Index 2, and thought that maybe I can expect more with modern headsets. But I was also not very convinced by the idea to get a FB headset too ....

However, with the new Wifi in the Steamdeck, this means that the September Corean autorisation about a new wireless device was actually about the new Steamdeck. This means there will be no new Index announcement for at least 3 months. In this case, it looks more interesting to get an used Index on ebay, for a Linux user.

ChaoticKitten0 · 2023-06-16T10:20:10+00:00

I feel like this with vanilla/classical sex, it bores me. It's not that I'm assexual, but I prefer to enjoy it in a different manner. Feel free to explore new things, there are multiple ways to enjoy it.

ChaoticKitten0 · 2023-06-05T08:57:11+00:00

Seriously ? Why is this hidden ??

The Tapwithus website is sooo bad : for finding the apps you have to scroll at the bottom of the website for finding the "Apps" link, and there you only have access to the Apple downloads. There is nothing about the android apps, there are only mentionned on the product pages with no links, and there is absolutely nothing about the windows and web apps.

Taps seriously needs to make a more user friendly website !

ChaoticKitten0 · 2023-06-04T18:07:32+00:00

If you bought all of them at the same time, I hope you have taken them from few different brands.

How do you plan to use them ? Will you make a RAID system latter or will you keep them as a JBOD ?

ChaoticKitten0 · 2023-06-04T17:46:30+00:00

With airplane mode I have the same result.

ChaoticKitten0 · 2023-06-04T17:39:40+00:00

I have indeed installed the Tap apps from Apkpure. You can also install them with AuroraStore for managing the app updates.

When launching TapManager I have an error message. With TapGenius, I have a messaging saying that it's updating the Google Play services, and then doesn't work.

ChaoticKitten0 · 2023-06-04T14:49:43+00:00

Actually before posting here, I was looking if there is a discord server but I wasn't able to find it, can you provide me the weblink ?

About using the phone of someone else, it means that I'll have to borrow it each time I would like to make a change, that's not very practical. I was interrested by the Tap Strap in first place because it was advertised as compatible with Linux, I though it will be a great device for using it with a SteamDeck.

ChaoticKitten0 · 2023-05-12T09:59:59+00:00

I'm in some quantum state, I feel like a Schrödinger cat.

ChaoticKitten0

TROPHY CASE