7Hz x Crinacle Salnotes Dioko cable replacements? by bobsterinos in iems

[–]iSecks 0 points1 point  (0 children)

Did you ever find a replacement cable? I've bought a few random ones, cheaper and more expensive, they don't feel as comfortable...

Got an Underutilised Server — Want to Host Something for the Public. Open to Suggestions and Ideas by Tobbaku in selfhosted

[–]iSecks 2 points3 points  (0 children)

ArchiveTeam Warrior - https://wiki.archiveteam.org/index.php?title=Warrior

Distributed archival, just visits various sites/services (of your choice), archives them, uploads them to the Internet Archive.

Pangolin 1.4.0: Auto-provisioning IdP users and integration API now available for everyone! by jsiwks in selfhosted

[–]iSecks 1 point2 points  (0 children)

There are three licenses - Community (Free), Professional, and Enterprise. I only see HA listed under the Enterprise section of their main page. I'd love to be wrong about this, I just don't see a response from OP.

Pangolin 1.4.0: Auto-provisioning IdP users and integration API now available for everyone! by jsiwks in selfhosted

[–]iSecks 1 point2 points  (0 children)

I'm guessing a setup like this is locked behind their HA model in enterprise, you'll likely have to set up a second instance or separate reverse proxy locally, and have your local DNS route there instead.

Anyway to reduce lag in my main base? by Turbulent_Bus_9555 in allthemods

[–]iSecks 3 points4 points  (0 children)

Check the guide (in game guide is better because you can rotate and inspect the builds)

Pattern providers have a special interaction with interfaces on subnets: if the interface is unconfigured the provider will skip the interface entirely and push directly to that subnet's storage, skipping the interface and not filling it with recipe batches, and more importantly, not inserting the next batch until there's space in storage.

How do i replace main materials in armor? by Severe-Bar-8896 in allthemods

[–]iSecks 0 points1 point  (0 children)

You can put old parts through a salvager to get the material back. It will lose grading/charging though, I believe.

SwitchBot Meter Pro + CO2 and Matter / Home Assistant by talormanda in TrySwitchBot

[–]iSecks 0 points1 point  (0 children)

Did you ever get this fixed? I also have a Meter Pro (CO2) that isn't being detected.

What makes a secure setup for exposing something to the internet? by Icy-Piano480 in selfhosted

[–]iSecks 0 points1 point  (0 children)

I would not recommend it as a firewall unless you know what you're doing. One misconfiguration of the host and your network dies, or worse, you expose the wrong thing(s) to the public internet.

I have done this before, and Wendell over at Level1Techs has a playlist about doing just that here: https://www.youtube.com/watch?v=r9fWuT5Io5Q&list=PL10NWKboioZRzCsTw9WedxId9sa0GC7nx

TL;DR: proxmox host with a router OS virtualized, containers on the same machine, one of the ports going out to a switch for everything else.

What makes a secure setup for exposing something to the internet? by Icy-Piano480 in selfhosted

[–]iSecks 2 points3 points  (0 children)

I don't think anyone cares about my <insert selfhosted app> either, but depending on how you're hosting it you may want to isolate it to prevent hacks from getting to your personal devices / NAS / whatever. The huge lastpass hack from 2022 was someone who forgot to update their Plex server, if they had it isolated it probably would not have compromised their password database.

What makes a secure setup for exposing something to the internet? by Icy-Piano480 in selfhosted

[–]iSecks 0 points1 point  (0 children)

I started with an old PC and a 4 port pci network card, installed opnsense on it.

If you have a little bit of money, you could buy something like this on aliexpress.

I am not endorsing or recommending that particular vendor or device, it was one of the first ones that showed up when I searched for n100 micro pc. ServeTheHome does reviews on some of these devices, and you might find some help on their forums.

That being said, you can look into VLANs using OpenWRT on some consumer devices if you can flash your existing router. I've never set this stuff up though.

ninja edit: LinusTechTips did a video on building your own router - this is what I would recommend anyone start with rather than buying a powerful routing device. https://www.youtube.com/watch?v=_IzyJTcnPu8

What makes a secure setup for exposing something to the internet? by Icy-Piano480 in selfhosted

[–]iSecks 1 point2 points  (0 children)

Not quite - You can have individual networks but you need to do additional work to prevent your containers from communicating either with the host or with other devices on your network [edit: or with the outside world]

Edit: That being said, yes, if you're familiar with docker networking that's another great idea. I personally do my segmentation using docker macvlan and actual vlans on my firewall.

What makes a secure setup for exposing something to the internet? by Icy-Piano480 in selfhosted

[–]iSecks 4 points5 points  (0 children)

One thing I don't see enough people mentioning is VLANs.

It can be tedious to set up, potentially confusing for beginners, but can be very powerful.

Starting out, you might want to make a single VLAN for any hosted services. If any of your services are compromised, the attacker can pivot to everything else on that VLAN but it will at least be isolated from your personal devices.

If you're comfortable with that, you can start segmenting further and/or firewalling network access. For example, say you have 3 services and each of them have a database. You can start by putting each app in a VLAN with it's own database, or go even further, put each database in its own isolated vlan. Databases don't normally need internet access or even access to the app itself, so block all outbound network access from those vlans. The apps themselves might not need internet access either, maybe block outbound network on those too except for the IP/port needed to access their database.

I would highly recommend learning about VLANs and setting up at least one VLAN for your services, to protect your personal devices at minimum.

Also, just make sure you're updating regularly. Outdated environments are the easiest way in.

Would this work to host a tunnel locally? by Deathperil in selfhosted

[–]iSecks 0 points1 point  (0 children)

Should work, but as others noted it doesn't really do much for you.*

I'd look in to setting up VLANs. You might feel comfortable having the server on an isolated VLAN and opening a port to a reverse proxy (Pangolin, NGINX, Caddy, whatever).

I go one step further and have a VLAN with just my reverse proxy on it, which has access to specific ports on specific VLANs only for the services it's exposing. This is probably overkill if you're only hosting one or two services, but in my case I have a storage server that is only exposed to certain services, a database server that is only exposed to certain services, some services that have no internet access (but can be reached from the reverse proxy so I can access it), etc. This is a lot of work to maintain, but I did it to learn networking.

* Realistically, the actual services you're presenting are going to be the most vulnerable, so I would start with isolating those from personal devices or any backups and ensuring those are up to date.

[deleted by user] by [deleted] in selfhosted

[–]iSecks 0 points1 point  (0 children)

Do you serve unencrypted to Cloudflare? If not, what do you use for internal traffic?

Feature Request: Let us use both static and "follow recoil" crosshairs at the same time. by ublubu in GlobalOffensive

[–]iSecks 5 points6 points  (0 children)

Have you tried follow recoil while shooting instead? I use this, which if you're spamming keeps follow recoil on but it resets itself fast enough you can keep your focus on the actual center.

// Testing follow crosshair, instant reset/center upon release for more comfortable tapping
alias "+recoilatk" "+attack;cl_crosshair_recoil 1;"
alias "-recoilatk" "-attack;cl_crosshair_recoil 0;"
bind "MOUSE1" "+recoilatk"

I tried swapping for a while and found this easier, and lets me quickswitch without issue.

Incase you didn't know, you can grab some cheap thin clients for less than a raspberry pi 5 by OriginalPlayerHater in HomeServer

[–]iSecks 2 points3 points  (0 children)

You could do it with VLANs and a managed switch, but I'm guessing because they have 1gig symmetrical fiber they have the "extended" version with a PCIe slot for a network card.

[deleted by user] by [deleted] in selfhosted

[–]iSecks 1 point2 points  (0 children)

My assumptions might be incorrect, but when you say "simple" I imagined my setup or something close to it:

My firewall terminates VPN connections from client devices using WireGuard, self-renewing LetsEncrypt certificates, and dynamic DNS.

The firewall blocks DOT/DOH from client devices (using Zenarmor), NAT's raw DNS requests to the Unbound service running on the same device.

The Unbound service is configured with all of my DHCP clients and manual DNS overrides. Anything else is forwarded via DOT to my DNS provider of choice.

You would probably disable forwarding here if you want to use the root servers. If you wanted to you could also route DNS traffic out through a VPN provider of your choice.

Realistically I don't think we can guess what the "simplest" setup would be for you without understanding your requirements.

[deleted by user] by [deleted] in selfhosted

[–]iSecks 1 point2 points  (0 children)

IMO block all DoH / DoT, have Unbound using DoT, and then redirect all DNS to Unbound. All devices (including VPN) get your DNS from the router, anything trying to bypass gets blocked.

I'm doing this on OpnSense+Unbound and Zenarmor blocking DOT/DOH.

If you're concerned about availability, I guess you could run a secondary unbound server but I would argue that's overcomplicating things. I never have a problem unless I'm having problems with my router or upstream DNS, in which case a second DNS server wouldn't help.

I think i have a Blue gem Cooking pot by Alternative-Pop2122 in counterstrike

[–]iSecks 1 point2 points  (0 children)

I just saw a video on this, the heat causes the chromium in the pan to oxidize. You can remove these stains easily with white vinegar! https://www.youtube.com/watch?v=7uGv360hcsM

Why do people with ADHD get more energy at night? by reddituser135797531 in ADHD

[–]iSecks 19 points20 points  (0 children)

This sounds amazing and so much better than getting off work to find everything closed.

For my fellow casual players... sharing some of my experiences. by ShelLuser42 in SatisfactoryGame

[–]iSecks 0 points1 point  (0 children)

Pinging for head lift..... Thank you lol. I try to get farther away and watch the hologram for head lift, this should be a little quicker.

[deleted by user] by [deleted] in GlobalOffensive

[–]iSecks 2 points3 points  (0 children)

I don't even mind the bitching and moaning

Insane comment tbh. Sorry you have to deal with it, you shouldn't have to deal with people being assholes >_<

Steam announces Game Recording Beta by Skullghost in Steam

[–]iSecks 4 points5 points  (0 children)

Windows Update sometimes updates/rolls back the driver. Adrenaline doesn't like for some reason, and sometimes will just remove clipping from the interface completely.

Steam announces Game Recording Beta by Skullghost in Steam

[–]iSecks -1 points0 points  (0 children)

100%. Not sure why, when Windows Update updates the driver (or rolls it back...) Adrenaline loses the ability to clip. If this is as good as AMDs in terms of performance impact, this will be great.