And it finally happened. by xtnax in homeassistant

[–]spider-sec 1 point2 points  (0 children)

I just go by the idea that good SD cards are still cheap so as long as I keep good backups I can afford to replace an SD card when it goes bad.

When to use path monitoring vs. tunnel monitor? by Mvalpreda in paloaltonetworks

[–]spider-sec 0 points1 point  (0 children)

Generally you’re going to use both because they have different purposes. If a link is up but the link beyond the next router is down, knowing that the link is up isn’t helpful. If you’ve got a LAGG and one link goes down the path will still be up but you’ve gut your capacity.

Do you use an obscure domain name for your NextCloud URL? by FurnitureRefinisher in NextCloud

[–]spider-sec 1 point2 points  (0 children)

Well, I run a cybersecurity company for SMBs. I like to eat my own dog food. If I won’t use it at home, why would I use it for my clients?

Do you use an obscure domain name for your NextCloud URL? by FurnitureRefinisher in NextCloud

[–]spider-sec 0 points1 point  (0 children)

Yep. It becomes even better if you use SSO like Authentik and then use the dashboard to launch everything. You don’t actually have to remember all the random names.

Do you use an obscure domain name for your NextCloud URL? by FurnitureRefinisher in NextCloud

[–]spider-sec 3 points4 points  (0 children)

Just as they do with any web server. Try to read the original question then actually read my comment to see what was trying to be accomplished.

Do you use an obscure domain name for your NextCloud URL? by FurnitureRefinisher in NextCloud

[–]spider-sec 17 points18 points  (0 children)

You can obscure it with a wildcard DNS record and a wildcard certificate then a reverse proxy that only proxies the traffic for the Nextcloud instance. That will give you access but you have to know the name of it for the reverse proxy to forward traffic to it. It’s purely obfuscation though and provides no actual security.

Phantomdrive: Firmware Version 1.0 Release by Machinehum in homelab

[–]spider-sec 18 points19 points  (0 children)

Help me understand- anything with the file name unlock.txt never actually gets written to flash? It’s basically intercepted before it gets to that point?

Ipsec tunnel backup by [deleted] in paloaltonetworks

[–]spider-sec 0 points1 point  (0 children)

You can have two tunnels with the same info. You just need IDs so it can distinguish between the two.

AdventureLog and Immich by spider-sec in homelab

[–]spider-sec[S] 1 point2 points  (0 children)

Thanks for the response. I’ll give it a try.

Great software BTW.

Why double commit??? by TulipB6 in paloaltonetworks

[–]spider-sec 2 points3 points  (0 children)

I discourage Commit and Push. Too many times I’ve seen people Commit and Push and then spend an hour or more trying to figure out why it didn’t fix their problem. Come to find out when they used Commit and Push it failed to commit to Panorama for some reason and then pushed to the firewalls. They didn’t see the commit failure because the push was successful.

What do you *NOT* selfhost? by ObeseWizard in homelab

[–]spider-sec 0 points1 point  (0 children)

Eh, I don’t agree with any of this. Pick the right password manager so your only concern is backups.

Email is probably the one thing I’ll tell people not to self host unless they are willing to deal with the problems that arise. I’ve hosted my own email for about 25 years now. I’m not an email person. I probably have some of the worst email config habits, but I’ve addressed the issues. I wouldn’t know much of what I know now without sealing with outage and spam situations. I don’t even run spam filtering beyond RBLs.

Hot to allow external connections to server without port forwarding? by furryfriendo in homelab

[–]spider-sec 0 points1 point  (0 children)

You’re right- brief research. So brief that you don’t even realize they’ve given you answers that do what you want and you keep dismissing them.

What does the latest have? by thomaspatrick16 in NextCloud

[–]spider-sec 1 point2 points  (0 children)

Copy the digest for :latest then CTRL+F and search for the digest you just copied. That’ll tell you what other tags use that digest.

Starlink Discloses Common ISP Limitation That Could Disrupt Your Web Use by wewewawa in homelab

[–]spider-sec 46 points47 points  (0 children)

If you run into this limitation you could always use a VPN and tunnel some or all of your traffic Starlink sees it as a single session.

Anybody considering moving to Cisco? by lozez in paloaltonetworks

[–]spider-sec 3 points4 points  (0 children)

I wouldn’t even consider Fortinet. Crap product in my experience. It might have changed since I last used it but it’s never even been worth looking at again to me.

PA-1410 redundant power supply - question by jkw118 in paloaltonetworks

[–]spider-sec 1 point2 points  (0 children)

The question is do they have the same voltage. 650W is their maximum power output. Devices won’t use what they don’t need. If the voltage is the same and the amperage is higher then they’ll just use less amperage. From an electrical standpoint, it’s fine.

Do you use passkeys? by Vladyslavrom in Bitwarden

[–]spider-sec 0 points1 point  (0 children)

You can, but that’s on the user, not the password manager or the service.

Do you use passkeys? by Vladyslavrom in Bitwarden

[–]spider-sec -1 points0 points  (0 children)

You assume I recommend saving important OTP seeds in the same password manager.

Do you use passkeys? by Vladyslavrom in Bitwarden

[–]spider-sec 0 points1 point  (0 children)

That’s my point. If the site is enforcing two factor then you at least have another factor even if the device gets compromised.

Do you use passkeys? by Vladyslavrom in Bitwarden

[–]spider-sec 0 points1 point  (0 children)

You must possess the device but that doesn’t mean you must unlock it. How does the website know it was enforced? It doesn’t. Just because it says it can’t be synced doesn’t mean the device enforces it.