Mikelius

Looks my photo of Orion nebula! No but seriously, like 80% of the frames I took had satellite streaks. It's becoming a rather difficult target to photograph, at least relative to my place on Earth. Sucks to see this likely to become true for Hubble too.

I've got it setup automated on all my external domains, but trying to automate it on my internal-only domain is rather tedious since not only do I NOT want to open a port for it to confirm, but I have 2 other devices/services on the network not behind my primary reverse proxy that share the same cert.

What In need to do is setup my own custom cron that hits the hosting provider to update the DNS txt entries. Then I need to have it write and restart the services that use the cert. I've tried to automate this once before and it did not go so smoothly so I've been hesitant on wasting time to try it again... But maybe it's time to.

What would be ideal is if I could allow it to be automated just by getting a one time dns approval and storing a local private/public key to prove to them that I'm the owner of the domain or something. Not aware of this being possible though.

I'd hesitate disabling it altogether, unless you're absolutely certain nothing will need it. One suggestion I haven't seen mentioned is looking at the other sysctl options that might be tweaked. Check with netstat how many of those connections are stuck in established, close wait, time waiting, etc. It's possible you just need to lower the default values of things like nf_conntrack_tcp_timeout_established, for example. https://www.kernel.org/doc/html/latest/networking/nf_conntrack-sysctl.html - naturally, research anything you think you might want to change before you do.

Gawd yes I've been sitting on these things for like 3 years waiting for someone smarter than me to come up with something. Thanks for the share!!

Tor is definitely another option. For my personal use however, I have my entire network covered by a VPN so all outgoing traffic uses it.

I'm sure I could setup Tor to do the same, but I imagine my family and I would get blocked more heavily on sites, as well as get our bank accounts and such flagged or something.

Like many things, it obviously depends on your threat model.

Thank you so much for sharing this, you may have just saved me a miserable future if my system were to crash.

I try to read the updates they share every month with detail, but this one must have slipped through the cracks. This feels like another thing they should have been way louder about considering the problems it could cause someone who didn't know it flipped on without their interactive decision.

Ultimately being truly anonymous on the internet is pretty hard, and thus VPNs are mostly helpful for getting around region blocks for streaming services, not for obtaining more privacy.

I disagree.

There seems to constantly be two sides of the privacy discussion with public VPN options and they're both wrong on their own. It's correct that using a VPN on its own is not enough to keep you private online, fingerprinting being one example to why. However, not using a VPN but having no identifiable browser fingerprint doesn't either, since your IP is still a fingerprint too.

I like to give the following analogies:

1. Doing only an oil change on your vehicle but no other maintenance won't keep your vehicle running forever
2. Doing all vehicle maintenances except oil changes won't keep your vehicle running forever

If the goal is to be private, remember that a VPN is only one tool in a very large tool belt.

I have forks that are updated every night through a cron for these very reasons. But I didn't ever set it up for Android apps... Time to fork a whole lot more projects. sigh

Leave my recent "$20k and 80 hours of frustration for not getting parts you find out later you'll need" upgrade out of this!

Unnecessary rant: I actually just had to downgrade my 575(?) driver after spending a few days trying to troubleshoot a freezing laptop. One day I walked away when it happen and that actually gave me the logs I needed to find the Nvidia driver was freezing the machine and then spitting logs out after giving up 10 minutes later (but still keeping things frozen). Was driving me nuts, thinking my hard drive was seeing the light, even though all tests for it were passing with flying colors!

I'm hesitant to try this new version since I didn't see anything in the changelog about freeze fixes lol.

Daily on my Gentoo server, through a Cronjob every morning. It's a custom script though, so there's more than just doing an emerge update. It'll send me ntfy notifications for the update results, if there are new news items, and if there are any time config merge updates to make. A few other things as well but that's the main stuff.

Other servers, typically weekly or only manually when I ssh into them (for the ones I don't really feel the need to update frequently).

"Backfirewall_" from a little while back. A masterpiece that deserved more attention! Highly recommend to anyone here who is big on tech (especially programmers)!