🇨🇦

  • 14 Posts
  • 306 Comments
Joined 3 years ago
cake
Cake day: July 1st, 2023

help-circle




  • Fair points.

    I’ve been lucky enough to have never been behind cgnat, so I keep forgetting about it.


    My bigger concern with tailscale is being required to install software on the client. Not every device I use, I have permission to install a vpn client, nor would I want to.

    For example, I have a fileshare using Filebrowser where I store work related files that I don’t want to loose access to or need access to from multiple machines (non proprietary info, stuff IT/MGT wouldnt get mad at me for ofc. I’ve actually cleared it with my managers, so no worries). That’s also a handy way to (temporarily) share large files with people or provide a way for friends to upload large files to me.

    I also like to access my emby server (using sufficiently limited accounts), from things like the TV in the work break room, or a friends PC while I’m visiting.

    Tailscale is a hurdle that I just don’t need/want.



  • You don’t need a static IP, you just have to keep track of what your current dynamic IP is.

    You can do this with either a free or a paid DNS service.

    There are a few different ‘free dns’ services that will delegate a subdomain of theirs to you at no cost. Admittedly, I’ve never actually used one of these so their names escape me. Hopefully someone else can point one of those out if that’s what you really want.


    I purchased a domain via google domains, when they existed. It’s now transferred to squarespace, because they bought out google domains a few years ago.

    It was around $13/year when I first got it a decade ago. It’s now around $28/year.

    This allows me full control over the domain: I can use as many subdomains as I want to give each service I use it’s own unique name. (Instead of using their own separate ports that you’ve gotta remember) My domain will also forward all inbound email to my gmail account; this lets me use email addresses like <servicename>@mydomain.example. This way, I don’t share my real email and can immediately tell who sold my info to the highest bidder when I get spam. (I could also host my own email service if I really wanted, but I haven’t bothered)

    Add Cloudflare ontop (for free); and it can filter out known attacks, ddos attempts, geofence your services to regions you’ll actually be in, provide/autorenew ssl certs for https, show you usage analytics, cache static data reducing server/network load, etc.

    Ultimately, the paid option is well worth it IMO. $2/month (which I typically pay in 3-10 year blocks) is hardly anything.

    /edit; vpns are good and all, but they require you to setup software on the remote device to connect to it, and that typically routes most if not all your traffic back to the vpn server then out to the internet. That can create speed/bandwidth issues.

    A domain allows you to access your services from any Internet connection with 0 configuration on the client side. Just accessing it like any other website.

    I also host a vpn directly from my network, that I access/find via my domain. This means I’m not dependent on a public service like tailscale, but can still add additional security to access private only services (stuff I don’t expose to the open internet)





  • If I hit somebody that steps into the street then it’s my fault no matter what.

    This is not at all true. If someone steps out in front of you with little or no time for you to react, they’re just as much at fault. It will be much easier to argue that you’re to blame, when you’ve intentionally disabled the saftey device that would have alerted them to your presence though.

    Even if it was true however: Just because it would be your fault doesn’t mean you should increase the chances of it happening.

    Besides, most people wear earbuds when walking around town.

    This is entirely your own false perception. Many if not most people don’t wear headphones near traffic, or at least only wear one, so that they can still hear their suroundings.

    Regardless; Some people choosing to blockout sounds is no excuse for you putting everyone else in danger.


    You should fix this, or you should be cited for willful public endangerment and the vehicle towed+impounded.



  • https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

    TL;DR Your router sees you trying to reach your external address and routes the connection back to your LAN without leaving the network.

    This does still depend on a functional internet connection however, as your client gets your public IP from a public DNS server over the Internet.

    If you were to run a DNS server locally (I use pihole for this), you could have that DNS respond with your local IP, allowing clients within your LAN to resolve the name without needing to reach out to public DNS. This means your local connections will still work when your internet is down; it also provides more privacy by keeping those requests local and can let you make local-only names that aren’t publicly listed.

    Of the ~28 FQDNs in my setup, only 4 are public. The rest is local/vpn only and not publicly listed due the above. The reverse proxy then drops all connections that don’t use one of those recognised names, before even completing the TLS handshake. (So direct connections from someone port scanning my IP or using a domain name someone else has pointed at my IP are completely ignored/dropped without response. The server doesn’t even send the TLS cert so as to not expose the names defined in it.)


  • proof of the kid and parents thing

    Spend some time around todays parents and their young kids. It’s so incredibly common to see small kids (I’m talking 2-8y/o) just completely enticed by a screen, ignoring everything else around them, and screaming their heads off whenever it’s taken away. It’s become a bit of an epidemic, with many many article’s and videos discussing the topic.

    Here’s the first result I got on YouTube: (having just now listened to it while typing this comment, it actually does a descent job explaining the problem) https://youtu.be/QE_E9Q9jVzU Feel free to do further searching yourself…

    It’s not limited to just children either, they’re just the most susceptible.