IHawkMike

IHawkMike , 5 days ago to Selfhosted in Cloudflare is bad. Youre right.

I know plenty account SNI already, but thanks. You might want to study more yourself, since we're being condescending.

https://blog.cloudflare.com/encrypted-sni/

IHawkMike , 9 days ago to Selfhosted in Cloudflare is bad. Youre right.

So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)

I'll trust Cloudflare over Comcast/AT&T/etc. any day of the week.

IHawkMike , 1 month ago to Technology in Just got an operating system update for my Galaxy S10 phone

Yeah, but that security patch level.

IHawkMike , 1 month ago to Selfhosted in Networking Gear Recommendations? (starting from scratch)

I believe you. I'm just saying their non-firewalls (i.e., switches and APs) don't have that limitation.

IHawkMike , 1 month ago to Selfhosted in Networking Gear Recommendations? (starting from scratch)

My firewall is a Fortigate 60F.

IHawkMike , 1 month ago to Selfhosted in Networking Gear Recommendations? (starting from scratch)

I would never use their firewalls/gateways, but their switches are pretty good for the price and their APs are decent (although tbh after 3 generations my next AP will likely be an enterprise Aruba).

That said, I still use Unifi in docker, everything is up to date, and nothing is requiring a sign-in to the cloud. Am I missing something? If it's just the firewalls, then I'm not surprised since I've never been remotely tempted to use them, but it sure isn't all of their devices.

IHawkMike , 1 month ago to Mildly Infuriating in Usernames in the Fedivers 😫

And what's wrong with asking that? Plenty of email platforms let you change your primary SMTP address and/or add/remove aliases.

It's a legitimate question. And it could be that the lack of ability to change it has a perfectly logical answer. It still wouldn't invalidate the question.

IHawkMike , 1 month ago to Technology in what if the hacker provided the public key for https connection?

In Chromium browsers you can simply type "thisisunsafe" to bypass even HSTS failures.

IHawkMike , 1 month ago to Technology in what if the hacker provided the public key for https connection?

They mean CAA records:

https://developers.cloudflare.com/ssl/edge-certificates/caa-records/

IHawkMike , 1 month ago to Technology in Ordered back to the office, top tech talent left instead, study finds

You need to demand a raise. And keep working from home.

IHawkMike , 1 month ago to Technology in Dell warns of data breach, 49 million customers allegedly affected

Right, because international hackers are going to mobilize boots on the ground across the world to steal your fucking Optiplex.

IHawkMike , 1 month ago to Comic Strips in I'm in!

I'm sorry, there isn't an option to arrange icons by "penis."

IHawkMike , 1 month ago to Selfhosted in Traefik conditional certificate for same URL

In that case, if CF is taking to Traefik and not the actual origin server, you just need to forget about the origin certs altogether and use LE certs in Traefik.

IHawkMike , 1 month ago to Selfhosted in Traefik conditional certificate for same URL

If you, Traefik, and your origin server are on the same network, then it's going to be one hop regardless of whether you're hitting the Traefik proxy or the origin server. If Traefik is serving up the origin server's cert and not the LE cert, then Traefik is misconfigured to pass through instead of proxy, but I'm still not sure that's the case as it's almost harder to configure it that way than the correct way as a proxy.

What IP:port is your origin server listening on, what IP:port is Traefik listening on, and how is Traefik configured to reach the origin server?

IHawkMike , 1 month ago to Selfhosted in Traefik conditional certificate for same URL

You said Traefik is getting certs from Cloudflare, but do you mean it's getting Let's Encrypt certs using a CF DNS challenge? And if that is the case, then your browser should trust the Traefik endpoint since LE certs are publicly trusted.

Are you sure you're hitting Traefik when you get a cert warning? You need to update your internal DNS if not.