TCB13

TCB13 , 1 month ago to selfhosted in HTTPS on homelab (just locally)

Just be aware of the risks involved with running your own CA.

You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.

For what’s worth, LetsEncrypt with DNS-01 challenge is way easier to deploy and maintain in your internal hosts than adding a CA and dealing with all the devices that might not like custom CAs. Also more secure.

TCB13 , 1 month ago to selfhosted in HTTPS on homelab (just locally)

Just be aware of the risks involved with running your own CA.

TCB13 , 1 month ago to selfhosted in HTTPS on homelab (just locally)

Yes, LetsEncrypt with DNS-01 challenge is the easiest way to go. Be it a single wildcard for all hosts or not.

Running a CA is cool however, just be aware of the risks involved with running your own CA.

You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.

TCB13 , 1 month ago to selfhosted in Help setting up OpenWRT for extra router

I want the WAN coming in from the router from the Pi’s Ethernet port, and the LAN coming out as Wi-Fi. I may also stick an additional Ethernet adapter to it in the future.

Can you try to explain this a bit more?

TCB13 , 1 month ago to linux in Which distro do you find the most visually appealing?

Anything with GNOME is visually appealing but unfortunately the usability is pure garbage. KDE is the exact opposite and Xfce is quick but sits on an awkward place.

TCB13 , 1 month ago to linux in Getting IP address for LXD/Incus for ssh

You can run full GUI apps inside LXC containers and have X11 deal with the rest. Guides here and here.

TCB13 , 1 month ago to linux in Getting IP address for LXD/Incus for ssh

Well, it’s a container, in most situations you would be running as root because the root inside the container is an unprivileged user outside it. So in effect the root inside the container will only be able to act as root inside that container and nowhere else. Most people simply do it that way and don’t bother with it.

If you really want there are ways to specify the user… but again there’s little to no point there.

<span style="color:#323232;">lxc exec container-name --user 1000 bash 
</span><span style="color:#323232;">lxc exec container-name -- su --shell /bin/bash --login user-name
</span>

For your convenience you can alias that in your host’s ~/.bashrc with something like:

<span style="color:#323232;">lxcbash() { lxc exec "$1" -- sudo --login --user "$2"; }
</span><span style="color:#323232;">
</span>

And then run like:

<span style="color:#323232;">lxcbash container-name user-name
</span>

TCB13 , 1 month ago to linux in Getting IP address for LXD/Incus for ssh

What do you do if you want to find the IP address of an instance, but incus list does not give you one?

If that’s the case then it means there’s no networking configured for the container or inside it. The image you’re using may not come with DHCP enabled or networking at all.

I often just find the IP of the container and then ssh in as that feels natural, but perhaps I am cutting against the grain here.

You are. You aren’t supposed to SSH into a container… it’s just a waste of time. Simply run:

<span style="color:#323232;">lxc exec container-name bash # or sh depending on the distro
</span>

And you’ll inside the container much faster and without wasting resources.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

And that’s okay, however those same people are the ones saying Windows is unusable because it would take a very long time to disable analytics. This is the thing, people aren’t consistent.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

No. It means if you upgrade a system from 21h2 to 22h2 Microsoft may have added new stuff in there that you’ve to review because if you connect it the internet right away those new “features” may connect to them.

Consider this example: Windows 11 before and after the Copilot shit. You can completely disable Copilot and other AI features using group policy however if you’re on the “before” version you can’t disable the feature because it isn’t there already, if you upgrade, the features would be there with defaults and on the first boot it might great you with a “welcome to copilot” that will connect to Microsoft.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

I am assuming that is on purpose?

Most likely, “normie” don’t even know Enterprise exist…

With that said, you may find links here:

massgrave.dev/windows_10_links

Business ISO includes both Pro and Enterprise versions. On the same website you can find activation tools including HWID that will give you a valid digital license for your hardware that will survive a reinstallation of windows.

Just as a note if you’ve any Windows 10 Pro machines around you can upgrade them to Enterprise by just changing the key to a generic one under settings. A clean install of Enterprise would be better but you can still do it that way if you don’t want the trouble / spend more time with it.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

Never seen that guide. Does it actually work?

Yes, best results with Enterprise.

It won’t implode, and it becomes a zero maintenance OS.

Windows out of the box is full of crap but we all know that a lot of large companies use it and Microsoft is kinda forced into making it feasible enough for those companies. If you’re managing let’s say 500+ machines you can’t deal with the bullshit that comes with Windows 10 Home / Pro and systems that break every week.

There are also a lot of govt agencies and private companies with very strict security policies that can’t just allow Windows to connect to MS and leak information around. If you simply disable what you don’t need by following that manual things will really work out.

On the corporate world those changes are typically applied using AD, however, if you apply them manually in group policy they’ll stick and you won’t be bothered. Don’t forget to check the link every time there’s a major version because they usually add stuff.

I installed Windows 10 Enterprise 1709 on my main desktop in 2018 and applied the stuff documented there… I’ve been upgrading since then and it’s currently running 22H2 just fine. No policy regressions like some people claim.

Microsoft is forced to provide ways for big customers to make Windows usable and those aren’t going away anytime soon, they’ve a financial incentive to do so.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

Linux is great, and does a lot of stuff right… however…

I just don’t get the people around there sometimes. They’re okay with spending 1000+ hours jumping between 30 different Linux distros and customizing their DE, dealing with Wine / virtualization crap. BUT they aren’t able to Windows 10 Enterprise and read the manual to get a clean usable system in 1/1000 of the time and effort.

How ironic.

TCB13 , 1 month ago to linux in Why do you still hate Windows?

The ads in win10 pushed me to the limit

Never seen them. But Microsoft does document how to disable everything you would like to.

I don’t just don’t get why do the same people who bitch a lot about Windows (not you) are unable to install Windows 10 Enterprise and read the manual BUT they are able to jump between 30 different Linux distros and spend 100x more time customizing their DE and dealing with Wine / virtualization crap. Ironic.

TCB13 , 1 month ago to linux in RegreSSHion Mitigation Debian Stable?

I know, I know, but trust me that a lot of people believe that they don’t issue security patches fast.