fsebugoutzone.org:9999

       Posts by simon_m@infosec.exchange
 (DIR) Post #AxEqMDIq4fZI13SNEG by simon_m@infosec.exchange
       2025-08-16T20:29:15Z
       
       0 likes, 0 repeats
       
       @futurebird Clippy tried to help without reading your data and sending it to &lt;insert SaaS provider here&gt;Louis Rossmann started the movement:https://www.youtube.com/watch?v=2_Dtmpe9qaQ
       
 (DIR) Post #Axfc7bGIYnVltDK8sy by simon_m@infosec.exchange
       2025-08-29T18:27:01Z
       
       0 likes, 0 repeats
       
       @wolf480pl @quad has bcachefs been added to mainline already?afaik the most sacred rule to Linus is to never break userspace. So I doubt that the feature will be removed entirely.
       
 (DIR) Post #AxfcGYENCOk75xgwRE by simon_m@infosec.exchange
       2025-08-29T18:28:38Z
       
       0 likes, 0 repeats
       
       @wolf480pl @quad hell is apparently freezing over
       
 (DIR) Post #AxfcPYJeFgW3xuS288 by simon_m@infosec.exchange
       2025-08-29T18:29:28Z
       
       0 likes, 0 repeats
       
       @quad @wolf480pl living on the edge
       
 (DIR) Post #Axfg1E9twaqIJcY4Ia by simon_m@infosec.exchange
       2025-08-29T19:09:04Z
       
       0 likes, 0 repeats
       
       @quad @wolf480pl @loke yea great throw him out of mainline linux so he can annoy multiple distro maintainers at the same time instead
       
 (DIR) Post #Ay5xU5QSF5DWxWb1Ga by simon_m@infosec.exchange
       2025-09-11T11:18:48Z
       
       0 likes, 0 repeats
       
       @quad vibe security 😱
       
 (DIR) Post #Ay5xfjNa2Huy3gnv1c by simon_m@infosec.exchange
       2025-09-11T11:16:53Z
       
       1 likes, 0 repeats
       
       @quad now with even less security!
       
 (DIR) Post #AyPTPrmE4s0yEou2t6 by simon_m@infosec.exchange
       2025-09-20T21:26:12Z
       
       0 likes, 0 repeats
       
       @wolf480pl Currently nginx snakeoil and ignore certs on the gateway to the outside, which does LE.Although I plan to do TLS termination at the service, have the gateway no longer do TLS and then per service decide whether to expose just well known or the service itself to the internet.
       
 (DIR) Post #AyPUUXkO4gtVWFpwxs by simon_m@infosec.exchange
       2025-09-20T21:28:16Z
       
       0 likes, 0 repeats
       
       @wolf480pl @simon_m Which means at the moment internal services resolve to the Gateway, not the service directly.
       
 (DIR) Post #AyPgUgxP206TX7lJAm by simon_m@infosec.exchange
       2025-09-20T23:52:42Z
       
       0 likes, 0 repeats
       
       @wolf480pl At the Moment, yes.
       
 (DIR) Post #AzQZFVo2YayZIZIg52 by simon_m@infosec.exchange
       2025-10-21T07:54:33Z
       
       0 likes, 0 repeats
       
       RE: https://mastodon.social/@geerlingguy/115409705950667434I am guilty as charged.
       
 (DIR) Post #AzQZFXG59p07npQaQa by simon_m@infosec.exchange
       2025-10-21T07:56:57Z
       
       0 likes, 0 repeats
       
       Also the quickest (and fairly easy) way to check if the DNS configuration is correct is to request a certificate using the acme protocol imho. So you don&#39;t have to wait for the cache to clear.
       
 (DIR) Post #B0NJ6RaJMLQfmUsNXs by simon_m@infosec.exchange
       2025-11-18T14:13:09Z
       
       0 likes, 0 repeats
       
       So what is it this time
       
 (DIR) Post #B0NJ71Tpttdl6q7iS0 by simon_m@infosec.exchange
       2025-11-18T14:12:32Z
       
       1 likes, 1 repeats
       
       Apparently cloudflare id down again
       
 (DIR) Post #B1VOz1nmqT0HoQ2GLQ by simon_m@infosec.exchange
       2025-12-22T10:27:23Z
       
       0 likes, 0 repeats
       
       I finally managed to create a site-to-site VPN connection between a Hetzner virtual network and a subnet inside our office.Native ipsec in Linux is kinda scary. There is nothing really exposed to the userspace. No interface via `ip a` visible, no route visible with `ip route`. It just works.On the Hetzner site I am running debian 13 with strongswan and in the office a unifi DMP.
       
 (DIR) Post #B1VOz79Ey88SOP6xyi by simon_m@infosec.exchange
       2025-12-22T10:28:40Z
       
       0 likes, 0 repeats
       
       also PFS needs to be explicitly enabled inside the strongswan config on debian 13 since the version is 0.0.1 too old to have it enabled by default.esp_proposals=aes256-sha512-modp2048,default
       
 (DIR) Post #B24QfAYEHkDQeJKXrM by simon_m@infosec.exchange
       2026-01-08T09:09:15Z
       
       0 likes, 0 repeats
       
       My network config endeavors have reached the &quot;you probably should use BGP&quot; level.OH.OH NO.
       
 (DIR) Post #B24QfBwN7T7axTdL84 by simon_m@infosec.exchange
       2026-01-08T09:09:27Z
       
       0 likes, 0 repeats
       
       I want to configure a second ipsec tunnel between my unifi DMP and the router inside the Hetzner network. On the unifi site there is a &quot;routing distance&quot; field, but on the Hetzner vnet site I am dealing with raw strongswan config.Does someone here have a TL;DR / example configuration that I can use without having to perform a second study into the black magic of networking?@quad @wolf480pl
       
 (DIR) Post #B24QfDOlhNQjTpvX1s by simon_m@infosec.exchange
       2026-01-08T09:09:50Z
       
       0 likes, 0 repeats
       
       @quad @wolf480pl I should mention that the second tunnel should be the failover for the first one.
       
 (DIR) Post #B24QwYDxWSWuzc8Zvc by simon_m@infosec.exchange
       2026-01-08T09:17:55Z
       
       0 likes, 0 repeats
       
       @wolf480pl @quad Honestly, I don&#39;t know. I just have a connection to a site set up inside swanctl.d. &quot;tunnel&quot; is nowhere specified. Also I did not touch any routing things, just the strongswan config