VPN dependent.

  • 2 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

    I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

    I also have a policy to sync specified folders (and subfolder) with my family’s devices. No more " hey can you send me all the pics from the XYZ trip"

    We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.




  • The statement is very informative. The bug happens under increased read/write operations to the same file causing a race condition.

    I also found interesting:

    Despite the bug being present in OpenZFS for many years, this issue has not been found to impact any TrueNAS systems. The bug fix is scheduled to be included in OpenZFS 2.2.2 within the next week


  • thanks for the masterclass in CF tunnels.

    I am ready to accept everything you’ve said but there is the SSH case that keeps tripping me up. For reference, here is the CF docs on Connecting SSH through CF Tunnels.

    Can you help me clear up the misunderstanding here? From the docs it appears you can create a SSH key pair on a client and then copy the public key to the server. It does not appear that the docs state you need to share those keys with CF, so I assume (perhaps incorrectly) that my session will be encrypted with my private key (on client) and public key (on server).

    Again, what you said appears to make sense, perhaps SSH is the only edge case that is implemented differently?


  • hmm, I’m not sure I agree - or perhaps I didn’t explain myself well previously and caused confusion between us.

    Yes I agree with you in your description of how cloudflare encrypts -> decrypts -> encrypts; they are allowing you to ride over their network. If you remove cloudflare from the picture entirely, then you just have the internet facing server.

    What I’m saying is, if the client and endpoint (server) talk in an encrypted protocol, then cloudflare cannot MiTM the data, only the IP headers. This is similar if you were to connect to any ol’ website over an ISP’s network. If your session is not HTTPS, then your application data can be read. You can have encrypted sessions inside of CF tunnel-network-tunnel.

    If your services support encryption, great. But you can also expose a wireguard endpoint so you have the following

    wg client --(tunnel to CF)–> CF network --(tunnel to your server)–> wireguard server

    the real advantage to CF tunnel is hiding your IP from the public internet, not poking any holes in your firewall for ingress traffic, and cloudflare can apply firewall rules to those clients trying to reach your server by DNS hostname.



  • I apologize, I misread the chain of comments. Your explanation is perfectly adequate for someone who has a basic grasp on networking and VPN and tunnels and encryption.

    I would just like to add that if your endpoints communicate via an encrypted transport (HTTPS, SSH, etc) then doesn’t matter if cloudflare tries to inspect your packets. There would be 2 layers of encryption while traversing the public web, then 1 layer when traversing CF’s network.

    And to some, packet inspection is not a downside since they can offer more protection - but that is totally up to your attack vector tollerence



  • discovered tailscale from this post and after reading their “how tailscale works” I was hoping to get some clarification from an activer user (you).

    CF tunnels setup an outbound-only tunnel from my private network via cloudflared, I have no ingress holes in my firewall to access my services. cloudflared does all the proxying. Plus my IP changes monthly as I don’t pay for a static one from my ISP. This “outbound-only” connection is resilient to that.

    Tailscale is point-to-point (for data plane) connection and only the control plane is “hub and spoke”. This sounds like I need to allow ingress rules on my private network so my server can be connected to? Is this true or where did I misunderstand?




  • What is incredible about this product is that I can speak normally and fluently as I normally do.

    The need to look at the output as you speak is only necessary if you expect there to be errors. FUTO, amazingly, performs extremely well in this regard and I have a high confidence in not being able to trip it up. I don’t feel that I need to look down at a live transcription.

    This whole comment was written using FUTO voice input. I’m definitely going to donate to them.







  • to preface what might sound like slander, I really would love to get my hands on apple hardware. It is engineered rather well and the geek in me can appreciate that. However, getting access to your own hardware is an issue.

    While I have some concerns about their objective features, to my shame, the greatest problem is with the brand and their practices.

    I think the root cause of all my issues stems from their morals and aggressive/elitist business practice - specifically their quest to squeeze money out of users and hide behind the lie of “we are doing this for the user’s benefit”.

    I have no issue paying money for features I want or entities I’d like to support. In fact, I’m more inclined to financially support those who I believe in.

    And apple loves to gatekeep features and keep them exclusive to apple. They effectively benefit from hard work of others who contribute to open standards and services, but at the same time do not share their own. Greedy.