Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)I

IHawkMike

@ IHawkMike @lemmy.world

Posts
0
Comments
198
Joined
3 yr. ago

  • Removed

    How to know if university has access to my computer and phone?

    Jump

  • Did you have to install an app called Company Portal or Intune? If no, then they probably don't have access to your device, except for possibly being able to selectively wipe school data. They could also be using another MDM solution like Airwatch, but again, you would have had to have installed something (and unlikely, since universities get massive discounts on Microsoft licensing).

    Even if you do have Company Portal, it doesn't necessarily mean it's managed as it's still used to broker communication and authentication between Office apps on Android. The app itself would be able to tell you if the device is managed.

    And as the other poster mentioned, if they had you install a root certificate for the university they can intercept and inspect HTTPS traffic from your device while on their network. But that still doesn't give them access to the data-at-rest on your device.

  • Can you recommend a free minimalist documents app? (replace Google Docs- can be offline)

    Jump

  • I'm not sure about color support without HTML or add-ons, but Obsidian is a good markdown editor with a lot of functionality and extensibility.

    It's not open source but it runs on everything.

  • Traefik and external services

    Jump

  • If you're sure you've got a DNS entry for the Pihole FQDN pointing at Traefik, open the dev panel in your browser (F12), switch it to the Network tab, and visit the pihole URL.

    See if you get anything back and especially take note of the HTTP status codes.

  • Traefik and external services

    Jump

  • Can you see the router and service in the Traefik dashboard and do they show any errors there?

  • Traefik and external services

    Jump

  • I think you're close.

    You need to change service: pihole-rtr to service: pihole-svc.

    Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

    No, you just need to reference it like you have. Define once, reference many.

  • Traefik and external services

    Jump

  • No worries for the question. It's not terribly intuitive.

    The configs live on the Traefik server. In my static traefik.yml config I have the following providers section, which adds the file provider in addition to the docker provider which you likely already have:

      YAML
        
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /config
    watch: true

    And in the /config folder mapped into the Traefik container I have several files for services external to docker. You can combine them or keep them separate since the watch: true setting tells it to read in all files (and it's near instant when you create them, no need to restart Traefik).

    Here is my homeassistant.yml in that folder (I have a separate VM running HASS outside of Docker/Traefik):

      YAML
        
http:
  routers:
    homeassistant-rtr:
      entryPoints:
      - https
      service: homeassistant-svc
      rule: "Host(`home.example.com`)"
      tls:
        certResolver: examplecom-dns

  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://hass1.internal.local:8123"

    Hope this helps!

  • Traefik and external services

    Jump

  • Cloudflare is bad. Youre right.

    Jump

  • Cloudflare is bad. Youre right.

    Jump

  • So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)

    I'll trust Cloudflare over Comcast/AT&T/etc. any day of the week.

  • what invisible thing could set off my smoke detector?

    Jump

  • I found it amusing that these posts were adjacent.

  • Just got an operating system update for my Galaxy S10 phone

    Jump

  • Yeah, but that security patch level.

  • Networking Gear Recommendations? (starting from scratch)

    Jump

  • I believe you. I'm just saying their non-firewalls (i.e., switches and APs) don't have that limitation.

  • Networking Gear Recommendations? (starting from scratch)

    Jump

  • My firewall is a Fortigate 60F.

  • Networking Gear Recommendations? (starting from scratch)

    Jump

  • I would never use their firewalls/gateways, but their switches are pretty good for the price and their APs are decent (although tbh after 3 generations my next AP will likely be an enterprise Aruba).

    That said, I still use Unifi in docker, everything is up to date, and nothing is requiring a sign-in to the cloud. Am I missing something? If it's just the firewalls, then I'm not surprised since I've never been remotely tempted to use them, but it sure isn't all of their devices.

  • What is Web 3.0?

    Jump

  • The definition I learned for web 2.0, as it was happening, was a shift from static web pages generated all at once on the server and delivered to the client whole, to using Ajax with in-browser Javascript dynamically changing already-delivered pages with back-end XML calls.

  • Can I refuse MS Authenticator?

    Jump

  • Look man, it's okay to be wrong. It's a natural part of growth.

    But when you double down on your ignorance instead of taking the opportunity to open your mind and listen to the experts in the room, you just end up embarrassing yourself.

    Try to be better.

  • Can I refuse MS Authenticator?

    Jump

  • We can restrict the use of software TOTP, which is what companies are doing when they move users onto the MS Authenticator app.

    Admins can't control the other TOTP apps like Google Authenticator or Authy unless they go full MDM. And I don't think someone worried about installing the MS Authenticator app is going to be happy about enrolling their phone in Intune.

    Edit: And even then, there is no way to control or force users to use a managed device for software TOTP.

  • Can I refuse MS Authenticator?

    Jump

  • This is incredibly well said and I agree 100%. I'll just add that software TOTP is weaker than the MS Authenticator with number matching because the TOTP seed can still be intercepted and/or stolen by an attacker.

    Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the "something you have" second factor in my threat model.

    While I prefer pure phishing-resistant MFA methods (FIDO2, WHFB, or CBA), the support isn't quite there yet for mobile devices (especially mobile browsers) so the MS Authenticator is the best alternative we have.

  • Vanity Fair France apologizes after editing out actor’s Palestinian flag pin

    Jump

  • We’re not as stupid as they think we are.

    Aren't we though?