melmi

joined 1 year ago
[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yeah, fair enough. To my mind I guess I don't think of array indexes as an example of actual zero based numbering, simply a quirk of how pointers work. I don't see why one starting from zero has anything to do with the other starting from zero. They're separate things in my head. Interestingly, the article you linked does mention this argument:

Referencing memory by an address and an offset is represented directly in computer hardware on virtually all computer architectures, so this design detail in C makes compilation easier, at the cost of some human factors. In this context using "zeroth" as an ordinal is not strictly correct, but a widespread habit in this profession.

That said, I suppose I still use normal one-based numbering because that's how I'm used to everything else working.

[–] [email protected] 0 points 1 month ago (2 children)

Indexes start from zero because they're memory offsets, but array[0] is still the first element because it's an ordinal number, not an offset. It's literally counting each element of the array. It lines up with the cardinality—you wouldn't say ['A', 'B', 'C'] has two elements, despite array[2] being the last element.

[–] [email protected] 4 points 2 months ago (1 children)

When done correctly, the banner is actually a consent banner. It's a legal thing, not necessarily trying to discourage criminals. It's informing users that all use will be monitored and it implies their consent to the technology policies of the organization. It's more for regular users than criminals.

When it's just "unauthorized access is prohibited", though, especially on a single-user server? Not really any point. But since this article was based on compliance guidelines that aren't all relevant to the homelab, I can see how it got warped into the empty "you no hack" banner.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

Yes, but only if your firewall is set to reject instead of drop. The documentation you linked mentions this; that's why open ports are listed as open|filtered because any port that's "open" might actually be being filtered (dropped).

On a modern firewall, an nmap scan will show every port as open|filtered, regardless of whether it's open or not.

Edit: Here's the relevant bit from the documentation:

The most curious element of this table may be the open|filtered state. It is a symptom of the biggest challenges with UDP scanning: open ports rarely respond to empty probes. Those ports for which Nmap has a protocol-specific payload are more likely to get a response and be marked open, but for the rest, the target TCP/IP stack simply passes the empty packet up to a listening application, which usually discards it immediately as invalid. If ports in all other states would respond, then open ports could all be deduced by elimination. Unfortunately, firewalls and filtering devices are also known to drop packets without responding. So when Nmap receives no response after several attempts, it cannot determine whether the port is open or filtered. When Nmap was released, filtering devices were rare enough that Nmap could (and did) simply assume that the port was open. The Internet is better guarded now, so Nmap changed in 2004 (version 3.70) to report non-responsive UDP ports as open|filtered instead.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (3 children)

WG uses UDP, so as long as your firewall is configured correctly it should be impossible to scan the open port. Any packet hitting the open port that isn't valid or doesn't have a valid key is just dropped, same as any ports that are closed.

Most modern firewalls default to dropping packets, so you won't be showing up in scans even with an open WG port.

[–] [email protected] 7 points 6 months ago* (last edited 6 months ago)

Just because you can work with one monitor doesn't mean multiple monitors isn't more comfortable though. You can have multiple windows open at once, at full size, and glance between them freely. No need for them to share the limited real estate of a single monitor.

I run Sway on my laptop because it lets me take full advantage of my single monitor, but on my multi monitor desktop setup I use a regular floating DE.

[–] [email protected] 5 points 6 months ago

It definitely encrypts the traffic, the problem is that it encrypts the traffic in a recognizable way that DPI can recognize. It's easy for someone snooping on your traffic to tell that you're using Wireguard, but because it's encrypted they can't tell the content of the message.

[–] [email protected] 2 points 6 months ago (1 children)

Goes to show I don't know much about SSO I suppose. Time to do some more research

[–] [email protected] 1 points 6 months ago (3 children)

I had issues connecting to Nextcloud from mobile clients when using Authelia, they didn't like it, but if there's a workaround for that that's great

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (5 children)

Most things should be behind Authelia. It's hard to know how to help without knowing what exactly you're doing with it but generally speaking Authelia means you can have SSO+2FA for every app, even apps that don't provide it by default.

It also means that if you have users, you don't need them to store a bunch of passwords.

One big thing to keep in mind is that anything with its own login system may be more involved to get working behind Authelia, like Nextcloud.

view more: next ›