I think it's a bit different because it's also user based. This is much more limiting being only a single user.

@BraswellJay yes

@stacksofplates said in How to let only customers download files with wget/curl?:

@Pete-S said in How to let only customers download files with wget/curl?:

@stacksofplates said in How to let only customers download files with wget/curl?:

@Pete-S said in How to let only customers download files with wget/curl?:

have scripts serve the data and what not.

Wait are you talking about CGI scripts?

Yes, that's a possibility when you are using a webserver, instead of ssh.

If you access a file over ssh, AFAIK the file is a static file and it is what it is.

If you however access a file over https, you can have a script on the webserver delivering you the file and you can send parameters to it. For instance :

wget -o install.sh "https://xyz.com/my_special_install_script.py?os=CentOS7&special=2&customer=2432"

You just have a gazilion options when you connect over a webserver.

Yeah I thought you were providing files through just a default webserver. So while CGI isn't insecure by itself, you have a ton of work in securing the scripts you create. You might be better off just writing a small API to hand off the info instead of trying to properly secure CGI scripts.

Another option is a serverless function leveraging the providers authentication to serve the files up.

Here's an example from GCP where you can just check require authentication using their IAM.

Thanks, I had the intention of letting the webserver authenticate and in most cases provide a static file directly or when needed invoke a script that will provide dynamic content.

I haven't checked nginx yet but apache can check client SSL certificates easily.

@flaxking said in SSL/TLS client certificates questions:

Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted.

From what I've seen so far, I've come to the same conclusion.

@jmoore said in Redoing Home Network:

@scottalanmiller I'm the same way, I get that habit from my Av days. I bought Allen & Heath mixing boards, QSC amps, and small Community speakers. This is all professional equipment and it had more options and lasted a lot longer. In fact all those pieces are still working today.

Yup, I can from the audiophile world, too. And it was often cheaper to get hifi gear than to get the crappy, sounds horrible consumer junk.

@scottalanmiller said in pi-hole: Group Management:

@marcinozga said in pi-hole: Group Management:

@stacksofplates said in pi-hole: Group Management:

@stacksofplates said in pi-hole: Group Management:

@marcinozga said in pi-hole: Group Management:

@stacksofplates said in pi-hole: Group Management:

I just use CloudFlare for families. If I need to, I can change DNS on whatever to view something.

That only blocks malware and porn if you choose to. What about ads, marketing crap, tracking, etc.?

I leverage what's in the browser for that stuff.

That might not be 100% the best way to handle it, but I don' thave to manage and pay for a server to do it.

No Raspberry Pi lying around?

Who has an unused computer lying around? lol

I don’t, this old box of mine is hitting its last legs...

@stacksofplates said in Local Encryption ... Why Not?:

@scottalanmiller said in Local Encryption ... Why Not?:

@stacksofplates said in Local Encryption ... Why Not?:

@Dashrender said in Local Encryption ... Why Not?:

@scottalanmiller said in Local Encryption ... Why Not?:

@jmoore said in Local Encryption ... Why Not?:

I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.

A new laptop showed up that way once - I was like - wth?

I think the bigger question was, it didn't get reimaged to whatever standard they're using?

Ha, this is medical. Zero standards. Ever seen any medical that has a standard build? Nope. Or even standard hardware? Nope. Or even consult someone in IT within six months of having put a machine into service? Nope.

Idk when I was doing my business I had a few Drs offices and I reimaged them when they got one.

That's because you got to be in charge, I would assume. Here we are only "as needed" and the head of operations runs IT and only has us fix what she breaks (which is quite a lot.)

@JasGot said in How to start taking a company to Microsoft 365 based operations.:

If a customer is asking to go "Cloud based" and they want to stay MS based. What would be you path for a customer who has standard server now.

The real trick is getting them to talk about their goals. Going "cloud" or "Microsoft" aren't business goals, those are means, not ends. So we have no idea what they are trying to do, only how they think they will do it.

It's like stating your goal as "using a hammer" without stating why or to accomplish what. A hammer is reasonable, maybe. But just knowing it's a hammer, you can't go any further without just making up what they might want to accomplish.

I am currently using ZT to Route between my various networks, like a Site-to-Site VPN. It can be a pain to set up, but once it's up and going, it's great!

@gjacobse said in UBNT EdgeRouter Lite; Performance:

Performance seems best with Upload set and download off....

Those numbers seem about right for a EdgeRouter Lite. If you need QoS enabled for download, you'll either need to upgrade or just live with the slowdown.

@scottalanmiller said in Installing Laravel on Ubuntu 20.04:

@Pete-S said in Installing Laravel on Ubuntu 20.04:

@Pete-S said in Installing Laravel on Ubuntu 20.04:

@scottalanmiller said in Installing Laravel on Ubuntu 20.04:

@Pete-S said in Installing Laravel on Ubuntu 20.04:

OK, if you are not running apache or nginx, you should install the php-cli package instead.

So that seems to get installed anyway as a dependency on its own.

Yes, it does. But by using the php package and not php-cli, you probably got apache installed on your system as well - by dependencies.

You could find out by running: apt list --installed | grep apache

Or systemctl status apache2 to see if it's running.

Even if it was, Laravel uses Artisan's server.

I'm guessing they are invoking php's built-in webserver.

Regardless, the point is that if you swap php to php-cli in your install guide you don't get apache and other stuff you don't need.

Still nothing?

So here's a playground example of using functional options and error handling: https://play.golang.org/p/cfw7axv6pjO

The advantage over method chaining is that we can return our errors correctly this way. Using the following as an example, I can return my error the whole way to the function call in main() and only need to handle it in a single place.

type MethodOption func(*http.Request) (*http.Request, error) func NewRequest(opt ...MethodOption) (*http.Request, error) { r := &http.Request{} var err error for _, opt := range opt { r, err = opt(r) if err != nil { return nil, err } } return r, nil } func SetURL(URL string) MethodOption { return func(r *http.Request) (*http.Request, error) { u, err := url.Parse(URL) if err != nil { return nil, err } r.URL = u return r, nil } } req, err := NewRequest( SetURL("https://google.com"), ) if err!= nil { fmt.Println(err) os.Exit(1) }

My plan too as soon as the Meraki license comes up next year

@Skyetel said in Anyone Using Amazon Chime Business Calling:

That's why they don't include CNAM or 911.

No one should get CNAM from their carrier anyway. It is a silly expense to pay for no reason for many businesses.

@stacksofplates said in Linux Desktop Environment:

I use GNOME 3 pretty much no matter what it is. Every so often I'll use i3, but I really like GNOME.

I use Gnome 3, but only out of standardizing. I actually prefer most other options. Cinnamon just calls to me a lot.

yes, it was down this morning

@FATeknollogee said in Help setting up routing:

@JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T?

AT&T can't issue private IP addresses.

@JasGot said in Sending Secure E-Mail?:

The dept is engaged in a grant program with the State Department of Environment…, which requires us to include our banking information on every reimbursement application.

Come to think of it, banking information is not really sensitive info, is it? If you send an invoice to anyone, they have your banking information.

The only risk here is a man-in-the-middle attack where banking information is changed on the application while it's being submitted. So that the money is transferred into another account.

So do the company send all their invoices and ordinary mail containing banking info by registered mail in locked containers, so it is secure from end to end?

If not, then email isn't any less secure.