Lee

Please actually compare the certificate when connecting to your server directly (bypassing Cloudflare) and connecting via Cloudflare. An easy way to do this is with openssl CLI:

openssl s_client -servername your-domain-here.org -connect your-ip-here:443 < /dev/null 2>/dev/null | openssl x509 -text -noout

Replace your-domain-here.org with your domain and your-ip-here with your actual server IP, but also do it with the Cloudflare IP.

The section about the "Full (strict)" / "Full" is referring to how Cloudflare verifies the certificate (or not in the case of Flexible and off) between your origin server and Cloudflare -- this is not with respect to the client and Cloudflare. The Custom origin certificates are also with respect to Cloudflare and your server (has no impact on certificate used between the client and Cloudflare). Cloudflare still uses a separate certificate that they have issued to themselves and hold the private key to use for the client.

If you pay extra for their "Advanced Certificate Manager", this allows you to upload a custom certificate to be used between the client and Cloudflare, but you have to provide the private key to Cloudflare because they still terminate SSL/TLS at their servers. Even their "Total TLS" service (part of ACM and the word "Total" could be mistaken to be "total" as in from client all the way to your origin server) does not provide E2EE.

I may be unaware of a newer service offering, but the only way that I'm aware of to get true E2EE is on their Enterprise plan (Keyless TLS). I have a lot of experience with Cloudflare for both personal and Enterprise plan (I was the technical person in charge of the account and configuring and such). Granted, I've not been dealing with CF enterprise for a few years now and they may have a new service offering outside of enterprise that I'm not familiar with, but my quick look around still looks like everything aside from Keyless TLS requires either giving them the key (in the case of ACM custom certificates) or they use their own certificate for client <-> Cloudflare. When I did manage the enterprise plan, we actually didn't use Keyless TLS because we used features that required them to terminate TLS anyway, so I can't speak to the specifics of it.

I hope I'm wrong though. I'd love to have true E2EE while still getting the DDoS protection on my personal stuff.

You should check the certificate shown to clients when accessing your domain. I think you'll find that it is not the certificate that you created outside of Cloudflare. Cloudflare doesn't need your private key as they issue a certificate for your domain to themselves and use that for the connection with the client. The certificate you created is used between Cloudflare and your server. The only option I'm aware to route traffic through Cloudflare where they don't terminate SSL is an enterprise only feature.

I'm in very early stages of a similar project (platform fighter) and a similar issue (I can't do everything and was having trouble finding reliable people). I don't know if our project goals are similar enough to warrant working together, but I think it may be worth talking about a possible collaboration. Perhaps even just to make the game multi platform (I'm targeting a retro game console) given that we'll both need a lot of the same things even if the code itself has a lot of differences. Art, sound, music, story/text, but even things like defining character lists, abilities, and game balance related things is important and duplicative.

By very early stages I mean I don't have any game logic written yet. I'm targeting retro game console hardware and so far I've mostly been writing code (primarily C) to test my understanding of how the hardware functions/limitations (already found some bugs between emulator and real hardware that impacts some home brew games from other developers), and then writing functions that will become a game building library (I don't know that it's right to call it an "engine"). Granted, I'm making a lot of assumptions at this point about what I'll need in terms of features, but also in terms of how much system resources are safe to allocate to different pieces, so when I get things a little more understood and have some core library functions I'm happy with, I'll start writing game logic to see what more I need / what changes I need to make.

I've not worked on it for a few months as I've been busy with contract work that I was just informed this week is ending prematurely due to budgetary changes. As such, I expect to have time to pick it up again starting next week.

I think that depends what you consider a bug. I thinj Mario not being present makes sense as he's dead. The princess was saved even though Mario died, so I think it's reasonable to say the win condition is met. What I think is definitely a bug is that you can hear the death sound way late (a 2nd time) when you do this (jump and hit the axe at the same time bowser touches you).

Could you explain more? Is this just an experiment to see if you can line up and fuse 2 separately printed objects? Are the 2 parts different materials? I feel like I'm misunderstanding.

What I think you've done is print 1 object in TPU and then print a 2nd object, also in TPU, close enough to the 1st object such they fuse. Maybe your future plans would help me understand. I'm interested in learning about different techniques.

I had considered doing something like object fusing to create foldable objects, like print the first couple layers in TPU (for both objects as well as a connecting piece between them) and then print 2 separate objects on top of the TPU base -- think like a foldable phone case where rather than use a normal hinge, it would be an edge in TPU and the rest is PLA/PETG/whatever. Reason to do the whole base in TPU is that I thought just printing the part that connects the other 2 parts in TPU wouldn't fuse well enough and would separate with use. I've not actually done this.

I also like Frigate and it has some integrations with Home Assistant as well.

Alternatively may be worth trying Shinobi. I tried Shinibi a while ago. I liked how it worked, but had some random UI bugs in the release versions. At that time the UI was being rewritten and while some things were improved in the new (in development at the time) UI, I had other bugs in the new UI (again it was in active development and not considered stable when in used it) and switched to Frigate. This was years ago, but I think I'm going to give it another try as I generally liked the UI and features over Frigate, but Frigate has been reliable.

Blue Iris is for security cameras, so think near real time object detection of multiple video streams.

It says it can't be decrypted with passive means due to a proper ECDH key exchange, but if they are not doing any sort of verification that theor server sent or created the key, then it would be possible to do an active attack like MITM that manipulates the key exhcnage. What I mean is, your MITM proxy would substitute the real key with one that you have the keypair to and hand that to the target application. The target application then encrypts using the key you provide, your MITM proxy decrypts and reencrypts with the real key and all seems legit from both sides.

If there are server validation of some sort, signature checks or whatever, then it would require extra work like patching out or otherwise modifying those checks in the application, extracting the key from the application's memory, or something like this.

I guess myvpoint is, if you're motivated enough, you can make it happen.

Thanks for the background. I think I've heard "camera obscura" before and it didn't occur to me that "camera" is the shortened form or that it may be related.

I'm probably only B1 in Italian. I am familiar with camera used like "camera da letto". Granted my vocabulary isn't huge and I don't know subtle (and sometimes not so subtle) differences in word meanings. I'm going to look in to this distinction with stanza. Perhaps this interaction will make me remember it better. Thanks!

If I understand your question correctly, between English and Italian is "camera". In Italian it means "room", not a device for photographs.

My POV (having not used a Jolla phone) is that it's likely to be less convenient than GrapheneOS (I do use Graphene). I understand SailfishOS has an android compatibility layer but I assume there will be random apps that don't work well with it (Graphene isn't free of this either). That said, I want consumers to have more options, which means there needs to be early adopters willing to accept limitations or inconvenience to build up the ecosystem of alternatives, so if you're willing to do that, I think you should. I realize this is selfish in some ways, but it's also good in the bigger picture.

I wouldn't be surprises if the Motorola phone gets heavily delayed and eventually cancelled (I have no inside knowledge, but have been hopeful about too many things that get cancelled to be optimistic until it's widely available). As such, I think another benefit of Jolla is it's more likely that you'll get one (in a reasonable time).