megaman

Yesterday's update to Vaultwarden paved the way for yesterday's second update to Vaultwarden (by causing an issue)

Vaultwarden update out as of ~15 minutes ago, includes security updates.

It says "unconfirmed owner can purge entire organization vault". That seems probably not great, so updating is probably a good idea.

GHSA-h265-g7rm-h337 (Publication in process, waiting for CVE assignment) This vulnerability would allow an authenticated attacker that is part of an organization to access items from collections to which the attacker does not belong

[it's a little half bicycle for a child that is attached to the adult's bike, and it says co-pilot]

My router (TP Link) said it had a firmware update. I'm a responsible adult, so I update my firmware. When I log back in, I get this popup that they'd like to share my clients info.

cool...

Let's say I've got Nextcloud selfhosted in my basement and that it is accessible on the world wide web at nextcloud.kickassdomain.org. When someone puts in that URL, we'll have all the fun DNS-lookups trying to find the IP address to get them to my router, and my router forwards ports 80 and 443 to a machine running a reverse-proxy, and the reverse-proxy then sends it to a machine-and-port that Nextcloud is listening to.

When I do this on my phone next to that computer hosting Nextcloud, (I believe) what happens is that the data leaves and re-enters my home network as my router sends the data to the IP address it is looking for (which is itself). This would mean that instead of getting a couple hundred Mbps from the local wifi (or being etherneted in and getting even more), I'm limited by my ISPs upload speed of ~25Mbps.

Maybe that just isn't the case and I've got nothing to worry about...

What I want my network to do is to know that nothing has to leave the network at all and just use the local speeds. What I tried before was using a DNS re-write in Adguard such that anything going to my kickassdomain would instead go to the local IP address (so like nextcloud.kickassdomain.org -> 192.168.0.99). This seemed to cause a lot of problems when I then left the house because, I assume, the DNS info was cached and my phone would out in the world and try to connect to that IP and fail.

My final goal here is that I want to upload/download from my selfhosted applications (like nextcloud) without being limited by the relatively slow upload speed of the ISP.

Maybe the computer already figured all this out, though - it does seem like my router should know it's own IP and not bother sending things out into the world just for them to come back.

If it matters, my IP address is pretty stable, but more importantly it is unique to me (like every house in the neighborhood has their own IP).

Updates from testing: So everything does indeed just work without me needing to change how I already had it set up, presumably because the router did the hairpin NAT action folks are talking about here.

I tested it by installed iperf3 on the server then I used my phone (using the PingTools Network Utilities android app, only found on google play and not on f-droid) to connect. Here are the results:

1. Phone to local IP address (192.168.0.xxx) - ~700 Mbits/second
2. Phone to speedtest.mykickassdomain.org while still on the wifi - ~700 Mbits/second
3. Phone on cellular to speedtest.mykickassdomain.org - ~4 Mbits/second

Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if "runk" was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

An android messaging app that sends everything as an image where the text is in a blue bubble. All images, baby.