I think I've found the problem:
It seems my issue is pihole being unable to block/modify dns requests for HTTPS records, which don't match the LAN IPs pihole handed out in A/AAAA records.
I've disabled cloudflare proxying so they don't have HTTPS records to serve, but I'll have to replace pihole with a better lan DNS solution if I want to turn that back on.
Thanks. That seems to be a similar, but slightly different error. I think the below may apply though.
I believe I've tracked down more of my issue, but fixing it is going to be a hassle:
When cloudflare proxying is enabled, there are 3 DNS records involved; A record with cloudflares ipv4, AAAA record with cloudflares IPV6, and the key to this puzzle: an HTTPS record with cloudflares ech/https config.
With pihole I can set DNS records for A/AAAA, but I have no way of blocking/setting the HTTPS record so it gets through from cloudflare.
The LAN A/AAAA records don't match the HTTPS record from cloudflare, so browsers freak out.
Once I disabled cloudflares proxying, I no longer get HTTPS records returned and all works as intended.
I'll either have to keep cloudflare proxying disabled, or switch pihole out for a more comprehensive DNS solution so I can set/block HTTPS records :(
Thank you @bobslaede@feddit.dk for pointing me in the right direction.
That unfortunately did not work. I am only getting the ipv4 address now, but I still get the same ECH error in chrome 1/5 tries.
Firefox now changed errors from 'invalid certificate' to 'connection is insecure but this site has HSTS' (true). Still wont show the cert or provide any further info. (forgot to grab a screenshot before the below 'solution')
I'm really annoyed at this point and have just disabled cloudflare proxying for this service. That seems to have sorted it for all browsers. I may look further later, I may just say fuck it and leave it like this. Gotta walk away for a bit.
I'll look into that next if what I've done doesn't work. (see other comments)
Added an AAAA record to pihole:
ombi.mydomain.example 0000:0000::0000:0000
Now nslookup returns the correct ipv4 address, and '::' as the ipv6.
We'll see if that works.
Crap, looks like that's exactly what it is.
Now how to fix that...
I do have external acces to Ombi via cloudflare; but the device I'm seeing this problem on is permanently connected to a VPN hosted from the same server machine as ombi/nginx with 'block all connections without VPN' enabled. And this testing has been done from within the same LAN.
It should never see/reach cloudflare for this service.
/edit; I've also disabled 'use secure DNS' in chrome. I host a local DNS within that lan/vpn network.
In the last couple of weeks, I've started getting this error ~1/5 times when I try to open one of my own locally hosted services.
I've never used ECH, and have always explicitly restricted nginx to TLS1.2 which doesn't support it. Why am I suddenly getting this, why is it randomly erroring, then working just fine again 2min later, and how can I prevent it altogether? Is anyone else experiencing this?
I'm primarily noticing it with Ombi. I'm also mainly using Chrome Android for this. But, checking just now; DuckDuckGo loads the page just fine everytime, and Firefox is flat out refusing to load it at all.
! Firefox refuses to show the cert it claims is invalid, and 'accept and continue' just re-loads this error page. Chrome will show the cert; and it's the correct, valid cert from LE.
There's 20+ services going through the same nginx proxy, all using the same wildcard cert and identical ssl configurations; but Ombi is the only one suddenly giving me this issue regularly.
The vast majority of my services are accessed via lan/vpn; I don't need or want ECH, though I'd like to keep a basic https setup at least.
You've done enough, keeping it behind your routers firewall.
You could block LAN access and require a VPN connection to that specific machine if you really wanted more, but I'm not that concerned about it.
Yup. Point is; if you're not depending on just its login page to keep it secure, there's not a whole lot needing 'security patches', so I wouldn't be all that concerned about slow updates. As long as it remains bug free, I'm happy.
But, look at that perspective shot; that thing is HUGE! You definitely want to sleep with me now right? Right??
And security patches
Something with the power of dockge should be behind a seprate form of authentication imo.
I only access it via VPN, it's not exposed to WAN.
Yes, obviously that's always been an option.
I dont see a good solution for the topic we were actually talking about: creating high-power public use charging ports.
Considering how old Facebook is, you'd think they would have their shit together when it comes to password security...
It's not so much the connector; but the power delivery standard.
Type A maxes out at 5v 3a = 15w and is often limited closer to 5v 1a = 5w for public-use charging ports.
Type C and its power delivery standards can get as high as 50v 5a = 250w (though usually closer to 20v 5a = 100w)
Then again.... The negotiation for what voltage/amperage to supply happens over the data lines which you don't want connected on a public charging port...
I dont really see a good solution here.
Takes forever to bring the charge up; but perfect for maintaining battery while you watch/scroll on trips.
I tend to just use FolderSync myself. To avoid battery issues, I have a schedule for most folders; but my DCIM/Pictures folders sync immediately upon changes. I then have a widget on my homepage that triggers a 'sync all'. Anytime I need files synced immediately, it's easy enough to click that button.
-
it doesn't necessarily take full resolution images
-
just because it can capture images a few hundred milliseconds apart doesn't mean it's continuously capturing images. It could be several in short bursts with a delay between groups of images.
Depends on where I'm scrolling and how long.
In a specific community? Usually sorted by 'new'.
'Subscribed'/'All' feeds? Generally starting with 'Hot' then moving to 'new' if I start to run into a bunch of content I've already seen.
Yeah, busses only pick people up at stops; they're not allowed to get off until the end of the route...
I've been using paperless-ngx to consume mail from outlook/hotmail for a while now, but recently had the mail server refuse connections while mail was being processed. (Not sure why, consuming is working now with no changes and no errors besides 'connection refused', while retrieving that mail. Temporary outage I guess?)
This left me with a couple pieces of mail not imported. However, now everytime the mail consume task runs, it recognizes that those pieces of mail are there but refuses to process them with the message:
>Skipping mail '421' '\<email subject>' from '\<sender email>', already processed.
How can I get it to recognize those mails HAVE NOT been processed?
>Aug 13 (Reuters) - General Motors (GM.N), has been sued by the state of Texas, which accused the automaker of installing technology on more than 14 million vehicles to collect data about drivers, which it then sold to insurers and other companies without drivers' consent.
I've noticed with the last 2-3 versions of the app (currently 0.0.69, nice); the app crashes 2/3rds of the time when returning to it from being in the background.
Open the app, switch to another app, switch back a couple min later and it closes then reopens as if you'd just started it for the first time today (losing whatever post you had open).
Curious if others are experiencing this?
Android 14, One UI 6.1
When a file is manually replaced, for example after converting from an mp4 to an mkv; radarr decides to delete everything in that movies folder: posters, backdrops, subtitles, NFO files, leaving only the new video file; even though none of these were created or managed by Radarr ever.
This causes Emby to have to rescan/reidentify the item, re-downloading all the extra data, and it's now lost all custom metadata that was stored in the nfo, particularly the original date added to emby and it now has no subtitles.
How can I prevent this?
CPU/GPU/RAM/Disk usage, logs, errors, network usage, overall status, etc
What do you use/prefer?
Mainly looking for self-hosted web based tools, stuff I can view from a browser; but desktop and CLI apps are welcome too :)
I have what may be a stupid question...
How is it your master password is both used to decrypt your vault and used to authenticate with bitwardens public servers to acquire a copy of your vault/view it in the web app, but bitwarden can't use that password entry to decrypt the vault themselves?
(please correct me if I'm misunderstanding, as I use self-hosted vaultwarden for my server instead of the public ones)
After almost a year of repeated emails stating the transition from Google Domains will have no effect on customers, no action is required; I just got this email:
> Update Dynamic DNS records Hi there, As previously communicated, Squarespace has purchased all domain name registrations and related customer accounts from Google Domains. Customers are in the process of being moved to Squarespace Domains, but before we migrate your domain [redacted] we wanted to inform you that a feature you use, Dynamic DNS (DDNS), will not be supported by Squarespace.
So apparently SquareSpace will be entirely useless to me and I've got "as soon as 30 days" to move.
Got any suggestions for good registrars to migrate to?
(it's a .pw domain if that matters)
/edit. I'm a moron.
I already use cloudflare as my name server, Google/SquareSpace only handles the registration.
I'll be fine. Thanks for the help everyone!
Got 'invalid login' when viewing my profile after the lemmy update, logged out, re-setup 2fa using a browser and now Jerboa crashes when pressing the 'login' button after entering my details.
Disabled 2fa and still the same results.
Consistently crashing in the same spot every time I try.
Switched to Boost for this post.
Does boost support 2 factor auth?
I can't login: If i use the incorrect user+pass I get 'incorrect login' if I use the correct ones I get 'login failed'.
There is no option to enter my required 2fa code...
/edit switched apps then switched back and the 2fa field showed up but refused my code. Force stopped the app and got the same 'login failed' message switched apps again and back; now it shows all fields and finally logged me in correctly.
Seems buggy af.
I've only ever had my domain registered via Google Domains (~7 years), mostly because it was cheap+convenient, and google already had my billing info. Google has however sold its domain registration services to SquareSpace and will soon be transitioning customers there.
Not upset to be removing one more bit of google from my life, but I don't know much about SquareSpace and I'm not sure if I should just go with the transition to them or perhaps move to a different registrar... If I was to move, where too?
Curious what others think about the situation and company.
Are you a Google domains customer? What's your plan? Why?
Using Chrome, Firefox, Brave, Samsungs 'Internet' app, and every other browser I've used/tried on Android:
I'll go to select some text on a page by long-pressing on it and it'll select the word I'm touching as well as expand that selection to a somewhat random amount of additional text (usually not following any structure such as selecting a whole sentence for example).
I'll then go to adjust that selection by grabbing one of the two tabs on either end of it and the moment I do, the opposite tab jumps to a completely random spot on the page vastly expanding the selection, then the whole page scrolls to an entirely different section; Leaving me holding one end of the selection unable to see what was originally selected. I can't scroll to where I was, and If I let go and just click copy I've now copied 90%of the page to my clipboard.... Attempting to modify the selection any further yields the same lack of control and just makes things worse.
This doesn't happen everywhere, but I get these results far far more often than a successful copy+paste. Like just now trying to copy an address from a local transit guide.
I end up having to drop the paste into a notepad app, reselect the bit I actually wanted (if it even made it into the pile of garbage I was forced to grab) then delete the note once I'm done.
This is fucking stupid and I hate it. Rant over. Thank you for listening.
/edit: I don't have the power to pin a comment, but d3Xt3r@lemmy.world has a great solution: Use the rectangle select tool in androids 'Edge Panel' (must be enabled in settings), then press the 'T' button to copy text from the area you've selected.
I'm not talking about an extra 10-15sec, but easily 2-3 full minutes (I've sat here with a timer checking) to load pages, sometimes not loading them at all. Particularly with login pages, but even just homepages.
Dropbox, Cloudflare, Various companies forums, My bank, Google; each of these sites and more I've had firefox either not load at all, or take so long I've been able to copy the link into Chrome, do what I need there, then come back to Firefox still 'loading' a blank white page.
I just don't understand. I want to migrate away from Chrome and use Firefox, but it's been unusably slow when it even loads anything at all.
P.S. In the time I've taken to write this (~5min) plus the time to decide to post and find this community firefox has still not loaded my cloudflare dash... (typed in the address, waited a while, gave up and came here but left it open)
/edit: I should note I have ublock installed, but I get the same results with it disabled most of the time.
How do I block an entire instance?
I'm getting really really sick of blocking dozens of communities from lemmynsfw every single day. It never ends ffs.
If I want porn, I'll go looking for porn. It shouldn't be every third post in my feed.
Honestly, how is anyone supposed to join Lemmy if they all just get flodded with mountains of porn??? I can't imagine anyone that's not already invested in being here wanting to join. (unless their looking for a pornhub alt I guess...)
Not everything NSFW is porn and I'm not looking to remove non-porn so permanently hiding everything tagged NSFW isn't a solution.
When viewing individual comment trees, usually by opening a comment from my own history that has replies on it, or just clicking view context: the original comment is the furthest indented, with the replies indented one less, and further replies to those less indented still until the lowest level comment appears as the oc, but at the bottom of the list.
Here's an example:
An example (text obfuscated as it's irrelevant):
The entire area of this screenshot except the white text, post time, and space immediately between those two; opens one of the hyperlinks. (ie: all of the empty space to the right of the green links, all the way up to the edge of the screen, as well as the green text itself)
I wouldn't expect or want empty space to open links, particularly if I'm trying to minimize/collapse a comment with questionable links in it.
I'm pretty frequently having a different post open than the one I click on in my feed. Usually opening a post that's not even on my screen or within a few posts in either direction; it seems to pick one at random.
V0.0.39
/Edit: This has been resolved.
When viewing comments and collapsing them; if you leave that view for any reason like creating/editing a comment or taping on a username, when you return to those comments they have all expanded again losing the place you've scrolled to.
/edit: This has been resolved.
