Yep.

It’s like they wanna get bought to compete with GitHub or something.

They’re moving fast and breaking things. And bloating their product in the process. In the last 24 months they paid over $1M to a single bug bounty hunter who basically took them to the cleaners.

But totally agree. It’s the best UX, best product for home lab or even small enterprise use if you’ve got someone to get it tuned appropriately.

While I agree, out of the box the configs ARE NOT for home lab use.

Why this matters –

I’m gonna start a company that creates cheap life saving products called “Chris”

I think it’s just smart business, too.

Several companies deserve a larger market share in the cell phone game, and it seems the levers to pull which get us there are OS and hardware based.

Tons of users and enterprise users just begging for better solutions.

I know a guy who was holding onto basically every variation of [state][marijuana reference].[tld] back in like 2015. Guarantee he made bank on that investment.

Traefik’s configs are a little less cumbersome if you’re managing a lot of services.

As far as I am concerned, every person or entity with a paid x account is actively participating in CSAM.

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

I have a bullshit domain with some nonsense tld and domain name that I pay $0.99/yr for that’s on a vps I pay like $150/yr for all told (it’s doing stuff).

All told I keep it below $20/month.

I highly recommend it to anyone getting into self hosting, sysadmin stuff, cybersecurity, devops, etc.

It’s headaches, but once it’s working, you will have ridiculously valuable experience for any org.

I might be misunderstanding this concept but it seems like extra work, or a recipe for an insecure mess that could become difficult to maintain.

I run elk stack and log basically everything which has created a centralized point for observability. This lets me granularly investigate and thereby control the state of all of my networks services.

It’s a little ram hungry, but I’ve got some overhead.

It took me a while to realize those were computer monitors.

Clean your fucking screens, that shit is disgusting 🤢

https://crt.sh/

When a CA issues an SSL/TLS certificate, they’re required to submit it to public CT logs (append-only, cryptographically verifiable ledgers). This was designed to detect misissued or malicious certificates.

Red and Blue team alike use this resource (crt.sh) to enumerate subdomains.

That is a false equivalence.

There is nothing uplifting about increasing surveillance. This content doesn’t belong in this community.

What is uplifting about quadrupling surveillance??

With encryption? Just delete the key and you are done.

This is true. For now…

Is your server not run by 6 cats?

I had a coworker, about 30 years old… Who taught computer science at a college prior to us working together… Who said to me “Command line? That stuffs ancient, man.”

Just in case you were thinking about spending money on college tuition to learn computer science…

lol good point.

Listen, the only folks you put your black hat on for are folks who try to phish you. And you report your findings anonymously to CISA.

That’s how the recent USPS scams, the EZ pass scam, and the AAA scam got untangled. Be safe.

You put on your black hat at work when your boss tells you to do so on objects under your teams ownership. Don’t be stupid.

Other than that, don’t be an idiot. Stick to BBPs and VDPs, Educational labs, shit you own, etc. Nothing more than a totally unglamorous fine, or worse, awaits you.

Sincerely, a veteran of cybersecurity.