Curious how you have all this set up. This architecture makes a lot of sense but it seems a bit fiddly to set up. Do you manage routes, IPs, and ports manually or is there some magic docker thingy that facilitates this architecture?
Personally I currently just use DDNS for stuff hosted on consumer connections (AKA home lab). And docker nginx-proxy to multiplex various self-hosted web apps (either in a home lab or on a VPS).
[Guix/Ansible/Chef/Nix/Puppet] + systemd-networkd + firewalld/nftables. It's not much different than setting up any old load-balancer or reverse proxy on an internal network.
Why not Docker? Since routes are kernel-level and shared between containers, using Docker here typically complicates things rather than making them simpler. Unless you already know about most of the "network magic" Docker does by default, in best case you'll waste a lot of time figuring all of that out and in worst-case you'll apparently have it working but actually vulnerable in some subtle way. And at the point where you're running with "--net=host --user=root --privileged", you're not gaining much from containers for these specific use-cases.
Yes, you _can_ do stuff like this with just containers with CNI/custom networking but VMs are typically cleaner and easier unless you're strongly personally motivated to learn about the underpinnings of container networking.
> And docker nginx-proxy to multiplex various self-hosted web apps (either in a home lab or on a VPS).
That's probably fine, and you might be able to do something similar without even touching that part (aside from closing off the public entrypoint when/if you get the tunneling working). You'd set up the WG+routing either on the same box or on a dedicated tunnel/proxy endpoint, as well as on the remote side. You can either add an additional L7 LB (like nginx) at the entrypoint or redirect traffic straight to your existing nginx. The former is probably the safer and easier, but less efficient approach.
The Flipper Zero is a general-purpose tool for engineering and information security research. By banning the device, we will be doing a disservice to our country’s practitioners in these fields, while doing little to thwart car thefts.
If possession of a device like Flipper Zero is the enabler for car theft, then it leads me to believe that such cars had negligently insecure encryption from the day they were manufactured, and a recall of such cars would be more appropriate.
Very nice. I like how concisely you hit the points. And also that you can note you're a constituent, tech business owner, and tech expert.
If different people want to mix up approaches, and hit various notes, to see what resonates, a couple thoughts (as a tech nerd, not a political communicator):
* "Information security research" has different connotations for different people. No matter how professionally you conduct yourself and respect the term, and no matter how much you promote the term positively as professional... if a particular reader considers the term to be a euphemism for behavior they think should be curtailed, and they think that's the only use of FZ, that might hurt your effort. (Unless you can find a way to promote both at the same time, to those readers, without compromising on either more than you want to.)
* All the hobbyist experimenting and building things, by kids and adults alike, I consider constructionist "education", which is valued. And I suspect it doesn't hurt to say "STEM", as a keyword for the kinds of jobs and economic development this leads to. (Imagine kids figuring out how modern devices work, which today requires more than just unscrewing an appliance and finding the motor and gears. Or getting interested in the RF that backs much of our global technology infrastructure, and inspired to pursue engineering or science. Or using that knowledge to build things that help get them into universities, or that become a tech startup company.)
You may want to add that the average person's phone is many times more powerful and capable than a flipper. The dual use tools that can steal cars are so ubiquitous in society (such as a cheap laptop) that no amount of device banning will make a lick of difference.
> leads me to believe that such cars had negligently insecure encryption
While accurate, the standard may not be as rigorous as you'd like to imagine; there was a time not long ago when a wire coat hanger was enough to unlock a car.
I remember that time. We even used it once on a friend's car. However, we did not ban wire coat hangers. I'm sure the politicians would agree that would have been silly, but common sense seems to leave them when it comes to tech.
At Vancouver Hack Space we recently upgraded from LaserCAD (terrible software that came with our 80W CO2 laser cutter ~10 years ago) to LightBurn. It's been a joy.
Beware some possible subtle radius compensation bugs in LightBurn, I haven't nailed it down exactly yet and when I do I'll contact them but the inside/outside detection doesn't always work with imported SVG files. This bit me quite badly and it took a while to figure out what was going wrong. Choosing 'optimize toolpath' seems to cure it for now as a workaround.
And they are relatively cheap on the used market. The Volt is still awesome. I'm considering upgrading our 2017 to a 2019 (the last year they made it). But at 130,000kms ours is still getting 100km per charge in summer (70km in winter). Ours is a family car and we do less than 10% in gas mode.
