Product Manager for npm here. That was correct. As part of our integration, we were not excluding withdrawn advisories. We've since corrected this. Apologies!
Hosting my Wireguard server on a scaleway instance, I encountered a very slow performance. Some web pages didn't load at all. Server was under no load. Lowering the MTU on the client and the server from 1500 to 1360 solved the problem. FYI
It's worse with VPNs like Wireguard because Wireguard only supports tunneling (e.g. IP in IP), which when you add the authentication header means a minimum of 3x the overhead of a regular connection, whereas IPSec encapsulation without tunneling only requires 2x the overhead (just the additional authentication header). Worse, Wireguard also requires UDP encapsulation (i.e. IP inside UDP+IP), which means 4x the overhead.
To be fair, IPSec tunneling is quite common (unsure if its the predominant mode) because tunneling makes routing easier. And for road warrior setups where the peer is often behind a NAT gateway, IPSec VPNs will also tend to use UDP. In such cases there's no advantage to IPSec.
IPSec is just usually an abysmal inane thing to set up, with defaults from the 90s and an extra bonus of error messages and documentation that just make you cuss. I don't recommend anyone IPSec, whatever it offers, after you spend all the time making sure your configuration is good, is really not worth it if you can do Wireguard or even OpenVPN. Ugh, I'm annoyed just thinking about it again.
The best part is when you find out your phone supports set of parameters A, your tablet set of parameters B and your MacBook set of parameters C.... and there's no intersection between sets.
ipsec is complex because it can be used in a LOT of situations.
can wireguard do tunnel state detection? Can i do a hub and spoke topology with wireguard? or auto-vpn?
ipsec is complex because it is mainly designed as a tunnel protocol with encryption. (site-to-site), compared to the "road warrior" setup wireguard seems more useful for.
Make sure you don’t block ICMP, which is used by Path MTU Discovery [0].
Blocking ICMP may result in black holed connections. I experienced this just like you with websites not working, and with ssh freezing when doing an ll in a directory with a large number of files, or even when starting mc. In my case, an upstream server was blocking ICMP for no good reason (there’s never a good reason to do it permanently, really).
Ehm, make sure you don't block parts of ICMP important in given network circumstances.
Many types of ICMP messages can be very nasty. ICMP and ICMPv6 RFCs actually describe which messages are importatnt and should not be blocked in any networks, which are dangerous and should be restricted, and varieties between.
No, it's not. However it breaks the trust in the Cloud Flares integrity they so proudly mention in this thread. Once they banned something, how can you trust them to not ban something else, perhaps a bit more silently next time?
hmm. I assumed U2F does not protect you from phishing. It just adds a second layer of protection to your account. Protecting you from credential theft.
U2F antiphishing stuff implemented by chrome is just a neat little extra. Is this behaviour of checking the origin in the spec?
Except this one was already build and tested in Germany iirc. It should be debugged and taken apart into modular pieces and sent to Tesla. I assume installing these modules should be easier than debugging an assembly line in factorio ;)
Don't underestimate the innate human ability to fuck up what appears to be a simple job :). There will be delays and deviation
from a best case schedule.
That is where a thief would search too. You have the possibility to store those things at a bank for example but this leads to other problems (what is it your are on a run). Or you dig a hole in your garden only to forget the exact location. There is no distinct answer to where should I store those I think.
