13·
21 days ago
- 0 Posts
- 8 Comments
Joined 2 years ago
Cake day: October 2nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Naming scheme like John Wick with his dog.
Yes, yours too.
Let’s invent password reveal day instead.
No, honestly I’m not an attacker, but your local bank. We just need your help to update our systems. Please provide us the following credentials to continue using our phish- *ugh* services.
Credit card number: _____________
CVV: ___
Expiration date: ______
For all who have no clue what it’s for (like me 5 minutes ago), it’s a “self-hosted photo and video backup solution”.
Currently I play around with a Raspi 4 8GB with docker-compose. Most services are accessible with VPN only:
Caddy (as easy reverse proxy)
Portainer (container dashboard)
Linkding (bookmarks)
Baikal (calendar, todo list to sync with Android by caldav)
Agendav (web calendar frontend)
Dillinger (browser markdown editor with PDF export)
Trilium (note app)
Syncthing (google drive/onedrive alternative)
Seafile (file sharing)
Jellyfin (media server)
But if you try to load a local resource as localhost in Firefox…
For the sake of completeness:
Firefox contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit.
More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp
Insecure, but fast fix, if you don’t want to install a local webserver:
about:config
security.fileuri.strict_origin_policy
change to false