This week I gave up on trying to convince the teamlead an oauth access token lifetime of 5 years is too much. Yes, an access token, not an API key. There’s no revocation mechanism either.

At home I fixed RBAC for traefic, after wading through config and in the end basically just flipping switches until it worked. It does work now though so admin apps are inaccessible to family accounts. Still somewhat open for suggestions as I’m not 100% convinced by traefic yet.

I’m in the process of hardening caddy. It’s a work in progress, as I’m new to caddy. I always used Nginx. But I decided to give caddy a try as I saw it recommended a LOT.

*: in my homelab.

If I told you it wouldnt be secure.

Overthrowing a small 3rd world country for kicks

Been diving into the Tor Browser codebase recently and as a consequence now lifting over a few goodies in the privacy and security departments from there to Konform Browser