farcaller

FWIW Sourcegraph chrome extension adds a neat “open in Sourcegraph” to github pages and SG is just superior. Why would you use Github's mediocre search either way ¯\_(ツ)_/¯

Regarding firewall stuff, disable it on your machine and you are fine.

How do you know OP doesn’t have a bunch of unsecured services sticking out into their LAN ready to be a target for the next cryptolocking scam?

Slightly sarcastic, but yeah, OP, do not just turn your firewall without understanding pros and cons of doing such. At the very least, see what your server exposes to the network (ss -tunlp will give you a good starting point), and see if there’s nothing unexpected in there that might be abused.

IANAL and you really should ask a lawyer about this. The answer very much depends on your work contract and country of residence (the latter due to the fact that some generic contracts’ statements might be legally unenforceable in specific jurisdictions).

I’ll throw in a random fact: the contract might say that whatever you write as a programmer is still company's property even off the clock and it will be legal in some US states.

I went looking into how that works, and, apparently, tailscale adds individual node routes (in table 52). So yeah, you have very low chances of getting into trouble even if you have an interface with 100.64/10.

Yeah, you’re absolutely correct. I misread that thinking OP would have the CG NAT endpoint and taikscsle on the same physical device, which, I still think, would be a problem: you'd have two interfaces for 100.64.0.0/10. But if CG NAT terminates on the modem and you run taikscale on devices connected to it them there's surely no issue at all.

Sorry, I meant the OPs modem.

I’m actually not sure you can easily get tailscale up and running om such as a setup as it uses the same cgnat ip range.

Not an answer, but a clarification. You seem to be messing up two things. DoH is basically encrypted DNS, i.e. no one other than your DNS provider can see what domains you ask for. It's orthogonal to ad blocking; there are various service that provide one, or another, or both.

With public keys the attacker can encrypt the message for you, but only you can decrypt it, still.

Streaming JSON parsers are a thing, e.g. pdjson for C. It's, of course, a different approach and it's generally slightly trickier to work with those, but that's what you would use of you have unbound document size and you can process it in chunks.

Hetzner machine in that article is bare metal. It’s much harder to extract the certificates from a running server without anyone noticing.

Unreal Tournament and Deus Ex both come to mind. Alexander Brandon was involved in both and his work is absolutely amazing.

If we talk specific singles, though, it's Morrowind (Nerevar Rising), Control (Take Control), and, recently, Baldur's Gate 3 (Raphael's Final Act). Morrowind's tune is so ingrained in my mind that it's my to-go whenever I get my hands on a keyboard.