• 0 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: August 2nd, 2023

help-circle

  • The -k argument on my openssl accepts a passphrase, not a file. You likely encrypted with the filename as the secret, not it’s contents. Perhaps you should use -kfile instead.

    $ openssl aes-256-cbc -help
    Usage: aes-256-cbc [options]
    
    General options:
     -help               Display this summary
     -list               List ciphers
     -ciphers            Alias for -list
     -e                  Encrypt
     -d                  Decrypt
     -p                  Print the iv/key
     -P                  Print the iv/key and exit
     -engine val         Use engine, possibly a hardware device
    
    Input options:
     -in infile          Input file
    ** -k val              Passphrase**
     -kfile infile       Read passphrase from file
    



  • You seem to be misinformed on how the internet works. Nothing is “free”. ISPs have to buy equipment, pay for expensive physical connectivity (without disturbing existing infrastructure), and usually have to deal with constant, ever increasing bandwidth requirements.

    I’m all for a bit of net neutrality, but ISPs tend to get a lot of flak for policies like this, for seemingly no reason. For example, let’s say ISP A and Upstream B have a mutual bandwidth sharing policy (called Peering) where both sides benefit equally from the connectivity. ISP A determines that N is using all the bandwidth to Upstream B. ISP A has three options: N gets all the bandwidth to Upstream B (disturbing other traffic to/from that network), N has to be throttled to allow all traffic equally, or ISP A and Upstream B need to expand their network again (new equipment, new physical links) which will cost a lot of money. N doesn’t even pay ISP A or Upstream B, they just pay their ISP C. In the end, ISP A has to throttle N, and N is the one who had to expand/change their business model to deliver content to their customers. They had to go out and buy services from many upstream providers to even the load and designed a solution to install Caching boxes inside each ISP’s datacenter so their traffic could reach end users without going upstream.








  • Based on your edit about getting the public IP: Most firewall/routers are not configured to do this operation by default (called Hairpinning). If you request your firewall/router’s external IP address from the internal network you won’t get a response unless Hairpinning is enabled and some devices don’t allow you to do that. If you have an internal dns server, you should override the internal dns to return the private ip address so it goes to your nginx reverse proxy instead of the firewall/router.