Working on a way to run my own #intranet for static web content I want access to at home and on the move, but without putting that data in the cloud.

Thinking of running a web server to service only requests from localhost on both my PC and an #Android phone, to serve static files from folders mirrored using a non-cloud synchronization tool.

For the #Windows PC and the Android phone, should I use #Apache or #nginx?

Anyone done anything like this?

Say goodbye to security disputes and hello to Freenginx: https://bit.ly/3ICDV6k

This project wants to be a drop-in replacement of #Nginx, run by developers rather than corporate entities.

Curious to know more? Read #InfoQ!

#Tor’s new #WebTunnel bridges mimic #HTTPS traffic to evade #censorship
WebTunnel is inspired by #HTTPT probe-resistant #proxy, but takes a different approach mimicking HTTPS. Since blocking HTTPS would also block the vast majority of connections to #webservers, the WebTunnel connections will also be permitted, effectively circumventing censorship in network environments with protocol allow lists and deny-by-default policies.
https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/

Nginx core developer quits project in security dispute, starts “freenginx” fork - Enlarge (credit: Getty Images)

A core developer of Nginx, curr... - https://arstechnica.com/?p=2003602 #invasionofukraine #opensource #webservers #freenginx #security #hosting #ukraine #biz⁢ #russia #nginx #tech #cves #f5

Anybody have a good host suggestion for running fedi or other server software? *very* disinterested in major cloud providers.

modest requirements: won't make me go broke, ssh access, etc.

After spending yesterday entirely by re-implementing #tcp in #userspace I now know:

- TCP is weird
- we have the PSH flag that completly makes the data ignore the TCP sending/recieve buffers and directly writes into the application's stream
- ACK can be part of literally any other package; you also can SYN, FIN or PSH data while ACK'ing
- zero-length data packages *technically* exist, but they dont do anything; they dont even wake up the FD when it's in a epoll
- the #linux #kernel is funny: it responds with RST to incomming TCP packets, even on raw sockets; you'll need to drop them via #iptables if you want to implement TCP in userspace

Learned a lot! Now I can go on and create a few tests for #webservers; mainly SYN floodings and so on.

In Java and JavaScript there are libraries that ingest an #OpenAPI definition and create validations and Routes for #webservers like #expressjs or #vertx

Is there a similar library for #rust ? #RocketRS #actix #warp

Had to drop some files on some #webservers the other day. I forgot to change the ownership recursively on the files before dropping them in. Got a lovely 404 error when checking to ensure the files were uploaded properly on two of the servers. I had to go back and do them again. Then, reload the server so that it got the updates.

Google's "Web Environment #Integrity" #proposal is one of the #evilest things I have ever seen proposed for the #internet, possibly only behind #government #IDs being required for any access.

https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md

Let's get this out of the way: they give a number of #reasons why #webservers "might wish" to establish that a web #client is running on a "#trusted" software stack, including things like "make sure other game players aren't cheating" and "ensure I'm talking to another human".

1/x