Bitwarden annoyingly ignores subdomains by default. Enabling per-sudomain credential matching is a global toggle, which breaks autocomplete on other online service that allow you to login across multiple subdomains.
Tell me about it... that infinite Ctrl + Shift + L sequence circling through all credentials from all subdomains. Then you brain betrays you making you skip the right credential... ugh, now you'll circle the entire set again. Annoying.
Seriously? That sounds incredibly awful - my keepass setup has dozens of domain customizations, there's no way in hell you could apply any rule across the entire internet.
You don't have to if you use mDNS. Or configure the iPhone to use your own self-hosted DNS server which can just be your router/gateway pointed to 9.9.9.9 / 1.1.1.1 / 8.8.8.8 with a few custom entries. You would need to jailbreak your iPhone to edit the hosts file.
I have a real domain name for my house. I have a few publicly available services and those are listed in public DNS. For local services, I add them to my local DNS server. For ephemeral and low importance stuff (e.g. printers) mDNS works great.
For things like Home Assistant I use the following subdomain structure, so that my password manager does the right thing:
Unless you're hosting array of common apps (like wordpress), WAF is waste of time of everyone involved and the time would be better spent actually auditing the application you wrote rather than fighting with false positives.
The industry sold the idea to the gullible that they can make a bunch of arbitrary pattern matching rules that just make any app more secure
I disagree that it’s a waste of time or that only gullible people use it. A WAF (enabled to block malicious requests) is a cheaper and quicker solution to throw and still get some benefits.
I’ve seen that even in some large (non-FAANG or whatever) companies, budgets for security are always very tight or not available. Practically, it’s easier to kick the can down the road with a WAF.
For enterprise applications deployed for specific clients, if at all there are issues because of the WAF, they’d quickly bubble up through standard support mechanisms.
Yes. Pentesting of an application on every release is what everyone should be doing, finding and fixing the vulnerabilities immediately.
Not everyone can do that because of business realities. Legacy software, vendor software, no budget, no dev bandwidth, etc., etc.
All security is a compromise based on realities - implementing a WAF is one. Tuning a WAF is a further exercise in security compromises. They have value, but aren't a panacea. A good security model should have many layers, and this is one of the layers you can choose which addresses a wide variety of attacks your application may (or may not) be vulnerable to, and which you may (or may not) have the budget or bandwidth to actually fix.
Uhh ... No. This is absolutely not true for industry leading WAFs like Akamai, Cloudflare, Imperva, or even AWS WAF which monitor for new and known critical vulnerables in the wild and will issue new rules for them in short order.
Just last year we had React2Shell (CVE-2025-55182) which allowed RCE for many apps using React Server Components. Within 24 hours the big WAF providers rolled out rules capable of blocking requests matching the exploit pattern.
Yes a patch was available and patching is always the primary solution for resolving critical vulnerabilities, but WAF can step in as a crucial temporary protection until patching can happen.
> Most users don't even read error messages, never mind logs.
They don't need to. The log message is so helpdesk have something actionable, or so it can be copy pasted into google to find people with similar problem maybe having solution.
It doesn't. The detailed log might be nonsense to the user but so is generic error, and the difference is that the specific log message makes it far easier to find solution than generic one.
Why do you need to dilute the term? There is nothing wrong with your NAS running 3 apps that you press update once a year not being called "homelab" but just "a NAS"
Nobody is diluting anything. This person posted the setup they have in their home. It’s their homelab.
It’s not diluting any terms for them to call it that. Their setup is just as much a homelab as somebody else’s 48U rack.
It’s just a dick move, and against the rules of the site, to see somebody’s earnest post about their tech setup and post a shallow dismissal about how their setup isn’t deserving of your imagined barrier to entry.
Quit whining, you know damn well the bar for a typical "Show HN" has been raised to the point of being irrelevant these days, this post is a perfect example. This is not a home lab.
I'm happy for the OP and that it works for him. That said:
The equivalent of Joe Bloggs installing Linux onto an old laptop is neither curious nor interesting, let's not pretend it is because feelings.
This isn't a Show HN, and also I think you mean "lowered" given the tone of your post.
It's also been on the front page for most of the day on its own merits. It's clear you don't like the article. The guidelines are clear that you're expected to either engage constructively or just move along.
reply