> Numerous members of Al-Dahdouh's family have been killed by the Israeli military during the Israel–Hamas war. His wife, seven-year old daughter, and 15-year old son were killed in an Israeli airstrike on the Nuseirat refugee camp on 28 October 2023, in addition to eight of his other relatives. On 15 December 2023, while Al-Dahdouh and his cameraman Samer Abu Daqqa were covering the Haifa School airstrike in Khan Yunis, they were hit by an Israeli missile, injuring Dahdouh and fatally wounding Abu Daqqa. Despite the death of many family members and his injury, he quickly returned to reporting on the war after both incidents.[3] His son, journalist Hamza al-Dahdouh, was killed by an Israeli airstrike in Khan Younis on 7 January 2024,[4] and two of his nephews were killed in an airstrike the following day.[5]
Is there irrefutable proof of it in the current conflict? Unless something leaks from the IDF, we'll never know. But there are well-respected news orgs and NGOs identifying patterns of it.
“CPJ is deeply alarmed by the pattern of journalists in Gaza reporting receiving threats, and subsequently, their family members being killed,” said CPJ Middle East and North Africa Program Coordinator Sherif Mansour. “The killing of the family members of journalists in Gaza is making it almost impossible for the journalists to continue reporting, as the risk now extends beyond them also to include their beloved ones.”
Well more of a product/security matter here. The amount of access that an unlocked device gets you is nuts. I didn't expect to be able to reset an apple id password with a device pin code.
I use self-hosted Apache Guacamole (RDP) through a reverse proxy with Google SSO (oauth2-proxy[0]). So easy to access my desktop from virtually any browser (mobile isn't the best though). This would be a good solution for gaming, but for other activities RDP is unbeatable imo.
> For protection against enemy divers, dolphins will swim up to the infiltrator, bump into them and place a buoy device on their back or a limb using their mouth.
I need to see this in action. A dolphin shows up and cuffs you??
I like the wildcard certificates option, however I have not been able to find an easy solution to distribute those certificates to every host I have internally. Is this usually done manually? is there some equivalent to acme.sh?
The kind of hosts I have are OPNSense router, traefik servers, unifi controller etc.
My method is manual-ish¹. One VM is in charge of getting the wildcard certificates. Other than answering DNS requests for validation and SSH it has no public face.
Each other machine regularly picks up the current outputs from there via SFTP weekly and restarts what-ever services. I'm not running anything that I need near-perfect availability on ATM, so it is no more complex than that. If wanting to avoid unnecessary service restarts check the for changes and only do that part if needed, and/or use services that can be told top reload certs without a restart.
This does mean I'm using the same key on every host. If you want to be (or are required to be) more paranoid than that then this method won't work for you unmodified and perhaps you want per-name keys and certs instead of a wildcard anyway. For extra carefulness you might even separate the DNS service and certificate store onto different hosts.
Not sure how you'd do it with unifi kit, my hosts are all things I can run shell scripts from cron on running services like nginx, Apache, Zimbra, … that I can configure and restart via script.
[1] “manual” because each host has its own script doing the job, “ish” because once configured I don't need to do anything further myself
In general, what you may want to do is configure Ansible/Puppet/etc, and have your ACME client drop the new cert in a particular area and have your configuration management system push things out from there.
For any device that has a web interface, and no way of updating the cert automatically built in or via an API, you'd probably have to automate the process with something like puppeteer.
At my last job I implemented the certificate generation as a scheduled job, which pushes the generated certificates to a private S3 bucket.
Then, our standard Ansible playbooks set up on each node a weekly systemd timer which downloads the needed certificates and restarts or reloads the services.
If you have root ssh on each machine you can make rsync cron jobs. Imo it's reasonably secure if you spend the time setting up ssh keys and disabling password auth after.
I'm not sure what this remove-js.com page does, but if I open google.com with "Disable JavaScript" set in Chrome Devtools, it works fine. All images load, all links work etc.
I definitely get a limited set of features compared to a modern browser with JS enabled, but everything that is there is functional otherwise.
