Image 1 — have problem with sanding this work.
Image 2 — have problem with sanding this work.

have problem with sanding this work.

this is one of my works, there are some nodes on it when i tried to sand it, this happened, it sanded more than other parts, you'll see some bad marks on the inside part, that simply because im a noob and my gouge wasn't sharp enough.

someone suggested that you shouldn't sand with your hand on this kinda wood so it won't happen, is that right? What would you guys do?

u/nightcreativecloud — 3 hours ago

NetBird + Authentik: Setup key still forces SSO login — what am I missing?

[Update - added in the end]

I'm running NetBird self-hosted with Authentik as my SSO provider. Works great for user devices — they log in via Authentik, join the network, all good.

Now I want to add a headless Windows laptop as a shared server (RDP host for the team). I created a setup key:

- Type: Reusable

- Auto-assign groups: EMPTY (left blank)

- No expiration

On the Windows machine, I run:

```

netbird up --setup-key <KEY>

```

And it STILL opens a browser window asking me to log in via Authentik.

I've tried:

- Running with and without `--management-url`

- `netbird down` first

- Deleting `C:\ProgramData\netbird` and reinstalling

- Creating multiple fresh setup keys with no groups

Same result every time — Authentik login page.

I want this machine to join as a headless server with NO user attached. No Authentik user created for it. Just a standalone peer that people can RDP into.

Is this even possible with Authentik configured as the SSO provider? Or does NetBird force SSO for ALL authentication once you have an IdP set up?

If you've got this working, how? What's the magic combo?

I don't want to create an Authentik user for every server I spin up. That defeats the purpose.

Help me out here.

updated:

i don't know why but i just ran the script below (just change the order of the script, first the setup key then the management url, and it worked, hell yeah)

```

netbird up --setup-key <KEY> --management-url <your-management-url>

```

reddit.com
u/nightcreativecloud — 1 day ago

How do you use Obsidian for bug bounty?

&#x200B;

I've started using Obsidian for bug bounty and pentesting, but I feel like I'm not using it to its full potential.

How do you organize your notes? Any must-have plugins, templates, or workflows? How do you keep recon notes, payloads, writeups, and useful resources organized without everything becoming a mess?

Would love to hear what your setup looks like or any tips you've learned along the way.

reddit.com
u/nightcreativecloud — 8 days ago

is that ok to run ERPnext on my server?

hi guys

I'm running jitsi, gitea, matrix,netbird, synapse-admin + authentik

i use authentik for SSO, all these are based on docker.

the thing is after all that setup, my ubuntu vps have 2.7 gb out of 8gb occupied, with 100gb space, and 4vcpu

at first i was trying to install ERPnext for my teams that use this vps service, someone told me its absurd to install ERPnext on your vps with all that setup and daily driver services that your team depends on it.

he says look at jitsi for example, you have to always give space and free ram available, i can use multiple services for that but im enchanted with ERPnext somehow, can somebody guide me?

reddit.com
u/nightcreativecloud — 8 days ago

any alternative for takaboto and yomiwa?

hi guys

im in need of handwritten kani search feature, takoboto only give it to its paid users, im using yomiwa for now, but yomiwa has some hidden bugs related to its database, for example with my country ip it won't play, i tested it with vpn, and it worked, also the ability to see the radicals and send them to kanji search app and some small features that takoboto provide.

i know that sounds awkward but I'm tired of switching between these two, you guys have any suggestions?

u/nightcreativecloud — 9 days ago

what are the bests local agents to use?

what are the bests local agents to use?

hi guys

what local agents do you guys use for your tasks, i have a big concern regarding privacy, I know that whenever some company says we don't train our model, and the access to their model is free, there is absolutely something behind the scenes.

my most work is managing obsidian notes, not that hard trying with codes

reddit.com
u/nightcreativecloud — 13 days ago

what are the bests local agents to use?

hi guys

what local agents do you guys use for your tasks, i have a big concern regarding privacy, I know that whenever some company says we don't train our model, and the access to their model is free, there is absolutely something behind the scenes.

my most work is managing obsidian notes, not that hard trying with codes

reddit.com
u/nightcreativecloud — 13 days ago
▲ 16 r/netbird

Logging out of self-hosted NetBird (embedded Dex + Authentik) doesn't clear session — next user gets previous user's dashboard

Broken

Been banging my head against this for a few days. Running NetBird self-hosted (combined netbird-server container, v0.65+) with nginx as the reverse proxy, and Authentik added as an external identity provider through the dashboard UI. Everything works fine for login, but logout is completely broken in a way that's actually a security issue.

Here's what happens:

  1. User A logs into NetBird via Authentik SSO — works perfectly
  2. User A clicks "Log out" in the NetBird dashboard
  3. Browser redirects to Authentik's logout page — looks fine so far
  4. User B now opens the browser, goes to Authentik, logs in with their own account
  5. User B clicks the NetBird app in Authentik's application portal
  6. User B lands in User A's NetBird session

I've verified that manually clearing browser cookies fixes it — after clearing cookies, login with User B works correctly and they get their own session. So the NetBird session cookie is just never being invalidated on logout.

Things I've already tried:

None of it made a difference. I kept seeing the same behavior.

After digging into the NetBird docs more carefully, I noticed something that might be the actual issue: the official nginx template for the combined container specifically requires routing /oauth2/* to the netbird-server backend. My nginx config was missing this location block entirely. The /oauth2/end-session endpoint (which Dex uses to actually clear its session) was going nowhere — probably hitting the dashboard container and returning a 404 or being silently swallowed.

The location block that's apparently needed:

location /oauth2/ {
    proxy_pass http://127.0.0.1:8081;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
}

I'm testing this now and will update the post. But if anyone else has hit this same issue with the embedded Dex + external IdP combo on self-hosted, I'd love to know if this was your fix too.

Setup details:

  • NetBird combined container (netbirdio/netbird-server:latest)
  • Authentik as external OIDC provider (added through NetBird dashboard, not standalone mode)
  • nginx on host as reverse proxy
  • config.yaml with dashboardPostLogoutRedirectURIs set
  • Ubuntu 24.04
reddit.com
u/nightcreativecloud — 14 days ago

anyone know where to find original image?

Does anyone know where I could find the original image for these two arts?

credit: 瑞光

can't find it

u/nightcreativecloud — 16 days ago
▲ 3 r/Gitea

How to strictly enforce OIDC/SSO in Gitea? (Disabling the local auth backend entirely)

[UPDATE - SOLVED]

Act as a Senior DevOps/SecOps Engineer. I have a question regarding strictly enforcing OIDC authentication in Gitea at the backend level.

Environment Context:

I am running a self-hosted Gitea instance fully integrated with Authentik (OIDC) for SSO. The integration works perfectly:

- JIT auto-provisioning and account linking are working.

- In my `app.ini`, `DISABLE_REGISTRATION` and `ALLOW_ONLY_EXTERNAL_REGISTRATION` are both set to `true`.

- I have successfully hidden the local username/password login form and the "OR" divider from the UI using custom CSS injection via `header.tmpl`.

The Core Problem:

While the UI is clean and users are forced to click the Authentik button, the local authentication backend is still active. If a user (or an attacker) bypasses the CSS, uses the Gitea API, or sends a raw POST request to the `/user/login` endpoint, they can still authenticate using their legacy local Gitea passwords.

My Questions:

  1. Is there any native variable in Gitea's `app.ini` to completely disable the local password verification backend and make the system 100% strictly SSO-only?

  2. If Gitea natively lacks a "kill switch" for local auth, what is the best enterprise practice here? Should I block POST requests to `/user/login` at my Reverse Proxy (Nginx) level, or should I just scramble all existing local passwords in the database to random 50-character strings?

u/nightcreativecloud — 18 days ago

Fuzzy/chattery surface on fully dried wood – but the other side is glass-smooth

Hi everyone,

I'm a woodturner working with wood that is first dried in a humid region (until equilibrium moisture ~14-16%), then wrapped in plastic and transported to my workshop, which is very dry (RH ~10-12%). I open the plastic bags every night to let moisture escape, and after a few months the wood gets quite dry (probably below 10% MC). However, I always get some cracking in the first days, and now I'm facing another issue:

**The problem:**  
When I turn a bowl or a cup from this very dry wood, one side of the piece (usually the inside of the bowl) becomes fuzzy, with raised fibers that feel like velvet or tiny torn strands. But the **back side of the same bowl** (the exterior, turned immediately after with the same gouge, same speed, same sharpness) is perfectly smooth – almost glass-like.  

I've attached two photos:  
- Photo 1: The fuzzy surface (you can see the raised fibers).  
- Photo 2: The smooth back side of the exact same piece.


**My questions:**  
1. Could it be related to the wood's anatomy (vessel elements, supported vs unsupported fibers) – and if so, why only on one side?  
2. What specific tool geometry (gouge flute shape, bevel angle) or cutting technique should I change?  
3. Should I stop turning this wood completely dry and instead turn it at a higher MC (say 12-15%)?  
4. Any finishing tricks (hot oil, shellac, burnishing) that permanently remove these fibers without losing detail?

**Additional context:**  
The wood has been slowly acclimatized through perforated plastic bags over 4 weeks before turning. I get cracks occasionally, but the fuzziness is my main headache now.

Any advice from experienced turners who work with very dry hardwood would be greatly appreciated. Thank you!
reddit.com
u/nightcreativecloud — 25 days ago