starkzarn
@starkzarn@infosec.pub
- Comment on A Beginners Guide To Selfhosting Part 1 2 days ago:
I would recommend giscus over discus, but yes, certainly a valid approach!
- Comment on A Beginners Guide To Selfhosting Part 1 4 days ago:
I have been pleased with his on my blog (roguesecurity.dev) Its powered via github discussions.
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Agreed, prosody is great! I’ve been doing some experimenting with ejabberd and it seems more enterprise-ready, but I haven’t found anything that is discernable as far as feature advantages.
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Sounds like a great opportunity to breath some life into it! If you really have the itch for IRC, there’s a slidge bridge to connect IRC to XMPP!
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Agreed! Runtime environment management is so much nicer with modern containerization. You or ally can’t overstate how much better it is to have app stack state be entirely divorced from OS state. I’m very pleased they’re back on the bandwagon as well.
Stand up a server and come join our MUC!
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
UPDATE: For anyone who comes back to this, or any new readers – I have added a MUC (chat room) on my XMPP server for discussion of any tech-related things, akin to the subject-matter of this blog. Hope to see you there!
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
I have experimented with Simplex, but it feels less tuned toward hosting federated infrastructure and more tuned toward participation with the greater network in a pseudo-anonymous fashion.
Adoption is also always a hurdle with any ecosystem like this, and XMPP is certainly ahead of Simplex in that avenue.
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
It has a long healthy life ahead! Come join the party, the proof is in the pudding.
- Comment on What's the best chat to self host? 1 week ago:
😆 +1 for reading enough to see that! Thank you!
I’m one of those people that ends up using the vocabulary I once learned to get the most value out of it. Would hate to waste all that. Haha.
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
This is also a great article! Thanks for the link.
One cool point in favor of XMPP is that in a public setting (MUCs), there’s community. Moparisbest is an active participant in several of the MUCs that I’m in. Very cool!
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Yeah they just redid their container image pipeline and these containers are the result!
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Super true. I think this was best exemplified by SignalGate
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
This is great, I have not seen this post before. Thank you for sharing.
You make an excellent point here, that the burden of security and privacy is put on the user, and that means that the other party in which you’re engaged in conversation with can mess it up for the both of you. It’s far from perfect, absolutely. Ideally you can educate those that are willing to chat with you on XMPP and kill two birds with one stone, good E2EE, and security and privacy training for a friend. XMPP doesn’t tick the same box as Signal though, certainly. I still rely heavily on Signal, but that data resides on and transits a lot of things that I don’t control. There’s a time and a place for concerns with both, but I wanted to share my strategy for an internal chat server that also meets some of those privacy and security wickets.
- Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody 1 week ago:
Yes, absolutely. It all depends on implementation. I am using VLANs for L2 isolation. I have a specific DMZ VLAN that has my XMPP server and only my XMPP server on it. My network core applies ACLs that prevent any inter-VLAN traffic from there, so even if STUN/TURN pokes holes, the most that is accessible is that single VLAN, which happens to contain only the single host that I want to be accessible.
Great question.
- Comment on What's the best chat to self host? 2 weeks ago:
Just updated my original comment, but that XMPP blog post I mentioned is live: roguesecurity.dev/blog/xmpp
- Comment on What's the best chat to self host? 2 weeks ago:
Here’s the blog post: roguesecurity.dev/blog/xmpp
- Submitted 2 weeks ago to selfhosted@lemmy.world | 38 comments
- Comment on What's the best chat to self host? 2 weeks ago:
Arch wiki never fails to deliver!
- Comment on What's the best chat to self host? 2 weeks ago:
XMPP most definitely! Especially if you want to have connectivity to other servers at all (like simplex). It’s much simpler, more well-known, battle hardened, and still supports E2EE and video calling very well.
I recommend prosody. I recently went through the process of setting up a server and have a draft blog on it half way finished if you want an account of the experience.
- Comment on Security camera recommendations? 3 weeks ago:
There is not a mobile app, no. You can pseudo install it as a PWA if using a chromium based browser though.
I do use HomeAssistant so I let it do the notifications for me, but you could easily setup pubsub and use that to hook gotify or something. Maybe it even has native webhooks at this point, I’m not sure.
Notably though I don’t run frigate in HomeAssistant, it’s just plugged in via API. That’s to support hardware passthrough for my coral TPU.
I highly recommend it over the others. the only one I haven’t tested is blue iris because it’s windows only and I refuse to have a windows machine on my network. Frigate outperforms all the others that I tested. Zoneminder is a runner up but it feels dated and the object detection is a kludge.
- Comment on Security camera recommendations? 3 weeks ago:
I have some reolink and some amcrest, and I’d choose the amcrest (or dahua) any day tbh. Similar workload. Tensor and frigate for software NVR and object detection, all to a zfs dataset.
- Comment on save the planet 🌎 4 weeks ago:
Says who? I give all my billionaire best friends shit every day.
- Comment on save the planet 🌎 4 weeks ago:
The irony of using AI to make this image…
Humanity really is a lost cause
- Comment on Linkwarden v2.12 - open-source collaborative bookmark manager to collect, read, annotate, and fully preserve what matters (tons of new features!) 🚀 1 month ago:
Fair enough! I toyed with the idea of doing it that way because the systemd component would just reference a single yaml file for each service, which feels portable. That said though, my quadlets as they are are pretty portable too. Thanks for sharing!
- Comment on Linkwarden v2.12 - open-source collaborative bookmark manager to collect, read, annotate, and fully preserve what matters (tons of new features!) 🚀 1 month ago:
Just curious why you chose a kube quadlet instead of the typical podman container quadlets?
- Comment on #FGLAE 2 months ago:
Slime mold is so god damn cool man
- Comment on Why are anime catgirls blocking my access to the Linux kernel? 2 months ago:
That’s because they just terminate TLS at their end. Your DNS record is “poisoned” by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it’s meaningless.
- Comment on Systemd Service Hardening 2 months ago:
That’s a super valid question, as it seems sometimes that some of these things are configured in a way that begs the question “why?” As far as contributing to documentation, that’s a moot point. This is already in the man pages, and that’s exactly what I referenced in writing this post, in addition to some empirical testing of course. As far as implementation goes, I think that probably lies at a per distribution level, where not one size fits all. Although I don’t know of it off the top of my head, I’m sure there’s a security centric distro out there that implements more of these sandboxing options by default.
- Comment on Systemd Service Hardening 2 months ago:
Excellent! There’s certainly a lot to unpack, but being able to twist all these little knobs is part of the beauty of Linux.
- Comment on Systemd Service Hardening 2 months ago:
Hey, much appreciated!