skysurfer

@skysurfer@lemmy.world

• ⁨Comment⁩ on ⁨[Discussion] What would it take to selfhost some of the backend that Tesla's connect to?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

  Depends what you want to do. They don’t require a network connection to operate as a vehicle. So if you don’t care about the remote app features (local ones such as lock/unlock still work over BLE), live traffic, streaming music or updates, then a network connection isn’t necessary.

  If you do want any of those features, then you would need to either get root access to the gateway and infotainment systems to modify the endpoints or take over the C&C server (formerly named “mothership”) domains and certificates.

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

  I set the VPN tunnel from the VPS to deny everything to the internal network by default, then put the services that need to be accessed on the allow list in the firewall. So the VPN endpoint from the VPS can only hit the very specific IPs/ports/protocols that were explicitly allowed. There is still the possibility of a compromise chain of VPS->service->container/VM->hypervisor->internal network access, but I feel comfortable with those layers.

  You could also setup an IDS such as Snort to pick up on that exploit traffic between the services and internal VPN endpoint if extra security is necessary on top of fail2ban and log alerts on the VPS.

• ⁨Comment⁩ on ⁨Hundreds of US government sites go offline⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

  That is a fun rabbit hole. This was Nixon’s presidency and right before the whole Watergate scandal broke, so probably lots of shady shit happening around then that help put us on this wonderful trajectory.

• ⁨Comment⁩ on ⁨Couple spends close to $1,000,000 making their Texas family home 'optimized for LAN parties' and the result is pretty staggering⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

  Thanks for the links to the sources. It was interesting to read the backstory on how it came to be.