Wxfisch

@Wxfisch@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨How do I avoid becoming one with the botnet?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Eh, it can be a lot of work but doesn’t have to be. I’ve automated backups, and if you follow current best practice guidance from industry, you should use long pass phrases and not worry about regularly rotating them. For things like SSH keys, you can rotate them if you think you’ve had a breach but in normal usage there isn’t a huge benefit security-wise since they functionally can’t be guessed and would need to be stolen. If an adversary steals your SSH keys then you’re already pretty hosed as the next step is for them to establish another backdoor to access your server without needing your key.
⁨Comment⁩ on ⁨How do I avoid becoming one with the botnet?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Honestly it’s not a ton of time. A few minutes to run patches every few weeks, and the initial investment to plan, install, and configure your services (but then that’s the fun part no?). Self hosting IMO isn’t a great way to save time and money, or even to get out of the pocket of big tech. If those are your goals you’re better off looking at hosted solutions that are Open, and likely paying for it since running IT stacks isn’t free. Self hosting is a hobby, something you do to learn and because you enjoy it. It is hard sometimes, takes time, and comes with risks, but so do most other hobbies.
⁨Comment⁩ on ⁨How do I avoid becoming one with the botnet?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
It doesn’t usually matter what the service is, the basic concepts are the same. If you want to access a service you host on your internal network from another external network you either need to use a VPN to securely connect into your network, or expose the service directly. If you are exposing it directly you should put it (or a proxy like NPM) in your DMZ. The specifics of how to do this though will vary from service to service and with your specific network config.
⁨Comment⁩ on ⁨How do I avoid becoming one with the botnet?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
You can run a port scan against your public IP from another network to see what is open. But if you haven’t specifically set something up for external access through port forwarding you are probably fine.
⁨Comment⁩ on ⁨How do I avoid becoming one with the botnet?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Only expose services internally then use a secure VPN to access your services, this makes your network no more vulnerable in practice than not self hosting. If you need/want to expose something to the internet, make sure you setup your network right. Use a DMZ to separate that service and leverage something like CrowdSec along with good passwords, antivirus, and keep things patched.
⁨Comment⁩ on ⁨This Looks kinda cool, but does anyone have any experience at vetting a project like this?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
This was posted here yesterday by the dev. Overall the reaction seems positive.

A quick look through the repo it looks pretty legit, it’s a lot of effort to create something that works, with all the documentation (including a lot of planning docs) just to collect data on you. Traffic to various IPs, foreign or otherwise, wouldn’t really be odd for an app like this either. You could try and run it through something like virustotal though to look for malicious code (there are more than a few docker scanning tools on GitHub that use virustotal).
⁨Comment⁩ on ⁨Recommendations to replace AWS DNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I use cloudflare mostly because I buy my domains through them as they offer at cost domain names for many TLDs. Internally I use PiHole and then just point what I need externally to cloudflare trough a reverse proxy and a DMZ box.
⁨Comment⁩ on ⁨If AI “hallucinates,” doesn’t that make it more human than we admit?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
The technical term used in industry is confabulation. I really think if we used that instead of anthropomorphic words like hallucination it would make it easier to have real conversations about the limits of LLMs today. But then OpenAI couldn’t have infinite valuation so instead we hand wave it away with inaccurate language.
⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
It wasn’t standard previously, and if you have TV service I think it’s still inconsistent but the past ~5 years it seems to be more common that they are setup that way from the start. If you have internet only service, and a newer ONT (like less than 10 years old) it is the standard configuration and is how the self install guide tell you to hook up the “quantum gateway” router from Verizon.

You can always call and ask to have your ONT converted to Ethernet output if it isn’t already and as long as it supports it I haven’t heard reports of much trouble there. The very early ONTs though don’t support it though IIRC but those should be being replaced at this point anyways.
⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I mean you can, an ONT is not a router, it’s essentially a media converter. I use my own router (and have for many years) and had no issues. The FiOS tech even ran a long Ethernet run in my basement to connect the ONT and my router in my rack when they installed service.
⁨Comment⁩ on ⁨Do I need the ISPs home router?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
It depends, and without knowing your ISP I’m not sure there is a way to tell you for sure. I know for example Comcast gigabit Pro has been known to directly connect to an ISP SPF module in your firewall/router, but Verizon FiOS (and most FTTP that I know of) provide an ONT that converts the fiber to Ethernet which you would then connect directly to your hardware.

I would verify if the ISP router you refer to is not really an ONT in which case you are directly connected to the ISP functionally and there isn’t really an advantage to getting an SPF and getting the fiber directly connected if you even can.
⁨Comment⁩ on ⁨Advice for fire pit construction⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Honestly I’d leave it empty and cap the gap with pavers or similar. What it sounds like you are describing is how you build a smokeless fire pit and you’d want to avoid interrupting the airflow in that case.
⁨Comment⁩ on ⁨What are ways to independently make a few bucks on the side?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
One of the risks around monetizing hobbies is that while you may enjoy that hobby now, doing it to make more adds level of stress and responsibility that can quickly make it into another job that you no longer love. Places like Etsy are competitive and reward consistency in listing and sales, so to have any real success you can’t really list just one or two items and wait for them to sell. You’ll drop far down in search rankings and suddenly your store dies because Etsy stops sending people to it.

This isn’t to say don’t try, but be aware it isn’t as easy as “hobby but get paid for it”.
⁨Comment⁩ on ⁨[Weekly thread] How is everyone doing with their home improvements?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I have this on my list of things to do. I have the romex, just need to grab a couple breakers to add the circuits and do the work. I know it won’t be hard, and will be well worth it, but getting started is hard when it’s out of sight and only annoying when I need them.
⁨Comment⁩ on ⁨[Weekly thread] How is everyone doing with their home improvements?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Minor thing, but added a piece of OSB to the bottom of the foam lid to our energy box in the attic access (basically a wood tunnel through the insulation that has a 1" piece of polystyrene insulation board on top). It was built with weather stripping to help air seal it, but the hunk of foam isn’t nearly heavy enough to really sit on the stripping. I’ve been meaning to do it for like 6 months and finally cut the scrape of OSB I had, glued it down and added some small handles. Should make it a lot easier to move out of the way, seal better, and be more durable.

I’ll have to do a post with some pictures from a few weeks ago when I installed our EVSE soon.
⁨Comment⁩ on ⁨How do you document your Homelab?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I’m curious how everyone documents their core/critical configs to allow the non-technical in our homes work with it if needed. For instance if I’m on work travel and the Pi-hole goes down for whatever reason my wife wouldn’t be able to use pretty much anything online. I can remote in and fix it but that could be hours/a day or two later. Same then for the proxmox stack that everything runs on.

Along the same lines, how are folks documenting for EOL? It may not be a happy thought but we are all going to go someday, so what is your plan and how have you ensured loved ones can access/save important data?
⁨Comment⁩ on ⁨xkcd #3090: Sail Physics⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I am not, that appears to be deebster@programming.dev
⁨Comment⁩ on ⁨xkcd #3090: Sail Physics⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
As has been pointed out though on non-web clients it’s much more disruptive to link to the webpage instead of how the bot works now. I’m not sure what the split is between web and mobile users but I’d hazard a guess there’s appreciably more mobile client users.

I’m also not sure why it would require more loads on web, if you open a post (as you have to do regardless) does it not show the image with text below it anyways?
⁨Comment⁩ on ⁨xkcd #3090: Sail Physics⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
The bot adds the alt text to the post, so no need to head to the site to see the entire comic.
⁨Comment⁩ on ⁨Jellyfin is not just good... but *better* than Plex now?!⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Agree 100%. Most of the former Plex users turned Jellyfin users I have come across did so better Plex was broken in some way for them. For me it was the general lack of care in creating/maintaining a good Apple TV app. Over the past few years it’s just gotten buggier and buggier with a lot of complaints on the Plex forums where devs would essentially stop by to say they weren’t working on any fixes.

Jellyfin doesn’t fix 100% of the issues, but at least there is active development on Swiftfin that showed a desire to fully support all devices.
⁨Comment⁩ on ⁨HELP! How do I help educate my son about his body when I know nothing about boys??⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Honestly, the majority of key points to talk about can be found online from respectable sources (for example, this article from Johns Hopkins, though there are many others). There is a better than even chance he has shady looked up the “Is this normal” stuff himself if he has normal internet access.

From a social standpoint it’s going to be different for everyone, teenage years are hard and kids are often cruel. I’d advise to just be there for him on this front, but don’t be pushy. He is going to be moody, lash out sometimes, and act differently. That is all normal. He is going to want to push boundaries and get in trouble (rather do things that will get him in trouble, most folks don’t actually want to get in trouble). Give him safe room to explore who he is and to try new things without letting him fall down too hard.

Lastly, you say there are no trusted male figures in your life, but that doesn’t have to be family. Good friends can also fill that space. I have to imagine there is some guy in your life that could have heart to heart, even just with you to then talk to your son. It’s worth trying to broaden your expectation of what a trusted male figure is perhaps.
⁨Comment⁩ on ⁨Apple Maps now shows the Gulf of America⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
And I will continue to use it until they take it away
⁨Comment⁩ on ⁨Branded pothole repairs.⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Honestly I wouldn’t care so long as they do it right. Around here you’re lucky if PennDOT drives over the asphalt with their truck once after the haphazardly tossed it in the hole still full of rain water. And they wonder why they have fixed the same pot hole in front of our drive way every spring for the 5 years we have lived here.
⁨Comment⁩ on ⁨Why do cell phones have a data limit but home internet doesn't?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
In theory at least it’s because you pay for a specific bandwidth for home internet (the size of the pipe) but a specific amount of data for cellular (how much stuff you can get through a fixed sized pipe).

Home internet is a little unique in that way, almost all other utilities are consumption based with no real tiers in terms of how it’s delivered (you pay for the volume of water or gas you use, electricity is the same, just different units).

Networking equipment gets more expensive based on the bandwidth it supports, but it doesn’t much care how many bits you push through it. So ISPs charge based on their capacity to deliver those bits, and provide tiers at different price points. Cellular though is much more bandwidth constrained due to the technologies (and it used to be much more so before LTE and 5G), so it didn’t makes sense to charge you for slow or slower tiers. Instead the limiting factor is the capacity of a tower so by limiting data to small amounts it naturally discourages use. That model carried forward even now that the technologies support broadband speeds in some cases. As such and ISP could provide the biggest pipe (highest speed) to all homes and just charge based on consumption (they used to in the days of dial up, and satellite before starlink always has). Many ISPs instead are now double dipping though and charging for both.
⁨Comment⁩ on ⁨Largest retail breach in history: 350 Million "Hot Topic" customers’ personal & payment data exposed — as a result of infostealer infection.⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Looks from the article like it was stolen by infecting the PC of a third party analytics firm user who had privileged access to Hot Topics snowflake data warehouses and didn’t have MFA enabled. That is just inexcusable in this day and age and $100k is a small price for Hot Topics snowflake to pay for that fuck up (assuming the bad actor actually follows through and doesn’t sell the data if HT pays the price set). Pro tip (or really amateur tip), MFA all the things. Even SMS based MFA is better than no MFA even though it’s not ideal.