a_fancy_kiwi

@a_fancy_kiwi@lemmy.world

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  has some basic monitoring on them.

  What monitoring software are you using?

  I feel like the other measures you talked about (backups, condom of network traffic, etc) I’m doing ok on. Its really just the monitoring where I’m stuck. There’s so many options

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I’ll look into it, thank you

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I’ve seen a bunch of people recommend Authelia. Do you mind if I ask why you went with it over other software? I only went with authentik because I found a tutorial on it first

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  1. check

  2. check

  3. check

  4. I saw someone else recommend crowdsec. I’ll look into it, thanks

  if you use one of those 5$/month VPSes, with a VPN tunnel to your backend services, that adds one layer of “if it’s compromised, they’re not in your house”.

  I’ve heard this mentioned before but I don’t really understand how this works in practice. If the VPS was compromised, couldn’t they use the VPN to then connect to my home?

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  Caddy only allows private IP ranges

  Do you mind telling me more about this? How does that work; a VPN?

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  will do, thanks

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  If it were only me using the apps, I’d be using a VPN. Over the years, I’ve used OpenVPN, Wireguard, and now Tailscale. In my experience, they work like 99% of the time. That last 1% though is weird connection issues; usually when switching between WiFi and cellular (or vice versa) but sometimes it’s my server or ISP and I havr to turn the VPN off and back on to troubleshoot. My partner will either turn off the VPN and forget to turn it back on or they will forget about the VPN completely and not be able to use their phone. Ideally, I’d like to set something up that doesn’t require any potential troubleshooting on their part so I can avoid hearing “why can’t we just use Google photos?” or “what’s wrong with Google home?” 😓

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  that’s awesome. thanks!

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  oh, my mistake. tbh, I don’t know enough about it but I’m interested. Why set up a TLS cert for AI at home? How is that benefiting you and your setup?

  I’ve seen some people set up SSL certs for self hosted services and not make them publicly available but I didn’t get around to seeing why they were doing it

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

  How did you end up setting that up?

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  Most definitely does not need a public URL for Assist in HA. Not sure where you read that.

  You’re probably right. At one point, I had a subscription to homeassistant cloud a few years back to use a google nest speaker at the time. I was just going off that I guess. I’ll do some testing and will probably put it back behind tailscale. thanks for the heads up

  It sounds like you need a VPN to your internal services if you’re concerned about security.

  I’m more so concerned that I set something up incorrectly and would like to be made aware of it in the event someone else noticed

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I feel weird about having those apps on the internet and basically being blind to threats. I mean yeah, I’m not a target on anyone’s list and most IPs visiting the site are bots. But I would still like to know what’s going on.

  I don’t work in tech for a living, this is just a hobby for me so I have limited time to work on this stuff and do research. It’s very possible I fucked something up and don’t know it. I figured if I at least got an alert that said “hey, your immich server db was dumped and sent to <insert IP>”, I could at least turn it off

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  If you have access to all devices, why not just use your own self signed certificates to encrypt everything and require the certificate for all connections?

  Sounds like you are describing a VPN. I was using that setup before but small stuff like immich album sharing via a link won’t work properly. Also, having to ensure a vpn is on and connected is a little to much to ask of my partner; they would turn it off and forget about it and then ask why their app wasn’t working :/

• ⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

  I’ve been playing around with the voice assistant stuff in homeassistant and it seemingly needs a public url to get all the features. I could be wrong about that though?

  I put authentik in front of immich to handle authentication so that I would need need a 2FA code

• How do you all handle security and monitoring for your publicly accessible services?
  Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨71⁩ ⁨comments⁩
• How do you handle SSL certs and internet access in your setup?
  Submitted ⁨⁨5⁩ ⁨weeks⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨0⁩ ⁨comments⁩
• ⁨Comment⁩ on ⁨Spotify’s Plans For AI Generated Music, Podcasts, and Recommendations, According To Its Co-President, CTO, and CPO Gustav Söderström⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

  Some YouTube creators are doing this right now. AI generated translations with the creator’s voice. Looking at it from simply a nerds’s perspective, it’s fucking neato

• ⁨Comment⁩ on ⁨Sonequa Martin-Green felt 'kaleidoscope of emotions' over 'Discovery' ending⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Garbage show. SNW better. Remove my comment again, bitch.

• ⁨Comment⁩ on ⁨Sonequa Martin-Green felt 'kaleidoscope of emotions' over 'Discovery' ending⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Discovery walked so Strange New Worlds could run.

• ⁨Comment⁩ on ⁨Apple will avoid ban by selling latest Apple Watches without blood oxygen feature⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  What’s your use case? The majority of people will be fine without it so I was just curious if you were doing something interesting with it

• ⁨Comment⁩ on ⁨RaspberryPi becoming unresponsive at random intervals⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  I upgraded to the Pi4 but I use this case. It has a daughter board that lets me use an m.2 SATA SSD over USB.

• ⁨Comment⁩ on ⁨RaspberryPi becoming unresponsive at random intervals⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  I’d bet $1 it’s the SD card. My 3B+ used to have the same problem. Been running pis off some sort of SSD ever since, no issues.

• ⁨Comment⁩ on ⁨Microsoft readies 'next-gen' AI-focused Surface Pro 10 and Surface Laptop 6 with Arm chips and design upgrades for 2024⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Microsoft is also working on the next Surface Laptop Studio…, which targets a similar late 2025 release window.

  Fuuuuck

• ⁨Comment⁩ on ⁨Amazon is now automatically playing fullscreen video ads on Fire TV⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  II don’t know how to fix your problem but I am curious about it.

  I assume you have an old iPhone tied to your iCloud account. What happens if you untie that phone and wait like a day (some iCloud stuff is weird and can take about 24 hours to update server side info)

• ⁨Comment⁩ on ⁨Fusion 360 increasing annual price by $190 USD⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Are you familiar with the watermark they are talking about? How does that express itself; does it show up on models or is it like metadata in a file?

• ⁨Comment⁩ on ⁨Fusion 360 increasing annual price by $190 USD⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  As a hobbiest who’s relatively new to CAD, I wish I liked Shapr3D more than I do. I want to use it on my Mac but everything is multiple clicks away compared to other software and seemingly has fewer keyboard shortcuts to get around it :/

• ⁨Comment⁩ on ⁨Amazon is now automatically playing fullscreen video ads on Fire TV⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Pretty sure you don’t need one. I’ll look into it later tonight and get back to you though

• ⁨Comment⁩ on ⁨Amazon is now automatically playing fullscreen video ads on Fire TV⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  For all of Apple’s faults, their Apple TV is pretty decent. A home screen with apps on them; no ads. It’s great

• ⁨Comment⁩ on ⁨Just a JSON file in Windows 11 enables Edge, Bing, and Search ads removal⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Anti-cheat is still a major issue. Even in a VM with GPU pass-through, anti-cheat will still prevent some popular games from running.

• ⁨Comment⁩ on ⁨Apple AirTags stalking led to ruin and murders, lawsuit says — Dozens join lawsuit alleging Apple AirTags are stalkers’ “weapon of choice.”⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  The article has a report from at least one person claiming they can’t find the airtag even with the alerts.

  There’s also videos on YouTube that show you how to remove the speaker so without the UWB chip, I could see scenarios where people genuinely can’t find them.

  I’m not making the argument either way, just saying that a problem is there. Whether it’s Apple’s responsibility or not is up to the court