mspencer712

@mspencer712@programming.dev

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨My Dream of a Home Router / Server⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
To add to Onomatopoeia’s excellent post, separate devices also limit the blast radius of any compromise. Attackers pivot when they compromise a system. They use one system to talk to others and attack them from inside your network. So you don’t want everything on the same OS kernel.

Unfortunately I don’t feel like I’m qualified to say what works well yet, not until I have the pieces of my site put together and working, and vetted by whatever security professionals I can get to look at it and tell me what I did wrong.

But right now I think that looks like every service VM on its own VLAN on a /30 net, and ideally the service VM and firewall/router VM serving it on different physical hardware joined by a managed switch. That managed switch shouldn’t let either VM host touch its management VLAN, and (I think, I don’t do this yet) should send monitor traffic to yet another physical host for analysis.

(“I can see why you’re not done yet” - yeah I know.)
⁨Comment⁩ on ⁨My Dream of a Home Router / Server⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Regarding the Lone SME thing, my wife has already told me if something happens to me, all my server stuff is getting donated. I should not expect her to maintain it after I’m gone. And I don’t. That’s entirely reasonable. If it lives on after I’m gone it’ll be because the recipe thing was useful enough for others to maintain. My specific server and domain kinda don’t matter.
⁨Comment⁩ on ⁨My Dream of a Home Router / Server⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
This is my dream as well, but for security I feel like you need multiple independent systems. I’m doing mine with power-hungry recycled 2012-vintage server hardware (Xeon E5-1620s and 2620s and Opteron 6276s, bought for $100 each several years ago, plus a few hundred more to their maximum amounts of DDR3 ECC) but this hypothetical box could easily have raspberry pis or something similar. Public services can become compromised and you’ll only want certain hardware to be trusted to do certain things.

My plan is a terrible one and I’m taking way too long to do it. I really want someone else to build this better and faster, but if my crappy plan ends up being the first usable version of this, that will suck but at least it’s available.

I had a dumb personal domain from June of 2000, tried to make it a public internet site, offered services to people on IRC for internet social points, but after a few years it got ahead of me and I let it die. (I’ve been paying for the same business internet ever since, though, and I still have the same static IPs as from back then.) Time passed, got married, got a computer science degree and a development job with a billion dollar SAAS company.

I can see how they do big public internet hosting. Been trying to build the same kinds of architecture with open source tools at home. Struggling, I keep over designing it and getting stuck and frustrated. It takes me a month to do what a competent ops person from work does in a couple days.

OnceI have this working for me, I can share it, because it’s my own work product. It’ll be a guide, a recipe to follow, for creating the kind of secure and isolated web application and general VM hosting environment I see us use at work. This stuff is the difference between “I’m hosting one thing and if it gets hacked, everything is owned” and “I’m hosting a hundred things, all different, and if one gets hacked that will suck - but the other 99 things will stay safe.”

Biggest problem I think with creating this with open-source is just picking a direction for everything and getting the internet to not pitch a fit. “Why did you use postfix?” “I hate Greenbone / GSA and refuse to use it.” “Hardware is expensive, you say I need a jump box for this AND for this, and dedicated hardware for a firewall here AND here? Each of those could clearly be a VM. Your project wastes hardware and I’m not doing it this way.”

Sure, once this is done these decisions are pretty much baked in and I won’t have the energy to redo them yet again. But getting the architecture perfectly designed for your exact scenario … that takes a ton of work. Big companies pay a ton of money in just payroll hours to build this kind of thing bespoke for their needs. I’ll be giving away my version, and I’m afraid the internet won’t care.

But I think we need to keep this ability alive, that private citizens can set up their own DIY hosting that can stand up to hostile internet actors decently well. They can pay (I’ll grant) exploitative rates for business internet connections so they can have static IPs at home as well. If we all stop, we all just decide all hosting should be done by big cloud service companies or big enterprises, we lose a crucial bit of internet freedom. Someone needs to say “yeah this is kinda dumb but I’m doing it anyway.”

And if they could do it with a box you just plug in, instead of my (likely) month-long two hundred step recipe, and still have it stand up to attacks and “Internet background radiation” and stuff, that would be epic. I kind of don’t want my thing to be the way that self-hosting-public-web-services is done.
⁨Comment⁩ on ⁨A single point of failure triggered the Amazon outage affecting millions⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
You’re right to be frustrated. Mine is the same way. It’s ok to be passionate about that, and to value punishing greedy ISPs by not paying extra for a business account. (In many cases you could even need both, if you might worry about occasional denial of service attacks and need to be sure attackers can’t also knock out your ability to work from home, for example.)

I think there’s a compelling argument in favor of protecting diversity of hosting and preventing a monoculture or a monopoly. It’s not super compelling, but it’s out there.
⁨Comment⁩ on ⁨A single point of failure triggered the Amazon outage affecting millions⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
We also need more individuals paying for “business” Internet connections at home. We need self-hosters to be able to feel comfortable running public services from their homes. And so we need a set of practices and recipes to follow, so a self-hoster can feel confident that, if one thing gets broken into, the other few dozen things they’re hosting will stay safe.

The “family nerd” hosting things for the family needs to be a thing again. Sorry, friends, I know family tech support sucks. It’ll suck so much more when it’s a web site down and nobody can reach their kid’s softball team page, and there’s a game next weekend, etc. But we’ve seen what happens when we abdicate our responsibilities and let for-profit companies handle it for us.

(I wish so hard that I had a solution ready, a corporate LAN in a box, that someone can just install and use. I’m working on something, but I’m pretty sure I over-complicated it. It doesn’t need to be Fort Knox, it just needs to be pretty good. And I suck at ops stuff.)
⁨Comment⁩ on ⁨Microsoft Teams can record office presence from December⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Agreed. I feel like I’m in one, and the things that make us thrive are being tested like an immune system, against what feels like a deliberate Maek Number Go Up infection. It’s stressful and I can only try to trust that it’s necessary. I guess we have to keep that stock number up or else we get bought and destroyed by a competitor.

Not a fan of this whole system sometimes.
⁨Comment⁩ on ⁨What external services do you use for your selfhosting setup?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
True. I kinda dodged that problem by having a personal .net domain that’s older than wikipedia.org. My understanding is that you can raise your domain’s reputation with some work.

Honestly the most important thing I use my domain for is easy-to-delete mailboxes and aliases to give to companies and contacts. That’s just incoming email.

For outgoing, there are services that let you send them an email and receive a report on any mistakes or misconfgurations they notice. I followed the first tutorial I found that didn’t seem like it was just advertising “see how hard email is? Looks impossible doesn’t it? Why not pay us instead.” Ended up being at linuxbabe dot com, run by Guoan Xiao, with part one titled “Build Your Own Email Server on Ubuntu: Basic Postfix Setup”. No links but search engines find it.

Big difference is I use OpenLDAP/slapd, and I put different components on different VMs. Took maybe a couple weeks of free time here and there, but I’m proud to say my outgoing emails seem to be accepted everywhere. Not that I send many, really.

Eventually planning on implementing filtering for terms and conditions updates for long-forgotten sign ups. I would like those to bounce.
⁨Comment⁩ on ⁨What external services do you use for your selfhosting setup?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I’d recommend looking again, as I think that advice is becoming dated. Greylist and DKIM make spam prevention super simple, ironically because the centralization of email towards Outlook and gmail has trained pretty much every sender to follow the rules or your email doesn’t go through. And then Greylist catches the rest, because spammers don’t come back and retry after a few minutes.
⁨Comment⁩ on ⁨[VIDEO] Japan Sanctions Visa after the Censorship of Anime and Manga⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Ok yeah that makes sense. Thanks.
⁨Comment⁩ on ⁨[VIDEO] Japan Sanctions Visa after the Censorship of Anime and Manga⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
There’s no karma here. No automated mechanism gives the submitter any benefit for a popular submission.

Right?
⁨Comment⁩ on ⁨Study finds AI tools made open source software developers 19 percent slower⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I got flamed pretty hard for pointing out that this sample size really needs to be in the title, but it needs to be said. Thank you. Sixteen people is basically a forum thread, and not a very popular one.

It’s still useful information and a good read, but a lot of people don’t click through to the article, they just remember the title and move on.
⁨Comment⁩ on ⁨Driving through Nebraska twice nearly broke me. The people who live there must be among the hardest motherfuckers alive.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Omaha resident. I don’t drive through Nebraska from end to end. I just live here.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
As a BBS era kid, I know you’re not trying to simulate the whole thing right now in the comments section. I’d say: you would have done fine, in any era. People talk, they share methods, and you would’ve picked up whatever you needed.

I think it’s just a common sort of nightmare, worrying about being unprepared, dealing with the consequences of lack of preparation.

I recommend the first few minutes of Jason Scott’s The BBS Documentary, for an overview of how people communicated in the pre-internet days. Especially if you imagine yourself a telegraph operator chatting with neighboring stations in the 19th century or something.
⁨Comment⁩ on ⁨A Presence-sensing Drive For Securely Storing Secrets⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I can’t tell if I communicated badly or I’m really just off the mark. But we already encrypt storage at rest, when we have valuable or sensitive data, because of the risk that thieves might read stolen data.

So take that a step farther. A thief can “know a guy” who spent a few hundred on soldering equipment and watched some tutorials on YouTube. We don’t consider sensitive data to be unavailable to thieves just because it isn’t readable via plug and play.
⁨Comment⁩ on ⁨A Presence-sensing Drive For Securely Storing Secrets⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Wait, desoldering a chip and dumping contents makes an attacker “resourceful”? A sub-$50 hot air rework station (or $330-ish if you don’t want one that’ll burn your house down) and a $50 programming cable is … not a lot of resources.
⁨Comment⁩ on ⁨Black Mirror AI⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Wait… I just had an idea.

Make a tarpit out of subtly-reprocessed copies of classified material from Wikileaks. (And don’t host it in the US.)
⁨Comment⁩ on ⁨Why do so many piece of Hardware come with windows only software requiring admin right for installation⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Market share. Basic permissions model.
⁨Comment⁩ on ⁨Can the Internet be an ethnicity?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I’m probably doing some kind of “this solution worked for me, so it should work for everyone!” thing, but it does seem that our understanding of autism has improved in recent years. Even if all you can see is some variant of mild autism (autism spectrum disorder) a professional might see other related things. Like in my case, where my problems were being amplified by constant anxiety … they might find something chemical they can treat, or something that counseling can train you to mitigate or moderate.

I wish you the best.
⁨Comment⁩ on ⁨Can the Internet be an ethnicity?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I’m genuinely scared I could do damage if I explain this badly. I’ll try my best. And bear in mind, mild autism, I communicate things strangely sometimes.

In a general sense, diagnoses are predictive statements, not just labels for communicating about a condition. There’s often sets of related behaviors and common kinds of advice or treatment. Think of it as peer reviewed science, instead of an algorithm, saying “struggling with this? You might also be struggling with this and that, and here’s how we can help with all of those.”

Also, diagnoses unlock access to medication. In my case I’ve also struggled with generalized anxiety disorder. Anxiety meds are having a profound and positive effect on my life. I do so much stupid shit when my brain is constantly making small worries into thought-destroying anxiety and fear. I was really resistant to the idea, thinking medication just avoids problems instead of letting you learn how to deal with them. I was very wrong.

And since I’m in the US where health insurance is a profit making industry, I had to go the route of counseling (“yeah I’m recommending you get tested”), then testing, and then with a diagnosis in hand, psychiatrist for possible medication. (It can take a long time to get meds dialed in. I was lucky, the first thing he prescribed worked great and we’ve just been slowly ramping the dosage, starting at half the usual starting dose in January and going up slowly every month.)

I don’t know if this was persuasive but I hope it at least made sense.
⁨Comment⁩ on ⁨Can the Internet be an ethnicity?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
This is going to sound like an insult or snappy comment, but I genuinely mean this as something that might be helpful because I relate to this and think it’s affected me my whole life.

I think you’re describing mild autism. I got my own diagnosis a few months ago, at age 47, and I wish I had known so much sooner. Some of the things you describe were part of what the psychologist who diagnosed me talked to me about.
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
No worries. I hope things get better.
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
That’s got to be a nightmare. I’m really sorry to hear that, and I appreciate you sharing.

I can’t think of any ways to rephrase that, that don’t sound empty or performative. You sent my thoughts towards my own parents. I’m sorry for your pain.
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Thank you. I stole that from Philip (I think) in Off To Be the Wizard by Scott Meyer. He was describing that book’s antagonist but I’ve taken it to describe people who casually break rules to get ahead.

And I think that’s kind of what they’re doing, flooding social media with stories of how they broke rules in ways that make me go “foul! That’s a foul! Why is the ref doing nothing? This breaks my brain and I have no idea how to respond to this!”
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
No I know you’re being genuine.

So this is going to sound really weird, because I think you’re talking about the experience of debating troll farm accounts - understandably really frustrating - but I’m talking about the people, the voters, the weird family members you can’t talk about politics with any longer. (I have some of those - they’re in rural Illinois while I’m in blue-dot Omaha, I love them very much, and I absolutely hate that we can’t talk politics any more.)

But I think you need to give them more sympathy. (The IRL humans, not the online trolls.) The worst of them grew up in a system where they only see minorities as risks, because (a) brains look for patterns, for free, factory firmware, and (b) they don’t realize evil people set things up long ago so that minorities had things on Hard Mode. And maybe © fighting against your factory defaults takes work and practice.

Like, because TLOU is back on TV I’ll share something uncomfortable. S01E03 was really uncomfortable for me to watch. I was a nerdy kid, teased for being gay in high school when I was not and am not gay. So I have some homophobia I haven’t gotten rid of yet. I’m trying. But I still look away whenever men kiss. My wife doesn’t love that part about me, but she still loves me.

Do you give up on me because my journey isn’t complete there? Am I to be hated because I look away, lumped in with the people who vote against gay rights? Clearly not. Mostly because I’m clearly making an effort.

Some people who voted for Trump don’t wear red hats. They were on the fence and they went one way and not the other. And I promise they’re not the people you’re tired of debating. They deserve your positive thoughts. Don’t let the troll farms steal those thoughts. Please.
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Which “They”? The voters or the politicians?
⁨Comment⁩ on ⁨Trump’s Social Media Surveillance: Social Scoring by Another Name⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
(Apologies to parent, this is something I’ve been itching to say, but the parent isn’t the problem I’m discussing.)

They will clap because it makes them feel good. It makes them feel good because they think we don’t respect them, that we celebrate their losses (in the Laslow’s Hierarchy sense, not the political sense) and that we don’t want to lift them up with us.

So yeah, we have differences. (Stay with me for a bit.) They think a foul in basketball is something you’re allowed to do a certain number of times and then you have to stop. We think a foul in basketball is something you Should Not Do.

Is the solution more hate for the people who got duped by Trump’s team? Yeah they got played. Yeah they have cognitive dissonance. Yeah they’re on Facebook too much, fed poison by an algorithm that optimizes for engagement (you know, happy, horny, angry, anything except writing letters or volunteering or registering to vote). That’s no reason to hate them.

Help them. Love them. Even if there’s no internet points in it for you. (Certainly none for me because I’m usually a crappy communicator.)
⁨Comment⁩ on ⁨YSK that a new internet/account bypass during Windows 11 installs already exists. Here is a 7 step guide.⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
That’s right. Even if you have to use a windows app that Linux compatibility layers don’t support, you can banish Windows 11 to a virtual machine.

Oh, weird, even in a virtual machine it wants an account. Anyone know where I can find a bypass method? :-)
⁨Comment⁩ on ⁨Kevin Rose, Alexis Ohanian acquire Digg⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I feel like innovations that improve moderation should be celebrated. (And then immediately cloned from new-Digg into new Fediverse features.)
⁨Comment⁩ on ⁨The Return of Digg, a Star of Web 2.0 (Gift Article)⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I, too, think humans become incapable of learning from their mistakes when they become wealthy. That’s what keeps them wealthy of course.
⁨Comment⁩ on ⁨Kevin Rose, Alexis Ohanian acquire Digg⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Is moderation difficult? What makes it difficult?

What happens to the “spirit of discovery and genuine community” when moderation fails?