bizdelnick
@bizdelnick@lemmy.ml
- Comment on How do I avoid becoming one with the botnet? 2 weeks ago:
Makin notes is good for sonething very simple. It’s better to automate deployment with salt, ansible or something similar. A bit more effort at first setup, much easier restoration. Self-documented.
- Comment on How do I avoid becoming one with the botnet? 2 weeks ago:
I don’t think you gain much from OpenBSD. It is focused on preventing vulnerabilities that are hard to exploit and unlikely used by botnets. Most dangerous are vulnerabilities caused by software misconfiguration. The OS cannot prevent your mistake. Also, in OpenBSD you will be unable to use modern containers like docker, podman etc.
- Comment on How do I avoid becoming one with the botnet? 2 weeks ago:
By default your OS is secure. You only have to think about what you expose and how can it be broken in. Disable SSH password authentication. Don’t run software that is provided by hobbyists who have no enough security expertise (i. e. random github projects with 1 or 2 contributors and any software that recommends install method
curl <something> | sudo bash). Read how to harden the services you run, if it is not described in the documentation — avoid such services. Ensure that services you installed are not running under root. Better use containerized software, but don’t run anything as root even inside containers. Whenever possible, prefer software from your distro official repos because maintainers likely take care about safe setup even if upstream developers don’t. Automate installing security updates at the day they released.What doesn’t help:
- Security through obscurity. Changing SSH port etc. Anyone can scan open ports and find where SSH is listening.
- Antivirus. It is simply unable to detect each of numerous malicious scripts that appears every day. It just eats your system resources.The best it can do is to detect that your host is compromised, but not prevent this. It is not security, just marketing.
- Making different rules for public internet and DMZ. Consider there’s no DMZ. Assume that your host can be accessed by crackers from anywhere.
- Comment on Spliit – Open-source, self-hostable alternative to Splitwise 2 weeks ago:
What is Splitwise?
- Comment on Dim — Self-Hosted Media Manager for Organizing & Playing Your Own Library 2 weeks ago:
There is only one commit for two years. Seems dead.
- Comment on Why isn't using a key file the most common way to log into self-hosted servers? 3 weeks ago:
Passphrase-protected SSH keys are definetely more secure than passwords.
- Comment on Cloudflare Tunnel: proxy-dns Command Removal 2026 | What are some nice alternatives to encrypted DNS? 5 weeks ago:
Stubby.
- Comment on What are you using n8n for? 2 months ago:
What is n8n?
- Comment on Docker security 2 months ago:
I’ve read the article you pointed to. What is written there and what you wrote here are absolutely different things. Docker does integrate with firewalld and creates a zone. Have you tried configuring filters for that zone? Ufw is just too dumb because it is suited for workstations that do not forward packets at all, so it cannot be integrated with docker by design.
- Comment on ELI5: How to put several servers on one external IP? 7 months ago:
If you mean HTTP server, what you need is a reverse proxy and name-based virtual hosts. I usually use nginx for such tasks, but you may choose another web server that has these features.
- Comment on Pdf to odt/docx conversion has me weeping! 7 months ago:
There’s no any solution. It is impossible to convert from PDF to any editable format correctly. The exception is a “hybrid PDF” that has an embedded editable document. If you need to edit PDFs that you created yourself, store them in hybrid format.
- Comment on Ansible Playbook - How do I reverse engineer a running system? 8 months ago:
No, not 30 minutes. For the first time I spent couple of weeks just for reading documentation and experiments. It was about 8 years ago IIRC. But since that time when I need something more complex than install a package or copy a file, I feel myself like a 30-minutes user because it does not work as I expect.
- Comment on Ansible Playbook - How do I reverse engineer a running system? 8 months ago:
No, I can’t. I use it only occasionally, so I don’t remember everything. But many times configurations didn’t work as described in documentation and I had to find a different way to achieve a required result. Sometimes this behavior changed from release to release. This thing doesn’t seem something that I can rely on. But we use it in our company many years, so switch to another tool would be painful.
- Comment on Ansible Playbook - How do I reverse engineer a running system? 8 months ago:
You will need many iterations of trial and error. No way.
You can speed up testing your playbook by using molecule or something similar. Don’t touch your working VMs until you get a service set up correctly in your test environment. If you need to set up multiple services in a single VM, you can automate their deployment sequentially, of course.
P. S. I don’t like Ansible and won’t recommend it because it is full of bugs and non-obvious behavior. However I didn’t investigate alternatives and can’t suggest a better one.
- Comment on Do you actually audit open source projects you download? 8 months ago:
Full code audit is very time consuming. It’s impossible to audit all software someone uses. However if I know nothing about project, I do a short look at the code to understand if it follows best practices or not and make some assumptions about the code quality. The problem is that I can’t do this if I’m unfamiliar with the programming language the project is written in, so in most cases I try to avoid such projects.
- Comment on My two cent about emails servers field. Over a two decades... 8 months ago:
Just checked one more time that emails from my server are accepted by Gmail. What am I doing wrong?
the list of the daemons running in docker-mailserver
Awful. Who heeds both rspamd and spamassassin simultaneously? fetchmail and getmail6? More than a half of these components are not required to get a working mail server. But I agree that setting up the another half is rather complicated. So I’m planning to give a try to mox when I’ll need to set up a new mail server.
- Comment on Software for Homeserver router combo 8 months ago:
Why not OpenWrt?
- Comment on How can I contribute processing power to the community? 8 months ago:
Yes, you select projects that you participate in by yourself.
- Comment on How can I contribute processing power to the community? 8 months ago:
You may install BOINC and contribute to scientific computations.
- Comment on How to harden against SSH brute-forcing? 10 months ago:
The best way is to disable password login and use SSH keys only. Any further steps are not required, but you may additionally install fail2ban or sshguard.
- Comment on [deleted] 10 months ago:
It asks for a path to a root directory of a bootstraped container. You can create it with
debootstrap,rinse,pacstrap,alpine-chroot-install,virt-bootstrapetc. - Comment on [deleted] 10 months ago:
virt-manager is able to work wit lxc. Add a new connection of type Libvirt-LXC.
- Comment on [deleted] 10 months ago:
Yes, you can.
- Comment on Router Hardware: How Much Paranoia is Too Much? 11 months ago:
Do you really need OPNsense? Buying a OpenWrt capable router would save your money, place and silence.
- Comment on Docker in LXC vs VM 11 months ago:
Well, I don’t use proxmox, however docker coexists with libvirt and other virtualization systems. If there are overlapping networks that docker ant proxmox attempt to manage, they are configurable.
- Comment on Docker in LXC vs VM 11 months ago:
Snapshotting in docker is as easy as
docker commit. After that you can back it up withdocker save. Then move to another host, but not without downtime.However normally you need to backup/move only volumes attached to containers. If that’s not the way how you like to organize your services, you likely don’t need docker.
- Comment on Docker in LXC vs VM 11 months ago:
What’s the purpose of running container in a container? Why not install docker on your host machine?