
hoshikarakitaridia
@hoshikarakitaridia@lemmy.world
- Comment on How much do you secure a home server that's only accessible with VPN? 1 week ago:
After installing tailscale with my Headscale server, I just left it as is. Maybe people in the comments can chime in but if you expose only your VPN server or broker (Headscale), you kinda narrowed down your attack vectors and a VPN itself is really solid. From my basic knowledge, it’s the server and client which are the bottleneck at that point, but there’s only so much you can do and if you continuously update both and maybe stay on stable / ltsc branches, you kinda did everything.
I guess there’s something to say about the encryption algorithms used. What I remember from back in the day is everything elliptic curves that’s common is quite good so if you see “ECDSA” / “ECDH” you should be fine. RSA unfortunately is not that great anymore.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
I forgot to mention that one because I kinda thought it belongs with radmin and hamachi, but it’s my choice as well currently.
I am using it with my own Headscale though, so add a domain to that as well.
And I finally need to switch my vaultwarden to work over tailscale & LAN finally, it’s a huge security risk to expose that one.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
I added a reference to your comment
yeah I forgot that one. I had to rush the comment a bit.
- Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network 1 week ago:
That’s the whole point of a domain. Your IP changes every now and again you need people to know where to reach you. You give them a domain, and you configure the name records so that the domain always points to the right IP address.
Your options:
- dynamic IP - you keep your setup as is and just periodically tell them the new IP you’re on. Annoying and exposed
- static IP - you buy a static IP (from your ISP) and share it with your friends once. A little bit less annoying and still exposed
- you use a VPN like hamachi or radmin - your friends install the software, they look for you IP in there, you’re done - very secure but also very annoying
- you buy a domain - you have to configure an IP updater like ddclient or similar, then you jellyfin should be reachable - least annoying for your friends but also slightly less secure
Domain is the cleanest option.
I am telling you how annoying it is because that’s how likely your friends are to adopt it and how secure it is because depending on your country you are doing something illegal and you really don’t want anyone to find out and you gotta keep it updated more often if you don’t want people to exploit it. There’s an endless supply of very smart people out there who use known bugs to target public services.
- Comment on Help with my Proxmox-Setup 1 week ago:
Duplicati is at it’s base just a fancy ui for backups as opposed to custom bash scripts.
It does support s3 storage, SFTP, ftp, and a bunch of other stuff so this might actually be on point for your off-site backup design.
Of course off-site backups are superior. If my home burns down I’m fked. I do use different hdds though, so at least there’s some security isolation in that. Also if one of them breaks, the other one doesn’t necessarily.
- Comment on Help with my Proxmox-Setup 1 week ago:
I have different vms which all write to an smb mount.
Then I have another VM that runs duplicati and mounts that smb share, but also another one just for the backups. And only this duplicati container has access to the backup share, which kinds isolates my backups for security reasons. The only thing still involved and able to read and manipulate my data is the router which can see all the traffic.
Now idk if this is the best setup, but it feels secure to me and it works for me. Maybe more experienced people can chime in to agree or disagree.
- Comment on "Is it okay to cuck your own daughter? Asking for a friend." 2 weeks ago:
Persuasive
- Comment on Vaultwarden while allowing family emergency access 2 weeks ago:
I checked whether I can access the data on my disk with master password and I can, so I just setup periodical disk backups. Good enough for me, idk if that’s what you mean with emergency access though.
- Comment on Vaultwarden while allowing family emergency access 2 weeks ago:
I have vaultwarden on my home server and I usually visit it through it’s Webinterface because the bitwarden addon for my browser breaks all the time with my vaultwarden instance.
I also have tailscale and a Headscale server so access should be VPN level secure.
I’m gonna be honest, it’s quite inconvenient sometimes but it’s an ok working setup.
The addon issue gives me the most headaches because it means I have to login like 10 times into the web ui and then search through the passwords every time I am building stuff on my servers.
- Comment on Epic Games CEO says it’s ‘really irresponsible’ of Steam to make studios disclose AI use | VGC 2 weeks ago:
Let’s get back to that Scarlet letter though.
If you think AI is awesome, what’s the issue with disclosing it? Is because you’re scared people will disagree with your ethical choices?
Such a self own. It should be anyone’s interest to disclose if something has AI in it or nah, no matter whether you like or dislike AI.
- Comment on GOG apologizes for emailing people Nazi symbols 5 weeks ago:
Oh no
The second comment from the devs is telling - sounds like they sent the message and then GOG just appended some emojis to it, and the devs were unaware.
Now ofc that’s from the devs directly, but considering it’s so oddly specific, it’s hard to imagine they made that up.
- Comment on Firefox dev clarifies there will be an AI 'kill switch' 6 months ago:
Yeah I’m not touching Firefox. Will stick to Librewolf.
- Comment on Devolver boss calls GTA 6 an "AAAAA game" in latest attack on human dignity 10 months ago:
It’s always nice to have an indicator when you need to be sceptical about a game. Apparently the number A’s is a good one. Quintuple A game my ass.