hietsu

@hietsu@sopuli.xyz

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Do you remember Windows 95? How about Windows 96?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
UTM is the way to go on modern Macs, and even iOS/iPadOS too! Built on QEMU and super easy to spin up virtual machines with any architecture.

mac.getutm.app
⁨Comment⁩ on ⁨ELI5: How to put several servers on one external IP?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
⁨Comment⁩ on ⁨ELI5: How to put several servers on one external IP?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
- nothing answers from www.mydomain.com or mydomain.com or ip:port.
- I have subdomains like service.mydomain.com and letsencrypt gives them certs.
- some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
- keep the services updated and using good passwords & non-default usernames.
- Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
- Planned: geofencing some ip ranges, auto-updating from public botnet lists.
- Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
⁨Comment⁩ on ⁨Jeff Geerling: Self-hosting your own media considered harmful (updated). Youtube removed his content, saying that self hosting content is "dangerous or harmful content"⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
You recon the copyright mafia cares much about what’s illegal or not? Google has played ball with them for years and slowly sided with them more and more. It’s all about the ad money and google wanting to keep the big players happy. All things related to ”owning content” in this era of just renting is going to get flagged. Ripping, selfhosting, torrenting, data hoarding…whatever undermines the content monopoly.
⁨Comment⁩ on ⁨Jeff Geerling: Self-hosting your own media considered harmful (updated). Youtube removed his content, saying that self hosting content is "dangerous or harmful content"⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
”Pretty fast” after they tuned those automations to the current setting. And they will keep turning it that way unfortunately.
⁨Comment⁩ on ⁨Jeff Geerling: Self-hosting your own media considered harmful (updated). Youtube removed his content, saying that self hosting content is "dangerous or harmful content"⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.
⁨Comment⁩ on ⁨German court sends Volkswagen execs to prison over Dieselgate scandal⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Dont know much about anything but it would not surprise me if it was some Bosch engineers who originaally hinted all those engineers of what could be done with their systems if they just listen some states of other car systems. Afterall, it’s their injection systems etc. almost every diesel manuf used/uses.
⁨Comment⁩ on ⁨German court sends Volkswagen execs to prison over Dieselgate scandal⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
This thing happened 2009-> and they got caught around 2015. Justice system is slow.