
Mordikan
@Mordikan@kbin.earth
- Comment on Vaultwarden while allowing family emergency access 2 weeks ago:
This really isn't a technical issue, it's more an estate planning issue.
The basic concern is if you die, everyone gets locked out. That is where a will, safety deposit box, and named executor come into play.Whatever credentials and guides needed can be safely stored and upon death that will activates and the executor hands over the access to whoever you are needing. The safest assumption to make in these scenarios isn't that someone won't know how to access the information, it's that they won't even know that information exists.
You also have to remember that there is a lot of things to do after someone dies and that these people would also be mourning. So, with that consideration in mind, try to make the process as seamless as possible. Off-loading to an executor of the estate (someone who is not family) also lets those people close to you mourn without having that final burden.
- Comment on Tips on speeding up remote connection to personal server? 2 weeks ago:
You already ruled out Tailscale and the internal network and potentially the route taken to each your router.
Does your router run any services that perform IDS/IPS maybe? Any sort of packet filtering on the external interface? - Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
IMEI. You really would make an awful criminal lol.
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
Yes it is easy to find you.
No, it is not hard to track someone just moving it. - Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
But Bonzai Buddy was my friend! He wouldn't do those things to me! He cared!
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
4G/5G cellular? So, in some ways you're actually easier to find. Your cell gateway is connecting to a tower which is logged and includes cell strength metrics. That gets compared to other towers and via trilateralization your location is determined.
Again, going back to what I previously said: there is a path back to you even if only for either billing or connectivity purposes.
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
Ok, this I can answer personally as we did multiple cases of this happening (CSAM, bomb threats, etc) at work.
So, anonymity on the Internet is not actually a thing. Whether its an IP address or telecom switch or whatever, there is a path back to you even if only for either billing or connectivity purposes. So, for IP, we would receive a subpoena signed by a judge to hand over any and all information regarding the identify of the a given IP address (they include a long list of things whether applicable or not in the order so every potential base is covered). Once legal was able to review and handed it off to us, we take that and look at the DHCP logs to see that on a given date at a given time that the IP address was assigned as part of shelf A / slot B / port C. That shelf/slot/port combination is tied physically to an address/account. We provide the relevant logs and personal information of that user to law enforcement.
For bomb threats over the phone, telecom switches love to tell every other telecom switch who they are (again, connectivity purposes). So, when you make a call to a business/school doing that, their PBX is going to log to the millisecond when that call occurred and who the switch was. Again, subpoena and we pull the SIP logs. We can even provide the RTP/RTCP packets and reconstruct the phone call audio if the subpoena asks for that.
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
You can just look at the testimonies from others who have run exit nodes. The cost of your "free" VPN is that law enforcement will constantly be in contact and investigating you because your network/machine is being used to download CSAM.
There is no "oh don't worry, A.B.C.D is just a tor node, we can give it a pass". Every time that happens, it has to be treated with a full investigation.
- Comment on Rule 2 Clarifications and New Rule proposal I’ve gotten through (I believe) a 2 weeks ago:
I think 10% self-promotion is a very fair rule. It enforces the idea that if you are going to take from the community that you also give something back.
As someone who is partially self-hosted, I think that will help keep ads from muddying the waters when I'm searching posts for setup suggestions.
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
It would be like running TOR, but not a relay, it would be like an exit node.
That should be enough to warn anyone away from using them.
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
You mention crappy security practices from the ISP but then mention the user's action (installing "free" VPNs). Why is the ISP on the hook for the user making terrible decisions?
What is the correct security practice in that instance? Fire the customer for being an idiot? Maybe just DENY IP ANY ANY on outbound traffic?
How do you protect somebody who's intent on running themselves off a cliff?
- Comment on Are ISPs responsible for bots having residential IPs or is this a user problem? 2 weeks ago:
I worked as a network analyst for a provider for several years and during that time I'd say ~90% of the issue stemmed from sketchy apps/services that the user loaded from their end.
A lot of "free" VPN services will basically allow bad actors (the paid tier) to use your connection. A lot of IoT devices are also just openly available on the Internet to route through.
From the ISP perspective, we managed the roads, not your car. There is a push to blame the ISP as it's their network, but realistically how are they meant to provide security (in the context that is being asked) to any device that gets plugged into that network? We even had business customers demand we add clauses to contracts where we would accept responsibility for any malware they sent between sites over an MPLS setup.
In the end, a lot of people seem to want this impossible scenario of the ISP managing security for them but also not inspecting their traffic.
- Comment on [META] Are paid for closer source advertising appropriate? 3 weeks ago:
At it's heart, this is what @selfhosted is meant for:
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
I would say that members talking about paid/closed products they use (ex. "I connect to this via Tailscale" or "I use company ABC for hosted VPS") to accomplish something is fine, but marketing or job boarding (ex. "Looking for QA on my commercial product") is not.
- Comment on Recommendations on self hosting ebooks 3 weeks ago:
Readarr was orphaned, so most people switched to using LazyLibrarian. LL is kind of difficult to work with and you'll typically see a lot of failures in the logs for various things. Instead, you could use Shelfmark which fulfills the same general purpose but is more straightforward.
For browsing/reading, most people using Calibre-Web. You can write a simple bash script to random periodic imports via calibredb. Just point the output directory of Shelfmark to the input directory for that command.
- Comment on Is there room for Windows selfhosters? 4 weeks ago:
- Comment on anyone knows what's up with afraid.org? unavailable for a coupla days now 5 weeks ago:
edit2: thanks again everyone, you don't need to check if it's working. apparently I'm blocked from accessing the site, can't see any other explanation. DNS resolves fine, flushed caches, tried private mode, clear cookies, tried everything on my end to rule stuff out, nothing
You might run traceroutes/mtr to see where exactly this is failing. Here's the IP I show in case yours differs:
➜ ~ dig freedns.afraid.org @10.10.0.1 A ; <<>> DiG 9.20.23 <<>> freedns.afraid.org @10.10.0.1 A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51734 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;freedns.afraid.org. IN A ;; ANSWER SECTION: freedns.afraid.org. 60 IN A 69.42.215.252 ;; Query time: 206 msec ;; SERVER: 10.10.0.1#53(10.10.0.1) (UDP) ;; WHEN: Wed Jun 03 14:48:58 CDT 2026 ;; MSG SIZE rcvd: 63 - Comment on PewDiePie releases Codex/ClaudeCode/Cursor killer, Odysseous (FOSS) 5 weeks ago:
I remember getting into security about 15 years ago. This was around the time of Android really kicking off and it was crazy all the stupid things you could get away with (and that's just a static permission set). Now you have AI pentesting tools and AI slopcode to use it on. Depending on perspective, this is either a great time to be working in security and/or an awful time to be working in security.
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
Damn kids with your twitternets and me mes.