atzanteol
@atzanteol@sh.itjust.works
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 22 hours ago:
OMG.
en.wikipedia.org/wiki/Security_through_obscurity
In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician’s sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser’s version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.
You don’t know what you’re talking about - please stop. It’s embarrassing. It’s a long-standing industry term not some weird phrase I just made up. Nobody is saying “Linux is obscure”.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
Enjoy your “security”. 🙄
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
Sorry - which part of your comment added anything of value? “can help to minimize the attack surface”? 99% of the time a proxy just passes traffic through. Unless you’re talking about a WAF which is a) a different thing and b) NOT what any home gamers are talking about when they recommend nginx, traefic, etc. to newbs.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
Just google the term next time rather than embarrassing yourself.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
See what I mean?
As if a proxy blindly passing traffic directly to a backend server “reduces attack surface” in any meaningful way. 🙄
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
The self-hosted crowd thinks reverse proxies protect you from the Internet. Don’t expect too much of them.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
You could have just said that you don’t know what “security through obscurity” is.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
It goes right to the top!
- Comment on Help choosing a good HDD for my home server? 3 days ago:
2.5’ hdd but besides running tight on space
No wonder - that’s huge! (sorry - couldn’t resist)
While I don’t exactly intend to run RAID
At these sizes you may want to consider it - at least a mirror. That’s a lot of data to lose and/or have to fetch from backups. Being able to limp along until you get a replacement is an enormous time-saver.
- Comment on "Ultimate" guide for literal beginners 4 days ago:
Underrated comment.
A “howto” that just gives you scripts and commands to run is pointless. You need to understand the technology, and networking in particular.
- Comment on Homepage - Selfhosting Dashboard 6 days ago:
No?
- Comment on Help! I need a really simple image hosting solution 1 week ago:
2Gig on S3 (in us-east-1) is like $0.05/mo. and is enough for either Nextcloud or Immich. Your data is going to be the largest consumer of space.
- Comment on Help! I need a really simple image hosting solution 1 week ago:
Things like Immich or Nextcloud are far too much for what I need, I basically just need a password-protected upload interface and the ability to grab the direct links to the images to embed them.
Why do you care that they do things you don’t need if they also do what you need?
Because these do just what you need and do it well.
- Comment on Using a NAS to redirect to another NAS for streaming ? 1 week ago:
Reverse proxies do not give you security.
- Comment on Setting Up OPNsense on Proxmox: Doubts regarding NIC setup 1 week ago:
Agree - critical infrastructure should have as few dependencies as possible.
- Comment on What path does data take when connecting to a domain at my address? 2 weeks ago:
It’s called “traceroute” on Linux and Mac because there was never a 8.3 filename limitation on them.
- Comment on How my AI Agent views and maintains "our" homelab 2 weeks ago:
Does… It matter?
Energy use is energy use no?
The energy required to do inference (i.e. amount it questions and the like) is no worse than doing some gaming for a short period of time.
That said it’s probably less efficient to run locally since anthropic and openai have been getting more efficient data center hardware from nvidia compared to consumer desktop gpus.
- Comment on Recommendations for next steps for my setup and order of operations (primarily as it relates to reverse proxies)? 3 weeks ago:
Unless you have a specific need there is no reason. So long as the domain resolves then you’re probably good. I use AWS so I can easily update the IP since I have a dynamic IP address. Some may use Cloudflare because it’s necessary to use other services or because there’s a ‘free’ option or something? I’m really not sure - I’m not familiar with Cloudflare but I see lots of people using their low-end free services for things.
- Comment on Recommendations for next steps for my setup and order of operations (primarily as it relates to reverse proxies)? 3 weeks ago:
The tutorials I’d been looking at were showing them overriding the DNS servers at the domain registrar with servers from Cloudflare or elsewhere. Is that just because there may not be an automated way to update the IP dynamically with the domain registrar, but there is for Cloudflare?
Probably because those tutorials are using Cloudflare for DNS services. I actually use Amazon AWS Route53 for my domain (purchased through 123cheapdomains (yes - really)) and I update it through the AWS APIs with a small script.
- Comment on Recommendations for next steps for my setup and order of operations (primarily as it relates to reverse proxies)? 3 weeks ago:
I was curious what distro you folks might recommend for this purpose.
This is a bit like going to an automotive forum and asking “what’s the best car to buy”. You’re going to get a lot of “I’m running <blank>” and people telling you their preferences, which is NOT the answer to your question. The answer to your question is that literally any of them would be fine for your purposes. If you’re happy with Bazzite then stick with Bazzite. There’s no reason to switch.
If I have to manage it entirely by command line, it will take 10 times longer for me to do anything I want to do, and I’d really prefer a GUI.
Then use a GUI. The extra memory used is trivial and your system will be way over-powered for a reverse proxy to a home network anyway. In Linux land there’s really no such thing as a “server distro” and a “desktop distro” for the most part. I use Ubuntu, Debian and Fedora as servers. They can all have desktops on them too.
You may find, however, that as you manage more than one system it becomes tiresome/tedious to have to use RDP for remote administration and may start learning the CLI over time. Especially since it’s often a lot easier to give somebody a list of commands to run on a forum than to say “open your network manager, which is different on Gnome from KDE, click the button that says…”.
I need something that can sit there without updating until I tell it to
Are you going to update frequently? You want to be sure you’re keeping security patches up-to-date. Auto-patching can be very good unless you have the discipline to keep up with it.
I need a domain for that, and a lot of tutorials just skip on past this step in the domain configuration screens where you “enter your DNS servers” as though I know why I’d need other DNS servers,
You’ve got a bit of reading on how DNS works. But basically there are “root DNS servers” that everybody knows by IP address that then know about other DNS servers by IP and forward traffic to them to resolve names. When you register a domain you are asking one of those DNS providers to resolve your hostname to your IP address. You can see this a bit by running
dig +trace some.host.nameand it will show the requests made. Your DNS servers would be the ones where you register your domain.BUT your IP address may change. So you generally need a way to update it if it does. There are providers like dyndns.org and others (search for dynamic domain service or something) that will give you a sub-domain for free/cheap and tools to auto-update it. Something like “mysite.dyndns.org”.
- Comment on [Jeff Foust] Astronomers fear orbital data centers will interfere with observations 4 weeks ago:
What problem is this solving? It’s expensive to launch, hard to power, hard to cool, and unserviceable.
Also - no mention of the speed running Kessler syndrome?
- Comment on This community isn't your personal adviser 5 weeks ago:
How do I do that for just that post? And how do I ignore replies for that post so I didn’t get any other notices?
- Comment on This community isn't your personal adviser 5 weeks ago:
If it’s easier to delete the post guess what people will do.
- Comment on ChatGPT fried my drive!? 6 months ago:
AI is so much faster than reading docs. And you get context specific responses that you can drill into. When used correctly it’s very useful.
This was using it… incorrectly though…
- Comment on ChatGPT fried my drive!? 6 months ago:
The drive got whipped [sic]
Oh, it was just sitting there and “got wiped”? Not because of a command you ran?
Sorry to be snarky but when asking for help you need to provide what you did, what error message you see now or what you expect to happen and what is actually happening. Also what OS you’re using would be helpful.
Presumably you should be able to get the drive back into a usable state - but I’m not familiar with SAS drives.
- Comment on ChatGPT fried my drive!? 6 months ago:
Am I the only one who has no idea what their problem is now? Just that there was an error about DIF but… What’s the issue now?
- Comment on What are some unique Games to host server's of? 6 months ago:
I ran a fairly popular RTCW server back in the day… Insta-gib and sniper rifles only. Good times.
- Comment on MPV: The Ultimate Self-Hosted Media Solution You're Probably Sleeping On 8 months ago:
I’m happy you’re discovering the Linux CLI, but this is pretty ridiculous. mpv, vlc, mplayer, etc. all serve very different uses from jellyfin.
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 9 months ago:
Oh for sure - containers are fantastic. Even if you’re just using them as glorified chroot jails they provide a ton of benefit.
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 9 months ago:
Containers run on “bare metal” in exactly the same way other processes on your system do. You can even see them in your process list FFS. They’re just running in different cgroup’s that limit access to resources.
Yes, I’ll die on this hill.