Mikelius

I’ve just use iptables rules which default block all docker containers any network access. I assign static ranges to those I permit access, though. It does occasionally throw me off when adding new services and not understanding why sometimes they don’t work right away, but I prefer it that way.

Once again punishing the users abiding by the law, while rewarding the criminals. What’s new.

Now wondering what will happen with my 2 Mint Mobile numbers I’ve had for 3-4 years, without making a single phone call. I only use them for internet access.

My response to the other person kind of explains some of the things I do to keep my devices secure. As for what it means to me: being able to control everything to be able to define level of access. I try to treat every device on my network as though it’s already compromised. How can I block the scope of the devices from spreading on the network? How can I limit the scope of damage for what’s available on the compromised device to a minimum? Heavy firewall configurations help limit the devices spread to. Encrypting private data such as contracts, government docs, etc into their own containers or partitions helps limit leaks. Alerts and dashboards on unexpected changes of any devices allows me to react quickly, of automation hasn’t already reacted for me.

You’re right in the fact I’m not going to look at millions of lines of code for many tools and such I use. It doesn’t mean I don’t look though. Being given the option to look at what I’m running is always better to me than not having it, in my opinion

I have template iptables/nftables rules on my devices on the network that I can just copy and paste to a machine to have a firewall that works (with tweaks specific to that device). With it I can tell it to send all logs of my choice through syslog-ng to my server just by installing it and telling it the destination, allowing me to have (already made) alerts and dashboards on every device on my internal network. My router runs Linux (openwrt) and allows me to do something other routers can’t do because I’m able to add a module into the kernel: permit switch-level firewall access. What this means is I don’t need (but do still have) VLAN to restrict traffic between devices. I can block firewall access completely at the router level before a device is tweaked to also add additional security (e.g. helps prevent my smart tv from probing every device on my network to gather information. Or if I purchase a malicious hardware online, it won’t know the rest of the network exists because the router doesn’t tell it unless I say it’s okay).

That’s firewall stuff. System security: can compile and modify the kernel to just the modules and such I want, lowering the scope of issues from a kernel level vulnerability. I can be very granular with file and directory permissions with a single command in the terminal. I can easily track file metadata changes down to just about anything you can think of with simple tools, like aide. Python scripts through cron and inotify can help me monitor when something sus happens on my machines.

Most of all this being done on Windows or Mac would require extra effort to work correctly, and not to mention probably cost money for software that can do the same but isn’t free. Also not entirely sure a router can be setup on either of those OS.

“I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited.”

Very few operating systems are secure out of the box. It’s up to the users to make it secure. It just so happens to be that Linux is the easiest to make secure, therefore I’ve always seen it as such when done right. Not to mention, I can know exactly how everything works rather than the blackboxes of Win or Mac.

deleted by creator

Oh the nostalgia. Gonna have to go play this again now lol

Mass extinction is knocking on the front door and it looks like we’re about to answer it with a welcome party.

Yeah true, probably another good reason to have a large flat area to land on! Although would be curious if concrete or something would even be useful or not to take (water and all).

By no means an expert, so anyone feel free to correct me. My understanding is that one of the big issues with landing on the moon is simply because of the ground itself. I would imagine if they could get this moon base started up, including a stable and safe landing location (i.e. flatten a landing place) would help tremendously with landing and leaving, essentially providing the same benefits an orbit station would.

It’s hard to describe how much this boils my blood. It would also f up the entire world’s natural ecosystem at an even faster rate than it is now. We’re not only destroying the planet, but taking ourselves down with it by trapping ourselves here.

But who cares, cause there’s money involved, right? ffs.

Still using my Gentoo install on my server which is now going on maybe 8 years?.. Never changing it lol.

As a lore fanatic of d1 and d2, plus the books all around those, seeing blizzard shove an extra class into a classic masterpiece and probably fuck all that up bothers me tremendously.

However, I can’t believe I’m saying… I’m actually happy they kept to their super money hungry ways this time and kept it a paid expansion. I can rest easy knowing I can still play the classic without this tainting it for me.

I found that classical music in my car was the only thing that would keep my cat calm on the way to the vet. Idk if just my cat or cats in general, but my single biased experience makes me want to believe that plants and animals like “natural instruments” for music.

Having a smart tv doesn’t mean you must use internet to utilize it. Mine is blocked from internet connectivity but connects to my media server on the local network. If anything, I prefer this so I don’t need an extra computer sitting in the living room and can instead use the same single media server my phones and computers do.

I bought a separate laptop and set it up with an encrypted password that both my wife and I know. It contains instructions on everything from my self hosted stuff to anything else related to my personal life that she would need. It’s 100% offline to keep it safe from a network compromise. This whole thing was especially important since I wanted to make sure my family could access all photos, calendar, contacts, etc for the last decade that are stored on my server.

It takes time to transfer everything to it (all in Obsidian) since it’s a brain dump… But it actually benefits me too. I’ve had a few times where I was like “how the hell did I set that up?” and had some instructions on there the helped lol.

Definitely recommend this to others to consider.

I’ll be honest, I think the grammar and way the post was written is what’s annoying me most. I’m reading it with at least 3 different possible meanings.

Interesting, I’ve never had this problem and have been using the auto upload for many years. I only use it for the photo taking, though. Any time I go through a phone cleanup and delete photos and videos, I’ll look at the folders I backup to on nc and actually go through them carefully to make sure everything was uploaded.

My install comes from f-droid so not sure if that’s something to do with it (unless yours is too).

Looks my photo of Orion nebula! No but seriously, like 80% of the frames I took had satellite streaks. It’s becoming a rather difficult target to photograph, at least relative to my place on Earth. Sucks to see this likely to become true for Hubble too.

I’ve got it setup automated on all my external domains, but trying to automate it on my internal-only domain is rather tedious since not only do I NOT want to open a port for it to confirm, but I have 2 other devices/services on the network not behind my primary reverse proxy that share the same cert.

What In need to do is setup my own custom cron that hits the hosting provider to update the DNS txt entries. Then I need to have it write and restart the services that use the cert. I’ve tried to automate this once before and it did not go so smoothly so I’ve been hesitant on wasting time to try it again… But maybe it’s time to.

What would be ideal is if I could allow it to be automated just by getting a one time dns approval and storing a local private/public key to prove to them that I’m the owner of the domain or something. Not aware of this being possible though.