Sorry to read that.

I’ve dded an external drive instead of an SD card once by mistake. I’ve never felt more stupid than that day.

It’s running NetBSD, isn’t it?

Some security tips:

Firewall should block everything by default, and you start allowing incoming and outgoing connections when you need them or if something fails.

Disable passwords and root access in ssh daemon.

Use fail2ban or something similar to block bots failing to log-in.

Use random long passwords for everything (eg: like databases). And put then in a password manager. If you can remember the database password, it’s not strong enough. If you can remember the admin password for a public web service, it’s weak.

Don’t repeat the passwords. Everything should have its own random long password.

.env files and files with secrets should be readable only by its service user. Chmod them to 400.

Monitor logs from time to time to see if something funny is happening.

Random ports are easy to discover and there are tools to discover what service is behind a port.

It’s annoying for the legitimate user and easy to bypass by an actual attacker.

Also, if you use a random port above 1024 it could be a security issue since any user could star listening if the legitimate process crashes.

See this

Nothing illegal is being discussed.

But I’m happy to talk about Jolly Roger.

https://workaround.org/

Wow! this is exactly what I needed. Although, I didn’t exactly ask for it.

Thank you very much

Thanks to both of you.

I had the hope that DMARC, SPF and DKIM was stuff I could just ignore if not sending email. It seems I was wrong about that.

These news are obviously false. Google is not doing this.

see federated network

looks inside

mastodon.social

Probably Snapchat or the phone automatically reported something.

I don’t believe the Snapshat app doesn’t use TLS, nor the airport performed some sophisticated man-in-the-middle attack.

I’ve got 3 tricks for ya:

• backups
• backups
• backups

1.3K forks already lol

Please remember to fork it outside github. They will probably delete all forks based on intellectual property bs written in their TOS.

Pros:

• No single entity that have all control.
• No entity profits from it, so you are not a product.
• Related to above: No trackers, no ads, no spyware, etc.

Cons:

• It is run by volunteers: bad uptimes, slower progress, slower fixes, etc.
• Some volunteer may give up and delete the instance. It happened to my first Lemmy account (nothing against you, stux)
• No market-driven decisions means sometimes instances defederate each other for purely ideological reasons. Sometimes very childishly. (again, nothing against stux)
• Lots of fedidrama.

Welcome to Lemmy. Hope you enjoy it.

I also assume it’s an expired certificate.

See, this is what happens when certificates are not renewed automatically.

The article says the projectos are discontinued. That’s probably the reason no one is monitoring these certs.

Another glorious benefit of DRM.

tankies + fedidrama = classic lemmy

Kubernetes is useful if you have gone full cattle over pets. And that is very uncommon in home setups. If you only own one or two small machines you cannot destroy infra easily in a “cattle” way, and the bloatware that comes with Kubernetes doesn’t help you neither.

In homelabs and home servers the pros of Kubernetes are not very useful: high availability, auto-scaling, gitops integrations, etc: Why would you need autoscaling and HA for a SFTP used only by you? Instead you write a docker-compose.yml and call it a day.

I had to mute all elon hate (love?) in mastodon. I need filters in lemmy to do the same.

Why is everybody so obsessed with the guy? Don’t like xitter? Don’t log in. That’s it.