• 0 Posts
  • 80 Comments
Joined 2 years ago
cake
Cake day: June 18th, 2023

help-circle

  • Encrypting the connection is good, it means that no one should be able capture the data and read it - but my concern is more about the holes in the network boundary you have to create to establish the connection.

    My point of view is, that’s not something you want happening automatically, unless you manually configured it to do that yourself and you know exactly how it works, what it connects to and how it authenticates (and preferably have some kind of inbound/outbound traffic monitoring for that connection).


  • NaibofTabr@infosec.pubtoSelfhosted@lemmy.worldSyncthing alternatives
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 month ago

    Ah, just one question - is your current Syncthing use internal to your home network, or does it sync remotely?

    Because if you’re just having your mobile devices sync files when they get on your home wifi, it’s reasonably safe for that to be fire-and-forget, but if you’re syncing from public networks into private that really should require some more specific configuration and active control.


  • NaibofTabr@infosec.pubtoSelfhosted@lemmy.worldWhat do I actually need?
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    4
    ·
    2 months ago

    My main reasons are sailing the high seas

    If this is the goal, then you need to concern yourself with your network first and the computer/server second. You need as much operational control over your home network as you can manage, you need to put this traffic in a separate tunnel from all of your normal network traffic and have it pop up on the public network from a different location. You need to own the modem that links you to your provider’s network, and the router that is the entry/exit point for your network. You need to segregate the thing doing the sailing on its own network segment that doesn’t have direct access to any of your other devices. You can not use the combo modem/router gateway device provided by your ISP. You need to plan your internal network intentionally and understand how, when, and why each device transmits on the network. You should understand your firewall configuration (on your network boundary, not on your PC). You should also get PiHole up and running and start dropping unwanted inbound and outbound traffic.

    OpSec first.








  • Beyond your eventual technical solution, keep this in mind: untested backups don’t exist.

    I recommend reading some documentation about industry-leading solutions like Veeam… you won’t be able to reproduce all of the enterprise-level functionality, at least not without spending a lot of money, but you can try to reproduce the basic practices of good backup systems.

    Whatever system you implement, draft a testing plan. A simpler backup solution that you can test and validate will be worth more than something complex and highly detailed.





  • The issue is more that trying to upgrade everything at the same time is a recipe for disaster and a troubleshooting nightmare. Once you have a few interdependent services/VMs/containers/environments/hosts running, what you want to do is upgrade them separately, one at a time, then restart that service and anything that connects to it and make sure everything still works, then move on to updating the next thing.

    If you do this shotgun approach for the sake of expediency, what happens is something halfway through the stack of upgrades breaks connectivity with something else, and then you have to go digging through the logs trying to figure out which piece needs a rollback.

    Even more fun if two things in the same environment have conflicting dependencies, and one of them upgrades and installs its new dependency version and breaks whatever manual fix you did to get them to play nice together before, and good luck remembering what you did to fix it in that one environment six months ago.

    It’s not FUD, it’s experience.






  • Does Proton really support Trump? A deeper analysis

    One thing to note is that while on Reddit, people are alleging that Proton is a company run by a fascist, pro-MAGA, pro-dictatorship CEO, users on X are accusing Andy and the company of being anti-MAGA/anti-Trump.

    So, in the face of all the evidence I’ve found, to compare Andy to a tech oligarch like Zuck and Elon, who are now bootlicking on display for all to see, is not supported by the evidence.

    […]

    However, being disillusioned with one party on one issue doesn’t mean that all of a sudden Andy Yen changed all of his stances and that now he’s actually pro-Republican or pro-MAGA. All of the evidence gathered suggests the exact opposite.

    Considering how many users here have expressed similar disillusionment with the current Democratic party, it seems a bit hypocritical to judge Andy Yen for having the same feelings (or expressing them on occasion).

    This whole “Proton supports MAGA” thing is another example of internet mob-think where everybody has an opinion informed by no facts at all, actively ignores or dismisses the larger context in order to protect that fragile opinion from reality, and most haven’t even looked at the original statements that sparked the controversy.