TCB13

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

Pro tip, use ZFS and take snapshots before you make any changes

Yes, but BTRFS does the same and is way easier for beginners :).

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

Docker? Steep learning curve? You drunk mate?

When it comes to software the hype is currently setup a minimal Linux box (old computer, NAS, Raspberry Pi) and then install everything using Docker containers. I don’t like this Docker trend because it 1) leads you towards a dependence on property repositories and 2) robs you from the experience of learning Linux (more here) but I it does lower the bar to newcomers and let’s anyone setup something really fast.

In my opinion people should be very skeptical about everything that is “sold to the masses”, just go with a simple Debian system (command line only) SSH into it and install whatever is required / taking the time to actually learn Linux and whatnot.

TCB13 , 4 months ago to linux in Firefox looks so much better than Chrome

It’s a blog post from someone who never read a 990 before (standard nonprofit disclosure form) who thinks every other line of is proof of a scandal.

Only in the USA a “non profits” turns profit. 😂

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

Well, it’s not just about RAM. A DE comes with dozens of packages and things that get updated, startup delays and whatnot.

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

I do know about and use Cockpit with said virtual machine manager

So… no need for a DE :) Wireguard is so damn good, even if you manual setup it’s just easier.

TCB13 , 4 months ago to linux in Firefox looks so much better than Chrome

I know commercial VPNs are just switching who sees your data,

Oh yeah.

And yes, I distrust Google to no end.

Me too, the reason why I use ungoogled-chromium is mostly because of that and because when you take Chrome and remove all the tracking and spyware it runs way faster ahah. There are many people and projects that came together in the ungoogled-chromium community and the source code is scrutinized and cleaned up like nothing else.

TCB13 , 4 months ago to linux in Firefox looks so much better than Chrome

we have to be honest, Mozilla is kind of stupid sometimes.

Yes.

Looks like you can download Firefox through the Mozilla’s official HTTP/FTP repository that doesn’t trigger this ID token generation. Also this article motivates people to download Firefox installer from Softonic’s page:

Yes, but still having to go around the main download page to get an untracked version is kind of annoying. Fuck Softonic, the rest of the information about the IDs still holds true.

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

My Debian Hypervisor do have a DE (GNOME) to be able to easily access virtual machines with virt-manager

Well I guess that depends on your level of proficiency with the cli. I personally don’t want a DE running ever, in fact my system doesn’t even have a GPU nor a CPU that can do graphics.

With that said, do you know about Cockpit? It provides you with a very light WebUI for any server and has a virtual machine manager as well.

I don’t mind helping my friends install their openvpn client and certificate and it’s nice to not have my services bombarded with failed connection attempts.

Yes I know the feeling ahahah. Now you should consider Wireguard, it’s way easier and lighter. Check out the links I provided, there’s a nice WebUI to provision clients there.

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

Totally agree. :) Here’s a quick and nice guide: digitalocean.com/…/how-to-secure-nginx-with-let-s…

TCB13 , 4 months ago to selfhosted in What advice can you give to a beginner?

It depends on what you’re self-hosting and If you want / need it exposed to the Internet or not. When it comes to software the hype is currently setup a minimal Linux box (old computer, NAS, Raspberry Pi) and then install everything using Docker containers. I don’t like this Docker trend because it 1) leads you towards a dependence on property repositories and 2) robs you from the experience of learning Linux (more here) but I it does lower the bar to newcomers and let’s you setup something really fast. In my opinion you should be very skeptical about everything that is “sold to the masses”, just go with a simple Debian system (command line only) SSH into it and install what you really need, take your time to learn Linux and whatnot. A few notable tools you may want to self-host include: Syncthing, FileBrowser, FreshRSS, Samba shares, Nginx etc. but all depends on your needs.

Strictly speaking about security: if we’re talking about LAN only things are easy and you don’t have much to worry about as everything will be inside your network thus protected by your router’s NAT/Firewall.

For internet facing services your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as freedns.afraid.org.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service freedns.afraid.org and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need remote access to;
3. Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
4. If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
5. Configure your ISP router to assign a static local IP to the server and port forward what’s supposed to be exposed to the internet to the server;
6. Only expose required services (nginx, game server, program x) to the Internet us. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
7. Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
8. Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
9. Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
10. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard or required services port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
11. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connections from your country and more details here.

Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. Here a decent setup guide and you might use this GUI to add/remove clients easily.

Don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare tunnels and how to setup and alternative / more private solution.

TCB13 , 4 months ago to programmerhumor in Solutions? Where we're going, we don't need solutions.

PHP -> Problem -> Replace the developer -> Solution.

Yes PHP was bad in 5.x, in 8.x if things go bad it’s just the developer who’s bad.

TCB13 , 4 months ago to linux in Planning on moving over from Windows 10 to Linux for my Personal Work Station. Can't decide which OS I should switch to.

turns out i can do that with debian just fine.

Exactly, and unlike others Debian simply doesn’t fail.

TCB13 , 4 months ago to linux in Planning on moving over from Windows 10 to Linux for my Personal Work Station. Can't decide which OS I should switch to.

You already know why you should pick Debian:

Pro: The most stable OS I’ve used

About your “ancient packages” that’s an easy fix, just install all your software using Flatpak/Flathub and you’ll get the latest software on your rock solid base system.

TCB13 , 4 months ago to linux in Firefox looks so much better than Chrome

I’ve to work with what I got :P Either way even if I was doing jQuery or Vue (like I did in the past) I wouldn’t ever use Firefox because even without the Angular extension, just plain JS/CSS debugging I like Chromium dev tools more.

Besides the fact that my target users are always Chrome users and by using Firefox for development in the past I run into issues because specific features would work in Firefox but not on Chrome and vice-versa… or some piece of CSS rendered differently Chromium offers a level of polishness on small details that Firefox wasn’t ever close to. Firefox’s dev tools are always playing catch-up time to Chromium’s, that’s what I see.

Maybe I’m biased like you seem to be, but in the opposite way :P

TCB13 , 4 months ago to linux in Firefox looks so much better than Chrome

So… you don’t trust Google but you trust some shady VPN company? You aren’t wrong about quick wireshark tests, it does seem cleaner but long term trust and VPN companies are not something that go into the same sentence.