Findmysec @ Findmysec @infosec.pub

Posts

12

Comments

222

Joined

1 yr. ago

I'm an old timer and was recommended tachiyomi a lot, but these days I just go online TBH. Most manga isn't worth it for me to keep

Those remote access fears can be solved with a wireguard VPN

And I'm running 2 relay nodes. The TOR network desperately needs exit nodes to relieve the bottleneck at the exits, and that's where I want to help.

Of course, it's not for everyone, which is why one could just donate to the TOR foundation (or whatever they are called) and that money goes into infrastructure.

I'm not a native speaker, I assumed obfuscate meant hiding the IP address. I mentioned it because you asked.

I didn't make a new account just for this lol, it's just that I'm passionate about it.

They do, but VRAM. Unfortunately, the cards that do have that much of memory are used by OEMs/corporations and are insanely pricey

Pray tell me how I misinterpreted it? If running an exit node is going to help marginalized communities bring forth their voice (even the fringe cases that I don't agree with, because I believe technology should be accessible to everyone), why shouldn't one do it? Other than mortal risks like jail time because stupid senators can't be bothered to get their heads out of each others asses.

The reason to use Orbot is to obfuscate the IP

Edit: I'm a different guy from the one you responded to earlier

I don't know why people are recommending apps like Navidrome and Jellyfin when it isn't a music server that you're looking for but a way to share the music collection.

With that said, I can think of 2 approaches, and (likely) the easier option will be to use the help of such a server. Both will require a VPN server in the cloud which will be redirected via NAT/reverse-proxy into your network.

1. Use something like Navidrome with LDAP/Auth solutions like Authelia. User has to authenticate themselves to access their account on the service like something in the cloud.
2. To offer more barebones access to the underlying storage directly: set up NFSv4 for Kerberos.

And you'd rather have Iranian women and Ukranian men not being able to voice their opinions because you don't agree with helping them "break" laws?

As it turns out, eSNI (to take that forward, eCH) has become common in modern browsers with a supported DNS provider

Running a CA is cool however, just be aware of the risks involved with running your own CA.

All they say that if the private key is stolen then you're screwed. Think about it, if an attacker can:

1. Get into your network.
2. Presumably bypass key-based ssh/container runtime protections
3. Access pod/VM which is running the CA
4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
5. Steal private key without you knowing from your logs

You have a much bigger problem my friend

why is creating one's own CA the wrong way? I don't want to have to pay cloudflare or porkbun to run HTTPS at home

The easiest way is to pay for a public domain, use a subdomain of that which does not have an A record on the wide internet, and then use certbot to get Let's Encrypt certificates for them and auto-renew. Stuff these in your individual reverse-proxy instances (or propagate them, no idea how) and you're done

So, you want an LDAP server or a forum? That's either FreeIPA or hosting Discourse

Is there an SLA on the Hetzner storage boxes? What do you think about their reliability (will they recover if their underlying hardware fails?)

How much does OVH cost you for storage?

I admit that Storj is less expensive but it has egress costs which B2 + cloudflare doesn't (the latter with a free account)

That's personal pictures, ripped media, documents, some sensitive information etc. Netflix can go to hell

Any storage provider with client-side encryption

Personally I'm using rclone with the crypt backend of top of the usual b2 remote

Yeah well I have over 3TB to store

I'm just afraid of data loss, but I also know that that is unlikely. I have a local backup but sometimes I feel like that's not enough, unfortunately my budget is also tight which means I can't spend too much on replicated buckets/another cloud provider with a complete backup etc.

Also, have you ever faced the issue where you're pushing files to backblaze with rclone and there are many failed uploads (rclone retries them eventually after reaching the end of the queue), which is something I've never had with S3. Well, you get what you pay for I suppose.