MigratingtoLemmy @ MigratingtoLemmy @lemmy.world

Posts

86

Comments

1,927

Joined

2 yr. ago

Moderating

---

Salt is an alternative to Ansible. However I prefer HashiCorp's Terraform for day 0 deployments. Unfortunately, PorkBun doesn't seem to support Terraform, so I'll keep looking. I'll take a look at the link you sent, thanks.

Out of curiosity, if you don't use these IaC tools, how do you manage self-hosted infrastructure?

I'll paste the comment I made earlier:

Oh boy, I was unaware of the fact that I can't use my own nameservers with cloudflare. Definitely not going to recommend them anymore

Which registrar do you suggest with good API support? Most of my infrastructure uses Terraform and Salt

Oh boy, I was unaware of the fact that I can't use my own nameservers with cloudflare. Definitely not going to recommend them anymore

What makes you want to move from Cloudflare? They are the least expensive option

Cloudflare doesn't allow me to change my name servers? What blasphemy! I had never considered this, I thought it would be allowed by default. Where can I read about this?

I'm looking for a cheap domain registrar with terraform support

Hmm, do you have all of this described somewhere? This sounds like a great setup

I'm interested in your "other DNS stuff"

I was thinking Cloudflare as a registrar and AWS as name servers, but good choice regardless.

Technically Cloudflare has the best prices

Cloudflare for support (tooling), Njal.la for privacy (run by the pirate bay founder), porkbun for a happy medium and for the cool kids.

Absolutely fantastic, considering your age! I was far, far worse than you are right now on this path to better privacy. Truly exceptional.

I commented in the post you reference, and I'd like to comment here too since I do see some things that can be improved (some of them, I employ for myself, whilst the others are still on my list to implement).

1. What made you use FreeBSD over everything else? I assume you have some experience using *nix-like operating systems, and the slightly more pro-user distributions like Gentoo and Void do seem BSD-like in operation. I'm just curious.
2. About Wireguard: it's a very good solution, however unlike other VPN projects, it doesn't have a way to natively hide its trace; i.e. OpenVPN and the like employ certain mechanisms to appear like HTTPS traffic to firewalls, which allows for better obscurity when using a VPN. Certainly useful for special cases, I remember seeing a comment somewhere that a school had disallowed VPNs on its campus network and the only way was to use a specific proxy that made it appear like HTTPS.
3. Ever tried a Blocky DNS + Unbound + Wireguard combo? The first is a DNS server with nice features, the second can be a DNS resolver, and the VPN is to obfuscate the IP from where you resolve your DNS queries.
4. I found a very nifty thing on the WhatsApp website the other day: https://faq.whatsapp.com/1299035810920553 - might be worth a look!
5. About the webcam and microphone on your device: if it's an older laptop, you can simply take the front cover of the screen off and disconnect the cable to it. It's pretty easy with the older Thinkpads and with some newer laptops too, just needs some practice.
6. Time to nuke your online accounts and (if possible) use stylometry analysis to measure certain triggers in your writing. I have yet to implement this myself but the idea is to have an LLM rewrite my answer whilst removing said bias and write in a generic tone.
7. I'll club payments and online shopping together: learn more about XMR. It is possible to use LocalMonero to exchange fiat to Monero directly, and once it reaches your wallet you can go through a generic churning process (not sure what it's called in Monero or if this is required, I need to look into it too) and finally, purchase gift cards using the Monero you have now. If the cafeteria accepts debit cards I think they'll accept gift cards too, but you might want to check. You can purchase Amazon gift cards, gift cards for ISPs/mobile network providers too.
8. Glad to have found another that likes to collect physical media! If I had the space I would have invested in a few CDs myself, but alas; FLAC it is (not complaining!). Which CD transport do you use?
9. I don't use office tools these days but I'd learn latex if I really needed to create PDFs.
10. I probably don't need to tell you this but RF hacking is really fun, I'm only really starting to look into it. When I get time!

I came across a few tools which I hadn't heard of before; thanks for the effort in creating your post. I hope you have a great time pursuing this path!

I believe the exploit was done at scale; the government had bought massive compute power from cloud providers to run TOR nodes and thus were able to track information flow (if you have the majority of nodes under your control, you can mathematically trace connections with their metadata across the TOR network).

I haven't kept up with the news but it's a safe assumption that they have the funds to keep doing this for perpetuity.

Thanks

I'm going to run Linux alright, and maybe BSD if I feel up to it. It would seem that the older Dell Latitudes are comparable to the older Thinkpads as options

Very nice read, I look forward to posts with detailed explanations of realistic privacy setups!

With that said, here we go:

1. TOR has been compromised. It likely doesn't matter if you're not doing anything that nations would be interested in, but something to keep in mind.
2. True nerds/privacy hobbyists always have multiple browsers for different use-cases. Bravo! I need to take a look at Mullvad myself, I really don't like Brave anymore.
3. Do you host your SearXNG instance? It should not be very hard to do on the cloud.
4. Which DNS resolver? I'm assuming this is upstream to your Adguard setup, which means the latter acts as the recursive resolver in your setup, if I understand correctly.
5. Didn't hear about SecureBlue before this, good distro in theory. Thanks.
6. Ever thought of getting a 10-year old Thinkpad yet to get rid of that pesky BIOS? \s
7. Do you have DoT and DNSSEC set up for your "private" DNS? Also, is this something like Quad9?
8. With the combination of flight mode and a Faraday bag along with not having a SIM, I'm assuming that people don't reach you using traditional means (calling). How do you stay in contact with others?
9. Define "locking down" of public accounts.
10. I have been thinking of AI for a bit, and you can get a P40 with 24GB VRAM for about $100-$150 on Ebay. Put that in an old computer and fight with licensing for a bit (Craft Computing has a good video on getting VFIO working on Nvidia cards by tricking the software) and you'll have a great setup for AI.
11. I'd stop with the subscriptions and start sailing the high seas, personally, but I understand if the sentiment does not sit well with people here. Piracy simply gives you more control and privacy. Look at LocalMonero to try and get monero without leaving a trace (directly converting fiat to XMR and exchanging for gift cards online after churning).
12. You must be using an old TV, but if you really need to purchase a new TV at some point (and it's very likely to be "smart"), you can simply disconnect the WiFi antenna from the back of the device. If you're really good at embedded systems, you could find the flash chip that holds the BIOS/OS of the TV and remove it (and edit the boot sequence) or flash it with something else. This is true for everyone who has a smart TV.
13. Holy shit this guy programs games to play them what a chad.
14. Please switch to Codeberg, Gitlab is annoying.
15. How do you coordinate local time with other people if your clocks are set to UTC?

That was a lot. Thanks for reading!

Thanks, I'll go read some more. I'm trying to move away from WhatsApp and wanted to run Signal in my main profile on Graphene. I hope I can use it without FCM there.

Thanks, I'm seriously considering the Latitude line alongside the Thinkpads.

I was simply asking for newer laptops. I am considering the used thinkpads alongside any recommendations here so I feel more informed

Thanks, I'll take a look

Could you suggest a few models? I'd be fairly interested in older business laptops especially if they are a viable alternative to the thinkpad line (never a bad idea to have more choices!)