boredsquirrel

@boredsquirrel@slrpnk.net

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨FIRST LOOK: Common Side Effects | adult swim (6:09)⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Really cool
⁨Comment⁩ on ⁨A Right-Wing News Channel Struggles to Sanewash Trump⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Well that is certainly youtube.com, a video streaming website containing a ton of trackers, gathering user data to serve them targeted ads, incorporated in the datakraken “Alphabet” which controls half of the web and has its Javascript embedded everywhere, asking you to sign in and connecting your browsing behavior even without signing in or using their search engine or browser or OS or mobile OS.

So yeah, no idea what you mean by malicious link and if you dont use basic security measurements like DNS adblock, ublock origin and a modern browser… but you could call it malicious anyways
⁨Comment⁩ on ⁨A Right-Wing News Channel Struggles to Sanewash Trump⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Yup real on youtube by some guy
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yes this is true. That is why a separate method would be needed, to log into and hand the password to the LUKS decrypt of the server.

I heard Debian can do this with ssh in the initramfs?

Sounds like a hella pain of course.

Alternatively I thought about using a security key to unlock, and in scenarios where I am worried about getting hardware stolen, I can pull it out and need to manually enter the password.
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yes the threat model is people pulling out the drive, of course.

How should they get access to the server when it is running? You still need to connect to it and log in, which wouldnt be the case.
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Rebasing is not important, for the most people.

I like to try variations of the same system, like Fedora Kinoite, uBlue kinoite-main, uBlue Aurora, secureblue Kinoite-main, went back.

But resetting is the key.

Also rebasing would allow you to switch from normal deployment to a local image host, like in your LAN. This could already be worth it if all your family uses the same system, even more a company.

You can do uBlue style stuff at home on your own server, mostly with podman and buildah
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yes microOS ticks those 2 boxes.

Fedora on its own doesnt do backups at all, which I find crazy.

rpm-ostree or bootc though are better, as they allow rebasing, resetting etc. This is not possible with microOS, which is a huge dealbreaker for having a server that will never have the need to be reinstalled.

I will try Caddy! Did you use NGINX before?
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The threat scenario is currently very harmless, but I had situations where Raids could be likely. This is always a shitty case, you need to hide a backup laptop in a different location etc.

But honestly I just find this security hacking a ton of fun.
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Hm, so when using Nextcloud, is the db itself encrypted or something?

All my devices are encrypted.

Access to the decrypted data requires RAM access, i.e. cold boot attack. Or access to the server via ssh (fail2ban, strong keys) or the admin or user nextcloud accounts (again with strong passwords and possibly TOTP or webauthn).

I already fiddled with the required Nextcloud Addons for TOTP and it worked great. Webauthn is an Android/GrapheneOS limitation poorly, maybe that gets fixed some day.

The issue of course is upgrades. I should do a second post on that topic. There are solutions for that, like mounting encrypted partitions and running Nextcloud on there. This could be automated.

For the obvious raid attack, I would have a udev rule that detects when AC is disconnected and then performs a clean shutdown.
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Thanks for the tips!

Both SSDs are SATA and I want to LUKS encrypt both too.

So automatic updates could work, but I guess I would need to manually reboot as there is no remote LUKS unlock option. Debian has one?

That would also be a reason against Fedora with its very fast release cycle.
⁨Comment⁩ on ⁨Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Yes it does. Fedora Atomic and others could be problematic with Docker, while Docker may be less secure or whatever but is also easier.

Also the distros packages matter, etc.
Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?
Submitted ⁨⁨1⁩ ⁨month⁩ ago⁩ to ⁨selfhosting@slrpnk.net⁩ | ⁨16⁩ ⁨comments⁩
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
You know deletion is an option
SimpleX Chat Group about Privacy & Securityslrpnk.net ↗
Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ to ⁨cybersecurity@infosec.pub⁩ | ⁨0⁩ ⁨comments⁩