BonkTheAnnoyed

joined 3 months ago
sorted by: new top controversial old
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 9 hours ago* (last edited 9 hours ago)

Those are good options, but Apache isn't all that overkill. It has some features I need, specifically routing traffic from multiple domain names to different network segments.

Add to that it's something I've understood well for decades, and it makes sense.

If I wanted to go small, though, I could just whip something using Go's proxies.

public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 10 hours ago

That's a really good strategy , thanks!

public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN in c/selfhosted@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 12 hours ago (4 children)

thanks! It's hard not to feel out of my depth, it's been so long. And, it being my own info, not a corp's protected by insurance, indemnity, mandatory arbitration, and (as a last resort) backups, the stakes feel a little higher.

3
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/34623175

How realistic is this architecture? It's been a while since I've set something like this up for work.

The thought behind this layout is that having only one machine hanging out there with just Apache and ssh (from lan only, non-standard port), and forwarding via Mod_Proxy any services I might want to share with non-LAN friends/family (photos, docs), is a smaller exposure than hosting all my VMs in a DMZ and hoping that the one server doesn't get nuked.

Something like: DNS -> public-zone{ www-serv } <-> firewall-1 <-> lan{ vm-host <-> firewall-2 <-> (printers, laptops, etc) }

firewall-1 is actually a router running Tomato, with custom iptables rules. That way if www-serv is compromised the attacker can't just drop some rules.

firewall-2 is just iptables rules on vm-host

all LAN computers' iptables are a little more permissive, with holes for SAMBA, CUPS, and ssh on non-standard port.

What do you think? Is this sufficient? What would you do differently?

9
public Apache VirtualHost pointing to e.g. NextCloud/Immich VMs inside LAN (lemmy.blahaj.zone)
 

How realistic is this architecture? It's been a while since I've set something like this up for work.

The thought behind this layout is that having only one machine hanging out there with just Apache and ssh (from lan only, non-standard port), and forwarding via Mod_Proxy any services I might want to share with non-LAN friends/family (photos, docs), is a smaller exposure than hosting all my VMs in a DMZ and hoping that the one server doesn't get nuked.

Something like: DNS -> public-zone{ www-serv } <-> firewall-1 <-> lan{ vm-host <-> firewall-2 <-> (printers, laptops, etc) }

firewall-1 is actually a router running Tomato, with custom iptables rules. That way if www-serv is compromised the attacker can't just drop some rules.

firewall-2 is just iptables rules on vm-host

all LAN computers' iptables are a little more permissive, with holes for SAMBA, CUPS, and ssh on non-standard port.

What do you think? Is this sufficient? What would you do differently?

‘Humbly, I’m sorry’: Marjorie Taylor Greene says she’s turning a new leaf after years of divisive comments in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 37 points 3 days ago

She's positioning herself for running as Vance's VP in 2028. That's it.

She hasn't had a change of heart, she doesn't warrant us "giving her a chance," she's not "okay for a republican."

NOTHING has changed.

She's an unapologetic white supremacists who is happily employed by the billionaire class.

US may owe $1 trillion in refunds if SCOTUS cancels Trump tariffs in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 4 days ago (1 children)

I happen to know of a newly minted trillionaire whom in a just world would reasonable be asked to foot the bill

Jack Dorsey Releases Vine Reboot Where AI Content Is Banned in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 20 points 5 days ago

Jack Dorsey once again singing "but baby I've changed!"

hard pass from me.

Senate Republicans reject Democrat deal to reopen government in c/politics@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 8 points 1 week ago* (last edited 1 week ago)

Good. Because without even reading it I'll bet they tried to throw trans people under the bus again

Nancy Pelosi announces she will not seek reelection to Congress after nearly 40 years in Washington in c/politics@lemmy.world
Google pulls the plug on first and second gen Nest Thermostats in c/technology@lemmy.world
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 2 weeks ago (1 children)

Are API calls to the device signed or whatever? At a minimum one could snoop traffic to rev-eng the API, then recreate it on a lan-only segment

Good Samaritan who defended trans woman after assault has surgery paid for by well-wishers in c/transgender@lemmy.blahaj.zone
[–] BonkTheAnnoyed@lemmy.blahaj.zone 6 points 2 weeks ago

I'm just going to say it: thanks! It's good to be reminded that there are not only people willing to help trans people, but others willing to step up financially to back them up

~~transpeople~~ is dehumanizing rule in c/196@lemmy.blahaj.zone
[–] BonkTheAnnoyed@lemmy.blahaj.zone 1 points 3 weeks ago (1 children)

This thread isn't about what cis people prefer, tho

~~transpeople~~ is dehumanizing rule in c/196@lemmy.blahaj.zone
[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 3 weeks ago (1 children)

An example of allies adopting the language exactly so: https://lem.lemmy.blahaj.zone/post/33466411/17547002

42
~~transpeople~~ is dehumanizing rule (lemmy.blahaj.zone)
submitted 3 weeks ago* (last edited 3 weeks ago) by BonkTheAnnoyed@lemmy.blahaj.zone to c/196@lemmy.blahaj.zone
21 comments fedilink
 

~~transpeople~~ (and ~~transman~~ and ~~tramswoman~~) is dehumanizing.

“Trans people” and “cis people.” Otherwise it reads like, “blarglepeople” and “actual people.”

The mashing together of the words was the language of the early anti-trans propaganda. It was successful enough that even allies continue to use it, unfortunately. Mostly because they’ve come up with new and worse ways to deny our existence while specifically addressing us.

I would say that it feels like blowing into the wind, but I know things like this can change, especially if 'teh youth" get it.

2
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33020379

cross-posted from: https://lemmy.blahaj.zone/post/33020376

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

14
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33020376

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

120
What are you all using for a 2FA token manager? (lemmy.blahaj.zone)
 

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

4
will grapheneOS restrict side loading? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/33012882

Planning on switching to GrapheneOS soon. Anyone know if they're planning on implementing the side-loading restrictions?

14
will grapheneOS restrict side loading? (lemmy.blahaj.zone)
 

Planning on switching to GrapheneOS soon. Anyone know if they're planning on implementing the side-loading restrictions?

36
I think the reason we evolved 5 fingers is so we can carry hot serving dishes farther by alternating which one is in contact with the hot thing. (lemmy.blahaj.zone)
2
I think the reason we evolved 5 fingers is so we can carry hot serving dishes farther by alternating which one is in contact with the hot thing. (lemmy.blahaj.zone)
1
What use a smart card reader? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/31922513

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

4
What use a smart card reader? (lemmy.blahaj.zone)
 

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

view more: next ›