Anybody who thinks Bitcoin has any semblance of privacy is a fool
Hmm, not bad. I care more about WLB than money so this is fine.
We really need to push IPFS and TOR/I2P to keep these websites alive. Fuck the low barrier to entry if it means the website can just be subpoenaed
What's the pay like for system admins in Europe on an average? Asking for mid-level (5-7 years of experience)
I have definitely read this answer before. I think we've probably already spoken on the matter. Indeed, Lemmy has a serious dearth of users interested and using secure distros over the averages. Thanks for your efforts; I do not know how to follow users on Lemmy but if I did I'd follow you. Do you have a blog/any other forum you're more active on?
Personally, I find it difficult to justify the time to learn Secureblue (especially the immutable part) or NixOS on Qubes because custom DispVMs with curated salt states work so well already. I'm interested in use-cases that will improve my security but I haven't found any dialogue on this yet. If you do have opinions on this and know where I can look, I would greatly appreciate it!
I would be really interested in a comparison of Kicksecure and secureblue. I'm interested in running one of them myself
Well the Star64 from Pine is pretty good, just doesn't have enough processing power and IO for my liking.
Framework has a laptop in progress if you're interested
This Friday has been absolutely pathetic, I couldn't even get a couple of simple configs done right
How would they do DPI on DNS packets routed using DoH? It looks like HTTPS traffic, it's encrypted, and other than size and frequency I don't see how they can gey anything out of it. Yeah they'll get the SNI with eCH but that's supported by FF and by a lot of providers using DoH
Yeah that's your situation. Some people are fine with it
Ah, you mean they put the cert in a transparent proxy which logs all traffic? Neat idea, I should try it at home
Private CA is the only way for domains which cannot be resolved on the Internet
Isn't feeling like that a good thing though? If you're sufficiently miserable there's a good chance you'll actually get the work done. This also works if you feel embarrassed or feel that others depend on you, but in my case I'm going to have to depend on the former.
It used to be that I didn't really grasp the scope of most projects, and so after research I used to dive right in. These days I'm more jaded and try to make better long-term choices in terms of software (which is ridiculously hard because you never know, example: Terraform is no longer FOSS).
The extra work is usually in optimisations or security configuration, both of which I'd like to have done but apparently I don't feel horrible enough to actually do it.
Yes, I have done both of what you said. It's not a hard-and-fast rule for me, but it does make me a bit miserable, that I didn't finish what I started. Sometimes, that acts as a catalyst for me to get back into it and actually try to finish it, or leave it completely after understanding that it's beyond me.
Thanks for the advice.
The title is really vague, so I'll try to clarify my intentions here:
I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.
However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.
This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.
What do I do? What would you do in this situation?
I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.
If you're starting from scratch, why did you pick/are you picking NGINX over the others?
cross-posted from: https://infosec.pub/post/15386345
> Hi everyone,
>
> This is my CONTAINERFILE for Bind9:
>
> > FROM debian > > ENV LC_ALL C.UTF-8 > > # Update and upgrade system > RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y > > # Install BIND 9 and sudo (for debugging if needed) > RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo > > # Configure permissions for BIND directories > RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind > RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind > > # Create and configure log files > RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log > RUN chown -R bind:bind /var/log/bind > RUN chmod 644 /var/log/bind/*.log > > # Define volumes > VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"] > > # Set the entrypoint to the named executable > ENTRYPOINT ["/usr/sbin/named"] > > # Set the default command arguments for the named executable > CMD ["-g"] >
>
> I keep getting this error when I run it with podman:
>
> > 26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' > 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable > 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied >
>
> As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
>
> I have been at this for a while and I'm at my wits end. Your help is appreciated!
cross-posted from: https://infosec.pub/post/15386345
> Hi everyone,
>
> This is my CONTAINERFILE for Bind9:
>
> > FROM debian > > ENV LC_ALL C.UTF-8 > > # Update and upgrade system > RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y > > # Install BIND 9 and sudo (for debugging if needed) > RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo > > # Configure permissions for BIND directories > RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind > RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind > RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind > > # Create and configure log files > RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log > RUN chown -R bind:bind /var/log/bind > RUN chmod 644 /var/log/bind/*.log > > # Define volumes > VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"] > > # Set the entrypoint to the named executable > ENTRYPOINT ["/usr/sbin/named"] > > # Set the default command arguments for the named executable > CMD ["-g"] >
>
> I keep getting this error when I run it with podman:
>
> > 26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' > 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable > 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied >
>
> As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
>
> I have been at this for a while and I'm at my wits end. Your help is appreciated!
Hi everyone,
This is my CONTAINERFILE for Bind9:
``` FROM debian
ENV LC_ALL C.UTF-8
Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo
Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind
Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log RUN chown -R bind:bind /var/log/bind RUN chmod 644 /var/log/bind/*.log
Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]
Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]
Set the default command arguments for the named executable
CMD ["-g"] ```
I keep getting this error when I run it with podman:
26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied
As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.
I have been at this for a while and I'm at my wits end. Your help is appreciated!
I've been looking to implement DoH
- The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
- Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.
However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.
My questions:
- I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
- Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?
I am still confused, would really appreciate some help :)
Hi everyone,
I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.
However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.
What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.
Thanks!