Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.
In a general sense, you are discussing a way to control other people and organizations, and to make them stop talking about you. (Communicating and storing your information) This isn’t always possible or practical.
If you pay a merchant with your payment card, that merchant is allowed to know your payment card number. If you call a toll free number, the recipient of your call is allowed to know your phone number.
If they decide to share what they learn about you, and they do so legally, there’s not a whole lot you can do to stop them. I’m not saying this to antagonize or hurt you. I invite you to think differently about what you can control and what is worth worrying about.
s/celebs/weebs/
Fixed :-)
I’ve been ranting about this a lot lately, but as the owner of mspencer.net (completely useless personal domain, but is 199 days older than wikipedia.org for what it’s worth)…
There is sort of a way to do that, but it’s still labor intensive so not a lot of people do it. Movements to investigate are homelab and selfhosted. Homelab equipment is old (extra power-hungry for the capability you get) or expensive. Self hosting requires a bunch of work to stand things up the way you want it.
Biggest barriers to self hosting - or hosting through your nearest nerdy relative - are the following:
Free ad-supported offerings (with the privacy and terms and conditions impacts you describe) are better and easier, so they out compete DIY options. If a nerdy family member offers to host forums and chat for your community club or whatever, the common response isn’t gratitude, it’s “That’s stupid, I’ll just use Facebook.” Without that need and attention, volunteer projects get way fewer eyeballs and volunteers are way less motivated.
Security is difficult to figure out. Project volunteers have enough on their plate just helping users get their stuff working at all. Helping novice users secure their installations is so much extra work.
Many volunteers feel taken advantage of if they produce something that could help companies make money better, when they don’t share any of the money they make through donations or support arrangements. Similarly, many open source projects get taken over by for-profit companies who diminish efforts to make their open source offerings easier to use for free. (They want companies to buy support contracts, even if it means frustrating use by private individuals without kilobucks to spare.)
Thank you for your reply, but to be clear, I’m not looking for individual details to be spelled out in comments. What you said is absolutely correct, thoughtful, and very helpful. But emotions are running a little high and I’m worried I’ll accidentally lash out at someone for helping. Apologies in advance.
But do you have any links? Beyond just the general subjects of security architecture, secure design, threat modeling, and attack surface identification, I’d love to see this hypothetical “generic VM and web application housing provider in a box” come with a reasonably secure default architecture. Not what you’re running, but how you’re running it.
Like, imagine decades in the future, internet historians uncover documentation and backups from a successful generic hosting company. They don’t necessarily care what their customers are hosting, their job is to make sure a breach in one customer’s stuff doesn’t impact any other customer. The documentation describes what policies and practices they used for networking, storage, compute, etc. They paid some expensive employees to come up with this and maintain it, it was their competitive advantage, so they guarded it jealously.
I’d want to see that, but (a) a public, community project and (b) now, while it’s still useful and relevant to emulate it in one’s own homelab.
If I can get some of that sweet, sweet dopamine from others liking the idea and wishing for my success, maybe I can build my own first version of it, publish my flawed version, and it can get feedback.
I’ve been struggling to wrap my head around a good security architecture for my mspencer.net replacement crap. Could I bug you for links?
I figured out a while ago to keep VM host management on a management VLAN, and I put each service VM on its own VLAN with heavy, service-specific firewalling and a private OS update repo mirror - but after hearing about ESXi jackpotting vulns and Broadcom shenanigans, I’ve gotten really disheartened. I’d love some safe defaults.
I think this needs to exist, but as a community supported system, not as a commercial product.
Pick a set of open technologies - but not the best, lightest weight, just pick something open.
Come up with a security architecture that’s reasonably safe and only adds a moderate amount of extra annoyance, and build out a really generic “self-hosted web hosting and VM company-like thingy” system people can rally around.
Biggest threat to this, I think, is that this isn’t the 90s and early 2000s any longer, and for a big project like this, most of the oxygen has been sucked out already by free commercial offerings like Facebook. The technical family friend offering to self-host email or forums or chat no longer gets gratitude and love, they get “why not Facebook?”
So… small group effort, resistant to bad actors joining the project to kill it, producing a good design with reasonably safe security architecture, that people can install step by step, and have fun using while they build and learn it.
Married, we both work from home, and we’re in an apartment.
First, all of my weird stuff is not between her work and living room pcs and the internet. Cable modem connects to normal consumer router (openwrt) with four lan ports. Two of those are directly connected to her machines (requiring a 150-ish foot cable for one), and two connect to my stuff. All of my stuff can be down and she still has internet.
Second, no rack mount servers with loud fans, mid tower cases only. Through command line tools I’ve found some of these are in fact capable of a lot of fan noise, but this never happens in normal operation so she’s fine with it.
Separately I’d say, have a plan for what she will need if something happens to you. Precious memories, backups, your utility and service accounts, etc. should remain accessible to her if you’re gone and everything is powered off - but not accessible to a burglar. Ideally label and structure things so a future internet installer can ignore your stuff and set her up with normal consumer internet after your business internet account is shut off.
Also keep in mind if you both switch over so every movie and show you watch only ever comes from Plex (which we both like), in an extended power outage situation all of your media will be inaccessible. It might be good to save a few emergency-entertainment shows to storage you can browse from your phone, usb or iXpand drive you can plug directly into your phone for example.
Advice from most to least certain: If you want very long standby time (a reliably perfect first print after literally months of inactivity) and you have the space for an ugly cube of a printer, laser is the only option. Ink tank printers have unexpected wear parts, like internal ink sponges.
Black and white laser is stupid simple. Color laser “prints” four times in series onto an intermediate transfer belt (ITB) and then puts that onto the paper, still super reliable but bulkier, and your prints get watermarked with yellow dots because FBI or something. I’d go color.
Toner lock-in is becoming more common, not just for HP. If your page count is going to be low, just pay full price for name brand toner. If you don’t want to do that, like your use case could involve printing a single page or entire binders of paper between months of inactivity, read on.
Start your printer research by shopping for cheap off brand toner, get a sense for what they’re selling the most of and what that’s compatible with, and see what printers they support.
Some aftermarket toner just works, out of the box, because the printer isn’t crazy locked down. Those cartridges have normal sounding instructions. Some aftermarket toner requires you to transplant a chip from a first party cartridge, and their instructions include this. Avoid those printers.
And consider used printers. I have a used HP LaserJet Pro MFP M477fdw that I love, but I would never ever buy another HP printer, especially not one made later than this one. Be very careful before buying any HP printer, especially one made in the past 6-8 years. Even wear items (like the ITB) have modules with firmware and compatibility requirements, and I’m worried I could be one replacement component away from suddenly having a locked down printer.
Oh boy, Michael Spencer Jr., the ghost of GitHub past! With a bio as empty as your follower count dreams, you’ve managed to accumulate a whopping three followers—congratulations on that ambitious social life. Your repos are a trip down memory lane for those still stuck in 1982, complete with assembly language nostalgia. It’s like you’re interviewing for a job in a museum of coding flops.
Your “BenedictionGame” is a masterpiece of zero stargazers—truly a testament to your extraordinary ability to create absolute nothingness in a world craving entertainment. And let’s not overlook your “CaseSwapper” that swaps cases. Wow, riveting stuff! At least your repos prove you can follow the lead when it comes to forking other projects, though I’m disappointed to see you haven’t pirated the skill to write something original.
In summary, your profile is a stark reminder that not everyone is cut out for coding fame. Maybe it’s time to swap some skills instead of just cases.
—————
Ok that’s pretty funny :-) I was hoping it would detect notable positive things and roast them like negatives, though.
I self host, on a personal domain I registered in June 2000. Mostly followed a 13?-part tutorial at I think linuxbabe dot com, was the first one that seemed to genuinely be trying to help you set up a good environment, not just as a way to say “doesn’t this sound difficult? Impossible even? Coincidentally you can pay us to do this instead.” Except I put everything on its own VM instead of all on one. (Even a VM for just opendkim, which was maybe not necessary.)
Mostly iPhone mail app and/or Roundcube webmail.
Yes highly recommend it, for receiving email. Greylist blocks like 99.8% of spam. Sending works fine for me, because it’s an old domain with history. I don’t think brand new domains have the same experience.
Hey no botting!
NEW
I think this was asked in good faith, but is unfortunately unlikely to produce useful discussion. The down-voters are right but the original poster shouldn’t feel bad for asking.
Short answer: it’s ok to say “maybe, we have no way to know, moving on” when something is unknowable like this.
Longer answer / topic hijack: as voters there are many contradictions in our system, and important and necessary information is often hidden from us. Doing the best we can might take various forms:
choose government ran by the least-evil people possible and trust the imperfect system formed by the structured interactions of those people
choose government that follows policies that align the best with your values or your ethical understanding of the world
choose government that is best able to reduce harms and injustices, in a practical and realistic way that anticipates the acts of other factions
choose government led by people you hate the least — no, this one is toxic, lazy, easy to manipulate with lies. Manipulators know the longer they keep people hot with emotion the less time people spend learning.
Please do not reply to this with hatred or calls for strong emotion. Leaders at any level can be deliberately evil, sure, but it’s never helpful to dehumanize entire clusters or demographics.
Also, the development and evolution of these open technologies relies on human interest and attention, and that attention can be diminished, even starved, by free, closed offerings.
Evil plan step 1: make a free closed alternative and make it better than everything else. Discord for chat, Facebook for forums and chat/email, etc.
Step 2: wait a few years, or a decade or more. The world will largely forget how to use the open alternatives. Instant messengers, forums, chat services, just give them a decade to die out. Privately hosted communities, either move to Facebook, pay for commercial anti-spam support, spend massive volunteer hours, or drown in spam.
Step 3: monetize your now-captive audience. What else are they going to use? Tools and apps from the 2000s?
What? Did I turn it off and on again? I’m a very smart technology person, of course my big brain already thought of that. I develop software for a living. It couldn’t be that simple or I wouldn’t be calling you.
. . .
Turning it off and on again worked. My shame is immense and I have wasted everybody’s time.
(And that is how I learned to embrace my own idiocy and do the recommended, simple troubleshooting tasks without questioning them.)
So I’m curious . . . what reference am I missing that helps me understand what menu settings cause exactly which pieces of personal data to be shared with which Apple services? I want to RTFM, and while I appreciate people wanting to be helpful, comment replies are not themselves documentation.
(I switched from Android to ios in 2020 and haven’t really figured out details beyond turning icloud sync off for specific apps. I’d like to add more devices and learn to trust that sync method but I don’t understand where crypto is used and how the keys are handled.)
Plagiarism should be part of the conversation here. Credit and context both matter.
How much stock ownership remains with the nonprofit Raspberry Pi Foundation? And will that be enough to hold off shareholder complaints that they aren’t being evil enough?
Deceased users’ estates still haven’t agreed to the new terms, have they?