overview for Findmysec

The risks of downloading music at home with wifi in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 2 points 14 hours ago

Do I give a shit? I'll pirate everything I can till the end of time and if I'm feeling generous I'll donate to the artists on band camp or something. Nobody but the smaller artists need my money anyway

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 1 points 15 hours ago

Which is why not every provider supports BYOIP

What's the difference between a $50 HDD and a $200 HDD? in c/selfhosted@lemmy.world

[–] Findmysec@infosec.pub 5 points 1 day ago

SMR vs CMR and drive speeds

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 1 points 1 day ago (2 children)

There are providers who are OK with public trackers and don't care about DMCAs.

In principle, torrenting over IPv6 is the same as doing it over IPv4, it's just that there's a lot of IPv6 addresses so you might find it cheaper to buy IPv6. Yes there are some differences in the technology but from purely an operational POV, it's not very different.

The reason I mentioned bringing your own IPs is related to the reason why providers don't like public torrents: it pollutes their IP space and puts their IP ranges on blacklists. But if you bring your own IPs, suddenly the provider (in theory) is safe and doesn't care as much. YMMV of course, send an email to your provider of choice to ask more.

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 1 points 2 days ago (4 children)

I have seen seedboxes with 3, or maybe 4TB of storage under $10 (don't remember). And that's recent (about a month ago). Yes, unlimited uploads are definitely an issue. Such cases are best combated with buying an IPv6 slot and putting that on a VPS with a provider friendly to such things (they exist at reasonable prices)

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 2 points 2 days ago

I tend to seed rarer stuff till my ratio reaches 10, sometimes 15 on a case-by-case basis

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 1 points 2 days ago

Get an older Antec cade on Ebay, the one with 6 DVD bays. Load it up as a homeserver + seedbox + media burner.

I love piracy and seeders in c/piracy@lemmy.dbzer0.com

[–] Findmysec@infosec.pub 2 points 2 days ago (8 children)

Get a seedbox with storage. About $5-$10 a month can get you quite decent boxes in torrent friendly countries

What distro do you use for your servers? in c/linux@lemmy.ml

[–] Findmysec@infosec.pub 1 points 3 days ago* (last edited 3 days ago)

I guess you could use something like those new immutable distros to move away from state and related vulnerabilities. TBH there are plenty of hardening guides for Debian.

Or you could use any hardened version of Fedora which gets security fixes quicker, and then harden it some more yourself. The good part about Debian is that you are free to use SysVInit, I do not know if you could do that on Fedora. I do not think Systemd is a massive risk (if they have reached Systemd you have many other, bigger problems to think of).

I think I should study some more about Fedora. I run k3s on top and will go through their CISA hardening guide at some point to round things out.

What distro do you use for your servers? in c/linux@lemmy.ml

[–] Findmysec@infosec.pub 1 points 3 days ago

Please tell me you're using Oracle /s

Simplest tool to maintain local mirrors of git repos? in c/selfhosted@lemmy.world

[–] Findmysec@infosec.pub 1 points 3 days ago

I need to try this, thanks

Using Fedora Atomic (CoreOS, IOT) as server OS - Experiences? in c/selfhosted@lemmy.world

[–] Findmysec@infosec.pub 3 points 3 days ago (1 children)

Setting SELinux to permissive is not a good security practice

90

I find no motivation in working for myself (infosec.pub)

submitted 2 weeks ago by Findmysec@infosec.pub to c/asklemmy@lemmy.ml

67 comments fedilink

The title is really vague, so I'll try to clarify my intentions here:

I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.

However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.

This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.

What do I do? What would you do in this situation?

161

Why do so many people use NGINX? (infosec.pub)

submitted 3 weeks ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world

102 comments fedilink

I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.

If you're starting from scratch, why did you pick/are you picking NGINX over the others?

0

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 3 weeks ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world

4 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

2

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 3 weeks ago by Findmysec@infosec.pub to c/linux@lemmy.world

2 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

14

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 3 weeks ago by Findmysec@infosec.pub to c/linux@lemmy.ml

8 comments fedilink

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

4

Somebody please explain PROXYv2 to me and the myriad of ways to do DoH? (infosec.pub)

submitted 1 month ago by Findmysec@infosec.pub to c/networking@sh.itjust.works

0 comments fedilink

I've been looking to implement DoH

The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.

However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.

My questions:

I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?

I am still confused, would really appreciate some help :)

100

Is Backblaze a reliable provider? (infosec.pub)

submitted 1 month ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world

67 comments fedilink

Hi everyone,

I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.

However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.

What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.

Thanks!