iMeddles

joined 1 year ago
[–] iMeddles@infosec.pub 10 points 3 months ago

I worte a guide last year on how I do network bound encryption - that is the disk will automatically decrypt at boot if it's connected to my home network, but not if the disk or machine is removed from my house. The advantage over the dropbear method is that you can set unattended upgrades to auto reboot your server whenever it installs security updates, and it'll come back up with no manual intervention from you.

[–] iMeddles@infosec.pub 12 points 3 months ago (1 children)

Dry air causes way more static electricity build up, which electronics really don't like having discharged into them

[–] iMeddles@infosec.pub 2 points 11 months ago (1 children)

I had some spare time today, so I wrote it up on my website here

[–] iMeddles@infosec.pub 6 points 11 months ago (2 children)

I don't at the moment, because I don't have a need for it, but I did for a while run a PoC with Step CA, and that seems like the easiest way to get up and running, even if its features are overkill for a home lab.

[–] iMeddles@infosec.pub 4 points 11 months ago (3 children)

if you go down the luks route, an option to look at is Clevis/Tang for automatic unlocking on a trusted network. I have a tang server running in the cloud, firewalled to my home IP, so if my server reboots in my house, it auto unlocks, but if you steal it and try to turn it on anywhere else, it won't be able to auto unlock, and will require a password.

I should write that config up somewhere as a guide.

[–] iMeddles@infosec.pub 1 points 1 year ago

Thinkst have also published opencanary which you can run yourself and contains a decent subset of what their hardware canaries run, including SSH and cifs.

[–] iMeddles@infosec.pub 1 points 1 year ago

My aim for the year of voice is to replace my google minis with something that works locally with ha, if this gets integrated that way its gonna save me reasonable amounts of money on speakers :D

[–] iMeddles@infosec.pub 1 points 1 year ago

A pihole. Given how much I've spent over the years on self hosting kit, few 'cheap' things have ended up costing me more than that first 30 quid raspberry pi

[–] iMeddles@infosec.pub 1 points 1 year ago (1 children)

Every machine is named after what it does (although I do 1337-ify the names, because I'm still a late 90s IRC teen at heart). If you've ever been onboarded into a sysadmin role where all the machines are named with whatever whimsical naming scheme each department chose, you'll fast develop a visceral hatred for non-descriptive naming schemes. The fifth time you get a ticket saying something like 'Hedwig is down' and you have to go crawling through three layers of linked files on SharePoint to find what and where 'Hedwig' is, you'll be ready to beat the person who named it to death, and that attitude tends to persist to your home naming scheme :p

[–] iMeddles@infosec.pub 4 points 1 year ago

Even better, I found a company that pays me in money while having a free beer fridge in the office :D (at least, up until before I basically started wfh full time during the pandemic)

[–] iMeddles@infosec.pub 18 points 1 year ago (2 children)

Went to university to study Bioinformatics. There I discovered I don't really like biology, but I did really like getting paid beer to fix other student's computers. Especially when they were desperate around submission deadlines cos they hadn't backed up their work for weeks/months before their computer went kaput.

I've been a sysadmin now for 13 years since graduating.

[–] iMeddles@infosec.pub 3 points 1 year ago* (last edited 1 year ago)

Holy shit... for years archive.org only had fairyland and I'd given up on this one ever appearing. Thanks so so much for spotting this. MY QUEST IS OVER. Time to see just how crap it is :D

view more: next ›