My self hosting journey is limited mostly by time. When I have it, I try out new setups or tweak my current one. Otherwise it’s just lower end maintenance and updates.
The last time I had ample time I managed to get a double WireGuard (both in and out) working, so that’s something I suppose.
I can’t see anything disagreeable in this summary from my own experience so far though. Great stuff!
IOT home devices using cell data? In Canada? It would either come with a hefty monthly fee, or the appliance company would lose their shirt.
Cell companies here put a lot of effort into keeping the prices up.
Might fly south of the border though.
So, what happens if I use pi-hole or adguard to block DNS for the advertisement TLDs, like I do for all the other gizmos in the house trying to show me ads or obtain telemetry data?
It may seem like a small percentage loss when talking dollar for dollar subscription loss vs Disneys massive revenue, but the scarier thing for their board of directors is damage to their brand.
The thought that a situation like this could cause any long a lasting or irreparable harm to the iconic mouse ears in any way would make keep them awake at night.
I concur. Podman is superior in my opinion. It’s more secure by default (rootless containers) and can do pretty much everything docker can do naively (you can literally alias docker to podman in your shell and it will work)
It’s not as easy to find info on some of the systemd specific stuff (Quadlets), but once you figure that out, it’s pretty amazing.
I ended up making up my own scripts to allow me to create new system users, pre-loaded with aliases and shortcut functions to make my life easier ( automatic quadlet container file generation, pre-set network rules, etc), but it is not required.
All the info is there, but starting out it can be a bit overwhelming.
My containers are pretty much self sufficient now. I just intervene when something needs major updating or config changes
Even though switching my laptop to Linux was a bit of a pain, especially for other family members, i didn’t regret it at all before. This just makes it even more reassuring as the right move.
Even the programs I had that rely on windoze I just run in wine or in a small vm.
If you can switch, do it!
Thanks for this! I’ll check it out.
The ensh*tification continues. Time for community git to somehow be federated like lemmy.
Some sort of encrypted collective sharing of the whole through BitTorrent style shared hosting.
I would seriously consider donating a few TB space and half my bandwidth to that.
The even brighter side of it is that it should be easier to spot these companies when job hunting.
IMO: Demand higher wages and iron clad contracts from them because they already demonstrated how they feel about paying people.
They’ll surely cut anyone they can again as soon as they can.
What I suggest/have done:
Rent a cheap VPS in a non-five eyes country that comes with a static ipv4.
SSH on random port with certificate auth only. No root, no password auth.
setup WireGuard server with random port.
firewall block all incoming except ssh and WireGuard port at first.
set home server to connect via wireguard as sole client to VPS.
individually add any ports you want to go to the home server from the internet as NAT forwarded ports. Basically WWW -> VPS -> Home.
have a separate WireGuard VPN for outgoing from the home server.
profit?
But it’s crazy complicated. At least it was for me. Not for the faint hearted imo.
Thanks for this! I’ll read up on it.
The name unfortunately put me off from looking into it before. Basically anything with ‘coin’ in it just makes my brain go to crypto scam automatically these days I think.
You are 100% correct. The issue isn’t the infrastructure per se, but the usage of it.
By decentralizing, I guess I mean finding a way to remove the ability for a mega company like Google from being able to dominate the playfield.
The percentage of internet users that can or will bother to run their own DNS is way too low.
How easily DNS can be manipulated by any network for the average end user is the blessing and the curse it seems.
Can someone considerably smarter than me, with time to spare, please just find a way to federate/decentralize DNS.
I can fathom that it is complicated, maybe even impossible in the current setup, but the internet we all grew to love dies a little bit more each time the mouth breathers try to restrict it on behalf of capitalism.
Maybe remembering ip addresses can fill the void of not having to remember phone numbers anymore?
Ok, so not really bright, but visible. I smell the plot to a bank heist movie.
And blinded by security cameras?
Seriously, wouldn’t being able to see infrared basically make you see night vision cameras like they are street lights?
Probably totally unrelated, but I find it interesting that Canada suddenly lifts the electricity surcharge right when the US suddenly decides to support Ukraine again.
Like I said, most likely totally unrelated, but the timing is a bit suspect. That surcharge of 25% would have netted Ontario something like 400K a day from the US. Not economy ending, however I can imagine a lot of residents and business owners in the affected states would be mega unhappy about it.
It’s the never ending battle between what’s secure and what’s practical. In order to have widespread adoption, it has to be easy. In order to be secure it requires layers of complication.
It’s a yin/yang battle.
A bank vault with walls 2 feet thick, 24/7 surveillance and requiring a two key unlock mechanism is secure compared to a house door lock on a regular suburban bungalow, but is it very practical?
The level of digital security generally attainable is limited by how likely someone is to use it.
2FA using keys is the closest I’ve seen to a happy medium, but it has to be implemented correctly. If the private keys are sitting on a cloud server somewhere and it gets hacked, is it more secure? Maybe not.
Just like real defence, the walls are only as good as the foundation or weakest point.