overview for Findmysec

Some piracy anime streaming websites, such as Aniwave (aka 9anime) shut down. in c/[email protected]

[–] [email protected] 5 points 18 hours ago

This sucks a lot.

Piracy Shield 2.0 in Doubt For 2024 , TV Manufacturers Urged to Ban VPN. in c/[email protected]

[–] [email protected] 1 points 23 hours ago

I believe the general population will have to become savvy enough to run their own VPNs from their personal VPSes. Also there are affordable seedbox providers which will let you have a decent amount of bandwidth for seeding, but yes I generally agree with your point. We need more upload bandwidth with seedboxes

Piracy Shield 2.0 in Doubt For 2024 , TV Manufacturers Urged to Ban VPN. in c/[email protected]

[–] [email protected] 1 points 1 day ago (2 children)

Let's see them banning seedboxes LMAO

Piracy Shield 2.0 in Doubt For 2024 , TV Manufacturers Urged to Ban VPN. in c/[email protected]

[–] [email protected] 2 points 1 day ago

So, everybody uses IPSec now?

Difference between downloading on public wifi and mobile hotspot? in c/[email protected]

[–] [email protected] 1 points 1 day ago

Use a VPN if you're in the West/Far East. That's it

Recommend me a scripting language in c/[email protected]

[–] [email protected] 2 points 1 day ago (1 children)

TBH I don't even use awk that much, even that is plenty powerful for my needs. Perl absolutely blows my mind with how needlessly complex I can make stuff with it

Recommend me a scripting language in c/[email protected]

[–] [email protected] 3 points 1 day ago

Perl would be my candidate for more advanced text handling than what sh can do.

Never used Lua but I think it's fun.

If nothing else works, just learn C/Rust. There's plenty of that on Linux systems, I think you'll be able to manage. Yes, it doesn't meet a lot of your requirements.

This $149 RISC-V Tablet Runs Ubuntu 24.04 in c/[email protected]

[–] [email protected] 1 points 1 day ago

The problem is the hardware not working because proprietary drivers aren't built into GSIs

Turns out, I wanted a tiled window manager all along in c/[email protected]

[–] [email protected] 2 points 1 day ago

At least you're not using Windows for work LMAO

Why did NixOS gain so much traction lately, considering its 20 years old? in c/linux

[–] [email protected] 7 points 2 days ago (1 children)

IOG?

Multiple Kubernetes Services Using Same Port Without SNI in c/selfhosted

[–] [email protected] 2 points 2 days ago

If you can only use port 22 for multiple SSH endpoints (for example), then yes your going to need multiple IPs. Or Port-mapping as a compromise

Multiple Kubernetes Services Using Same Port Without SNI in c/selfhosted

[–] [email protected] 2 points 2 days ago* (last edited 2 days ago) (2 children)

In short, you need a reverse-proxy + traffic segregation with domain names (SNI).

I don't remember much about ingresses, but this can be super easy to set up with Gateway API (I'm looking at it right now).

Basically, you can set up sftp.my.domain/ssh to 192.168.1.40:22, sftp.my.domain/sftp to 192.168.1.40:121 (for example). Same with Forgejo, forgejo.my.domain/ssh will point to 192.168.1.50:22 and forgejo.my.domain/gui will point to 192.168.1.50:443.

The Gateway API will simply send it over to the right k8s service.

About your home network: I think you could in theory open up a DMZ and everything should work. I would personally use a cheap VPS as a VPN server and NAT all traffic through it. About traffic from your router maintaining the SNI, that's a different problem depending on your network setup. Yes, you'll have to deal with port-mapping because at the end of the day, even Gateway API is NodePort-esque when exposing traffic outside.

84

I find no motivation in working for myself (infosec.pub)

submitted 3 weeks ago by [email protected] to c/[email protected]

48 comments fedilink

The title is really vague, so I'll try to clarify my intentions here:

I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.

However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.

This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.

What do I do? What would you do in this situation?

161

Why do so many people use NGINX? (infosec.pub)

submitted 1 month ago by [email protected] to c/selfhosted

102 comments fedilink

I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.

If you're starting from scratch, why did you pick/are you picking NGINX over the others?

0

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 1 month ago by [email protected] to c/selfhosted

4 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

2

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 1 month ago by [email protected] to c/linux

2 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

12

[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)

submitted 1 month ago by [email protected] to c/[email protected]

8 comments fedilink

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

4

Somebody please explain PROXYv2 to me and the myriad of ways to do DoH? (infosec.pub)

submitted 1 month ago by [email protected] to c/[email protected]

0 comments fedilink

I've been looking to implement DoH

The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.

However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.

My questions:

I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?

I am still confused, would really appreciate some help :)

100

Is Backblaze a reliable provider? (infosec.pub)

submitted 1 month ago by [email protected] to c/selfhosted

67 comments fedilink

Hi everyone,

I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.

However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.

What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.

Thanks!