Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 29 Posts
  • 1.31K Comments
Joined 1 year ago
cake
Cake day: March 24th, 2025

help-circle



  • Interesting. My method for finding new or similar music to what I have in my library is to use TasteDive. Crowd-Sourced, so you get a ‘real world’ recommendation. It can be a little bit of work, but I find it quite effective. TasteDive also works for movies and a lot of other things. It does have an API tho I’ve never explored that side. I’m not sure what software would interface with their API.





  • change the default SSH port

    I run most everything on a nonstandard port if I can get away with it. However, a bot scan of your server will reveal everything about the ports on your server.

    There are literally tons of ways to skin the security cat and you’ll probably hear a ton of them mentioned. Personally, I use the evil Cloudflare Tunnels/Zero Trust with Tailscale as an overlay on the server and on the standalone pFsense firewall. Cloudflare Tunnels/Zero Trust there is no need to fiddle with NAT, closing/opening ports, etc. Install it on the server, and it takes care of the rest. You will need a FQDN which you can change the nameservers to the ones Cloudflare will assign. The free tier is more than generous and covers a lot of ground as far as security.

    Disable root ssh access completely

    You can, and this ties in with nonstandard ssh port, use key pairs.

    Scan your machine and ensure no extra ports are open

    Lynis is a great way to get a handle on what needs to be done to your server as far as hardening it. Run a scan, in a few minutes it will spit out a list of things that need attention. Not all of the recommendations will be applicable to your server.

    You can always use host allow/host deny to really tighten things up. The only users that will have critical access are the ones you assign in the config.

    Fail2ban is effective, along with Crowdsec, Wazuh, etc







  • In as much as I rail against regulation, or more so…over regulation, AI needs some heavy regulation. We stand at the crossroads of a very useful tool that is unfortunately hung up in the novelty stage of pretty pictures and AI rice cookers. It could be so much more. I use AI in a few things. For one, I use AI to master the music I create. I am clinically deaf, so there are frequencies that I just can’t hear well enough to make a call. So, I lean on AI to do that, and it does it quite well actually. I use AI to solve small programming issues I’m working on, but I wouldn’t dare release anything I’ve done, AI or not, because I can always see some poor chap who used my ‘code’, and now smoke is billowing out of his computer. It’s also pretty damn good at compose files. I’ve read about medical uses that sound very efficient in ingesting tons of patient records and reports and pinpointing where services could do better in aiding the patient so that people don’t fall through the cracks and get the medical treatment they need. So, it has some great potential if we could just get some regulation and move past this novelty stage.




  • Are you serving from a homelab or VPS? If a homelab, then you could use pFsense to filter spam. I don’t run my own email server but I do use pFsense to filter 95% of the junk from my inbox. I’m not sure how you’d accomplish that on a VPS other than employing some type of spam filtering software.




  • I keep it simple, although reading down through the thread, there are some really nice and ingenious ways people accomplish about the same thing, which is totally awesome. I use a WatchTower fork and run it with --run-once --cleanup. I do this when I feel comfortable that all the early adopters have done all the beta testing for me. Thanks early adopters. So, about 1 a month or so, I update 70 Docker containers. As far as OS updates, I usually hit those when they deploy. I’m running Ubuntu Jammy, so not a lot of breaking changes in updates. I don’t have public facing services, and I am the only user on my network, so I don’t really have to worry too much about that aspect.