Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 25 Posts
  • 836 Comments
Joined 10 months ago
Cake day: March 24th, 2025
  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldSuggestions for self-hosted online petition creator applicationEnglish
    1·
    50 minutes ago

    I am guess the folks giving me grief about asking for a petition tool

    I am very politically active. I do calling campaigns, protest, vote, march, et al. I don’t think the majority of people here are giving you grief about advocacy. Scanning back through the thread, I get the impression that what people are trying to get you to understand is that personally identifiable information is not something you take lightly.

    I received a letter the other week telling me that a medical firm that houses my data, was breached. The hackers potentially got SSN, names, addresses, and a fist full of other data. They are offering me free life time credit scanning security services in a bid not to be sued in court by hundreds of thousands of people en masse. This is a multi billion dollar corporation, not some selfhosted mini server running fail2ban. So there are serious ramifications when it comes to personal data being leaked, and if it happens on your server, you are liable.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldHow do I avoid becoming one with the botnet?English
    1·
    1 hour ago

    In another life I worked as a Mech Eng for a Contractor firm. The rule was ‘If you didn’t write it down, it didn’t happen’. Over the years, that has bled into my personal life as well. I hear what you’re saying, and from what I’ve digested regarding Ansible, it is a quite powerful and capable package. However, let’s let OP stand up his first server. He’s already stressed about not being a botnet victim. So, perhaps some rudimentary steps are in order. Then you can blow his mind with Ansible. LOL

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldSuggestions for self-hosted online petition creator applicationEnglish
    5·
    11 hours ago

    Piefed requires your email to sign up.

    But aliases exist.

    I don’t want the free petition websites online getting my personal network’s info and sharing or selling it

    Ok, but by the same token I would not sign a serious, selfhosted, petition entering pii. I don’t know what you’re doing with my information. You could be sharing it or selling it even.

    I promise I’m not shitting on your project. It just makes me very uncomfortable. Data protection regulations aren’t something to dismiss offhand.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldHow do I avoid becoming one with the botnet?English
    6·
    13 hours ago

    Yes…yet another comment. LOL Something you should do from the very start is take notes of everything you do on the server. I use Notepad++ for the rough draft while I’m setting something up. Copy/paste, write out commands, notations, what this or that does. Take prolific notes. I really can’t stress that enough. That way, if you need to back out of something, or if the wheels fall off, you can go right back to your notes. Don’t be lulled into the idea that you will be able to remember every last keystroke you’ve made. That rarely happens. Take notes.

    When I have successfully deployed whatever I’m working on, then I go back, take my notes, clean them up, and place them in Obsidian and make backups of them.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldHow do I avoid becoming one with the botnet?English
    3·
    14 hours ago

    If I really need to master all of the steps that you’ve described before deploying my host on the Internet, then my conclusion is that it is more trouble than it is worth, because my concern is that if I screw up then I will make the Internet a worse place by contributing to botnets.

    Nah dude. You’re not going to make the internet worse because a bot opened a door you thought was locked and let himself in. That’s rubbish. Do some reading, study up, deploy the server. Monitor before you start putting any PII on the server. Deploy a couple fun Docker containers. Monitor. Build your confidence.

    Don’t let fear get the best of you. I have a load of fun with my set up as, like you, I love to tinker. Nothing I have done can’t be replicated through studying, asking questions, deploying in gradual steps. I have no certifications or any of that pro stuff some of these guys have. Just a regular schmoe. It really isn’t that much hassle once you get everything set up and you have confidence in your server’s defenses.

    DO IT!!!

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldHow do I avoid becoming one with the botnet?English
    8·
    14 hours ago

    Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.

    Hobbyist/Enthusiast here. Most of the bots are autonomous. They are deployed and constantly sniff for any little cracks and crevasses in the armor. Don’t be fooled tho, they are quite sophisticated. I see some have mentioned fail2ban, and Crowdsec. Both are very capable. UFW (uncomplicated firewall) is also very good. When I set up UFW and my external, standalone pfsense firewall, the way I go about it is to block everything, then step by step, open only the ports that absolutely have to be opened.

    Tailscale is also a great overlay vpn along with netbird. Tailscale can also be used as an emergency entry to your server should you lock yourself out, so it has multiple uses. Additionally, since you say you have technical knowledge, Cloudflare Tunnel/Zero Trust pretty much wraps everything up. I know there are a lot of selfhosters dead set against Cloudflare, so that’s a decision you have to make. Cloudflare does not require you to open ports or fiddle with NAT. You set it up on your server, Cloudflare takes care of the rest. If you wanted additional protection, you could install Tailscale as an overlay on the server. The caveat to using Cloudflare Tunnel/Zero Trust is that you have to have a domain name that allows you to enter and use Cloudflare’s name servers for obvious reasons. You can get a domain anywhere although Cloudflare will sell you one if you wish to go that route.

    Since I am the only user of my server, I’ve taken the additional step of implementing the hosts.allow/hosts.deny TCP Wrapper ACL files (although you can have multiple users with hosts.allow/hosts.deny). If you go this route, make sure you do the hosts.allow, so that when you edit the hosts.deny you’ll enter ALL : ALL for a default‑deny stance. For my purposes, multiple users cause multiple issues, so I don’t share. :p

    Probably should go without saying you should use ssh keys when administrating the server via ssh.

    ETA: Hope everyone is safe in the US with this frigid weather.

    ETA2: If you decide to go with Cloudflare Tunnel/Zero Trust, I have some notes that seems to have helped several people and I would be happy to share them.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldTuvix Tricorder - An RSS Button For The WebEnglish
    4·
    3 days ago

    Question: I do remember the days of those RSS buttons everywhere. But I never managed to see the value in it.

    I use ttRSS for feeds. I like the RSS feeds because I can get the information I desire without having to go to the site itself. Consuming RSS for me would be like, laying in bed in the evening before I retire for the night, and pulling up articles from my RSS reader, again, without having to hop around to different sites. The info is all there in one neat package.