Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 29 Posts
  • 1.31K Comments
Joined 1 year ago
Cake day: March 24th, 2025
  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldQuestion for Reasonable Security in New Server SetupEnglish
    3·
    4 hours ago

    change the default SSH port

    I run most everything on a nonstandard port if I can get away with it. However, a bot scan of your server will reveal everything about the ports on your server.

    There are literally tons of ways to skin the security cat and you’ll probably hear a ton of them mentioned. Personally, I use the evil Cloudflare Tunnels/Zero Trust with Tailscale as an overlay on the server and on the standalone pFsense firewall. Cloudflare Tunnels/Zero Trust there is no need to fiddle with NAT, closing/opening ports, etc. Install it on the server, and it takes care of the rest. You will need a FQDN which you can change the nameservers to the ones Cloudflare will assign. The free tier is more than generous and covers a lot of ground as far as security.

    Disable root ssh access completely

    You can, and this ties in with nonstandard ssh port, use key pairs.

    Scan your machine and ensure no extra ports are open

    Lynis is a great way to get a handle on what needs to be done to your server as far as hardening it. Run a scan, in a few minutes it will spit out a list of things that need attention. Not all of the recommendations will be applicable to your server.

    You can always use host allow/host deny to really tighten things up. The only users that will have critical access are the ones you assign in the config.

    Fail2ban is effective, along with Crowdsec, Wazuh, etc

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldReplaced $40/month in AI API subscriptions with self-hosted Ollama + n8nEnglish
    8·
    3 days ago

    In as much as I rail against regulation, or more so…over regulation, AI needs some heavy regulation. We stand at the crossroads of a very useful tool that is unfortunately hung up in the novelty stage of pretty pictures and AI rice cookers. It could be so much more. I use AI in a few things. For one, I use AI to master the music I create. I am clinically deaf, so there are frequencies that I just can’t hear well enough to make a call. So, I lean on AI to do that, and it does it quite well actually. I use AI to solve small programming issues I’m working on, but I wouldn’t dare release anything I’ve done, AI or not, because I can always see some poor chap who used my ‘code’, and now smoke is billowing out of his computer. It’s also pretty damn good at compose files. I’ve read about medical uses that sound very efficient in ingesting tons of patient records and reports and pinpointing where services could do better in aiding the patient so that people don’t fall through the cracks and get the medical treatment they need. So, it has some great potential if we could just get some regulation and move past this novelty stage.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldSpam blocking in 2026English
    3·
    3 days ago

    Are you serving from a homelab or VPS? If a homelab, then you could use pFsense to filter spam. I don’t run my own email server but I do use pFsense to filter 95% of the junk from my inbox. I’m not sure how you’d accomplish that on a VPS other than employing some type of spam filtering software.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldHow Do you keep your services updated?English
    3·
    4 days ago

    I keep it simple, although reading down through the thread, there are some really nice and ingenious ways people accomplish about the same thing, which is totally awesome. I use a WatchTower fork and run it with --run-once --cleanup. I do this when I feel comfortable that all the early adopters have done all the beta testing for me. Thanks early adopters. So, about 1 a month or so, I update 70 Docker containers. As far as OS updates, I usually hit those when they deploy. I’m running Ubuntu Jammy, so not a lot of breaking changes in updates. I don’t have public facing services, and I am the only user on my network, so I don’t really have to worry too much about that aspect.

  • irmadlad@lemmy.worldtoSelfhosted@lemmy.worldI Replaced $150/Month of SaaS With a $24 VPS and a Weekend — Building Your Private AI Infrastructure [1/5]English
    3·
    4 days ago

    The real issue is all the misinformation in the text

    Initially, it didn’t seem as if most weren’t focusing on that. It was the fact that AI was involved…somehow, which prompted my tongue in cheek ‘delete the em dashes’ comment. If there is misinformation, like the opensource of AI, sure by all means, point that out. I mean, unless the mods make a ‘no-AI rule’ which would seem almost impossible to determine with a bit of rewording and editing of an AI generated text, then they will come. It didn’t seem to fit into the ‘low-effort’ rule. So, I wonder what would happen if no one responded and just ignored the thread until the mods made a decision. I scroll right by plenty of threads. A good tongue lashing by the users here doesn’t seem effective at all.

    I’d say chances this is a person from Japan is slim to none.

    I have no way to confirm that. On the internet, no one knows I’m a horse. Hell, even in real life, you really never know a person. You just know what they let you know.