Show newer
Sven Slootweg (soft-deprecated) boosted
Forgetful Bri :ms_robot_grin:

:ms_robot_error: I have to sleep with a fluoride paste on my teeth.

:ms_robot_grin: this one regularly strengthens its chassis through the application of a compound containing a highly reactive, toxic element for several hours.

0
Sven Slootweg (soft-deprecated) boosted
some fedifriend

The most common car occupancy isn't actually 1. If you count all the cars on the street, not just the moving ones, it's usually 0. Most cars are empty at any given moment.

0
Sven Slootweg (soft-deprecated)

@baldur I mean, with how normalized it has become for companies to be shitty with no recourse (ie. "free market politics"), that's not that surprising to me, even though that absolutely shouldn't be how it is

0
Sven Slootweg (soft-deprecated)

linux server security checklist 

@katnjiapus The recommendations I usually give people are basically:

1. Disable password authentication for SSH, and use keypair authentication only (these are two separate steps!). Changing ports is not needed, fail2ban also isn't really.

2. Either set up automatic system updates ("unattended upgrades", or whatever your distro of choice calls them) or have a scheduled event every week to update manually and keep track of security notices. The former is easiest.

Make sure to do full distro upgrades when a new release comes out; those are usually not automatic, even with automatic updates enabled.

3. When running public-facing services, if you *can* sandbox them, do so. On NixOS this is automatic for a lot of services, using Docker it's *sort of* sandboxed (but not very well, usually), on other systems you may have to do this manually but it can usually be done directly in the systemd service file.

That's... more or less it, as the basic steps? Like, there's a lot more that can be done, that's specific to the services you run (and often explained in their documentation), but if you get these few things right, you're already doing better than a lot of public-facing production servers.

Of course, if you intend to do something especially sensitive (eg. services for activists), you should be getting someone involved who has experience in this sort of thing. This list is just for your run-of-the-mill personal/community/small-company/etc. server.

--

To elaborate on the port changing and fail2ban thing a bit: these are really common recommendations but I don't find them useful in practice, and they bring their own issues.

The port-changing is a form of security-through-obscurity that dates back to when internet-wide scanners only scanned for SSH servers on port 22 for capacity reasons. This hasn't been relevant since zmap, and so doesn't do anything anymore besides "making you manually specify the port for any SSH-based tool like rsync".

The fail2ban recommendation comes from the password login days; it's a way to throttle login attempts so that someone can't bruteforce a password over the network. But with keypair authentication this is not relevant, as long as password auth is entirely *disabled*; the search space is so big that even without throttling you will never bruteforce a key.

*At best* it reduces log entries and slightly reduces CPU use, at the cost of making it very easy to accidentally lock yourself out if eg. you try to connect from a spotty mobile connection that has to reconnect a couple of times in a short time.

1
Sven Slootweg (soft-deprecated)

How the hell do you use the command line
highlysuspect.agency/posts/com

1
Sven Slootweg (soft-deprecated) boosted
Sven Slootweg (soft-deprecated)

Please boost for reach! :boost_requested:

A friend of mine (currently based in NL) is looking for a remote job. They're looking for something related to web development, or maintenance of legacy codebases (web or otherwise).

They have experience with web/software development (Java, JS, assorted other web things), as well as reverse-engineering Java software, but no employment experience yet. Also a few years of basic NixOS experience.

They can pick up and learn new things very quickly, but they do need a work environment that is friendly to queer neurodivergent folks.

If you have a suitable job available (or something that's close enough - they're flexible!), please send me either a DM on here, or an e-mail at admin@cryto.net. I'll get you in touch with them.

0
Sven Slootweg (soft-deprecated) boosted
Lufty :heart_trans:

Shower thought: One of the major reasons why the internet fucking sucks now is that with the consolidation of internet activity into a few cyclopean scale social media networks of various stripes, there is no place for anyone to have limited scope participation anymore.

For example, Instead of thousands of smaller, unconnected forums, it is just reddit. And everything you do on reddit can be cross-checked. The network effects of having everything on one thing means that it is incredibly easy for a bad actor to leverage your participation in various activities, your information, toward a bad end.

So a lot of people just don't. Don't make themselves vulnerable. At least on the open internet. All the forests and thickets have been burnt away, leaving you cold and alone on the tundra.

Which is also why I think Discord is kinda abused by people to try to replicate the forums, chatrooms, and small wikis of yesteryear. The open internet has no shelter anymore. The open internet is the dead internet because people die without shelter.

0
Sven Slootweg (soft-deprecated) boosted
Hazelnoot

I'm reviewing a code change at work, and I think this dev actually ported an entire .NET application to PowerShell. It has classes, service architecture, and even a fucking Program class to mimic .NET's startup process.

I'm astounded and actually a little impressed tbh ​:neofox_laugh_sweat:

#Programming #SoftwareDevelopment #CSharp #DotNet #PowerShell

1+
Sven Slootweg (soft-deprecated) boosted
Daniel Barlow
Affordable USB microphone for speech (basically, talking over a screen share)? Don't need broadcast quality, would like an upgrade on the mic in my cheap webcam.

Blue snowball seems to be the de facto standard, other products in the same price range I should consider?
0
Sven Slootweg (soft-deprecated)

CW-boost: transphobia, pinboard 

sfba.social/@peterme/112915495

0
Sven Slootweg (soft-deprecated)

daily mail mention, UK attacks 

@libreleah It was baffling to see so many media just describe it context-free, as if it were the weather report, with absolutely no background on what happened or why.

It was even more baffling that the fucking *Daily Mail* was one of the very few sources I found that actually called them out as racist attacks and condemned them.

0
Sven Slootweg (soft-deprecated)

@eta Reminds me of my move. The 'professional' moving company I hired sent the wrong people (I asked for packing/tidying *and* moving, not just moving...) *several* times in a row.

Eventually told them not to bother anymore and just refund me, and managed to get a phone number of "a guy I once worked with" from one of the movers, called them up, made an appointment, et voila. Everything packed up and moved in a day, no issues.

0
Sven Slootweg (soft-deprecated) boosted
*
The research fairy

Reminder to organize and be gay and do crime and do your part supporting each other through the Polycrisis in legal ways or otherwise

But do the "spicy" stuff off the grid and not on Fedi

That's how they catch you

0
Sven Slootweg (soft-deprecated) boosted
Ernie Smith

The irony is not lost on me that the Internet Archive went out of its way to acquire the physical versions of millions of books and loan them out carefully and in a limited way, and is facing a near-extinction-level event over it, while for-profit and VC-backed companies are just stealing people’s content and making up excuses to validate the bad behavior.

1+
Sven Slootweg (soft-deprecated) boosted
hazelnot :yell:

Remember when plug and play was a thing on computers and you didn't have to install a driver for each individual thing like you did in the 90s? Cause it really feels like the pre-plug and play era came back but in the form of needing a proprietary app for everything to make it work >.>

I wanted to see what my mouse's DPI is by plugging it into my brother's Windows PC... but he has an identical mouse so the SteelSeries utility just overwrote my settings with his and because I did a firmware update I can't even change the colour anymore, it was set to a trans flag but now it's stuck in "pulsating between blue and purple" mode 🙃

1
Sven Slootweg (soft-deprecated) boosted
*
Cykonot

@timnitGebru @freedomtux it is strange to me, when people who are not racialized talk about not personally experiencing racism. It's like a man saying he does not experience misogyny, or an able person saying they don't experience ablism & haven't had issues with accessibility.
It is difficult to see such solipsistic myopia as anything other than malignant and intentional: a choice to center one's limited self and identity... A failure to extend and grow, serving short-sighted emotional ends

0
Sven Slootweg (soft-deprecated) boosted
jimmy popcorn :flow:

fosstodon and completely lacking anything resembling self-awareness, name a more iconic duo

1
Sven Slootweg (soft-deprecated)

CW-boost: musk 

pdx.social/@zuul/1129131601994

0
Sven Slootweg (soft-deprecated)

@marlies Bingo, that is exactly the sort of thing I'm thinking of.

I can count on none hands the amount of "zero dependencies!" projects I've audited or reviewed that had correct and reliable implementations of the wheels they reinvented.

(And often their internal complexity was *worse* than the dependency they were avoiding...)

0
Sven Slootweg (soft-deprecated)

"you" 

Or to phrase it differently: we'll talk about "minimizing dependencies" when you show you understand how to minimize your *project complexity* first

Show thread
0
Show older
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.

Resources

Developers

What is Mastodon?

pixie.town

  • About
  • v3.5.19patch-2024-07-04

More…

v3.5.19patch-2024-07-04 · Privacy policy