ShortN0te

ShortN0te , 1 month ago to Selfhosted in Why VPN tunnels are safer than opening a port on my router?

I self host because i do not trust companies.
I will not even consider giving tailscale the keys to my kingdom.

The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.

Understand the technology that you use and assess your use case and threat model.

ShortN0te , 1 month ago to Privacy in Telegram CEO calls out rival Signal, claiming it has ties to US government

No backup no mercy 🤷‍♂️

ShortN0te , 2 months ago to Selfhosted in Would this flow work with Immich & Syncthing to copy images and auto upload and delete?

Why not file a bug report when it does not find all your photos?

Also may file a feature request to delete photos after set period from your device via immich?

ShortN0te , 2 months ago to Memes in *Cough Cough...* Chrome... *Chough*...

That is correct.
HSTS helps to some degree but the very first request is still unprotected.

ShortN0te , 2 months ago to Memes in *Cough Cough...* Chrome... *Chough*...

DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.

And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc

ShortN0te , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

guess a username and a password.

Security by obscurity is no security. Use something like fail2ban to prevent brute force.
When you use a secure password and or key this also does not matter much.

ShortN0te , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

disable root login

That does not do much in practice. When a user is compromised a simple alias put in the .bashrc can compromise the sudo password.

Explicitly limit the user accounts that can login so that accidentally no test or service account with temporary credentials can login via ssh is the better recommendation.

ShortN0te , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then.

Nope. Your entire server can be scanned in less than a second for an open ssh port.

IPv6 does not change the fact since when your server is attacked the hist IP is already known.

ShortN0te , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

Security by obscurity is no security.

ShortN0te , 2 months ago to Selfhosted in Immich v1.102.0 - ⚠️ Breaking Changes (OPT-IN ONLY)

Who the hell is pulling the docker-compise.yml automatically every release?
I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.

ShortN0te , 2 months ago to Privacy in Cops can force suspect to unlock phone with thumbprint, US court rules

Probably a "have a look at this" and the 2 seconds before you realize that you are currently unlocking your phone, would be enough.

ShortN0te , 2 months ago to Privacy in Cops can force suspect to unlock phone with thumbprint, US court rules

But you can be easily tricked. Even easier than with the fingerprint.

"Hey, can you look at those pictures?", shows some printed out pictures with the phone hiding behind and then quickly just dropping the pictures.

ShortN0te , 2 months ago to Privacy in Cops can force suspect to unlock phone with thumbprint, US court rules

Depends on the country you life in. And even in the USA it is to my knowledge not correct.
They can try to crack it themself but you have not to comply.

ShortN0te , 2 months ago to Privacy in EU tells Meta it can't paywall privacy

No this is also not correct. Paying for an ad free experience still seems to be valid.

What was ruled here is, that it is not considered a free choice to choose between paying money or paying with your data to access the service.

According to the EU law the user consents to harvest the digital data must be freely given.

ShortN0te , 2 months ago to Privacy in EU tells Meta it can't paywall privacy

Do people really expect to be able to use an entertainment platform for free?

No. If facebook wants, it can make the subscription mandatory, so only ppl who pay may access their service.