Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

markstos

@markstos@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

markstos , to Selfhosted in Giving up on selfhosted email / Any sane email setups?

I hosted email professionally for over a decade... and I can't recommend getting back into the business. At that time we were using Qmail, although I also have experience managing Exim and Postfix. About 90% of incoming email remains spam.

For outgoing email for things like server cron mail, a stub service like msmtpdcan be used to receive local mail and forward it to to a local service.

To receive and host email, Fastmail is good.

markstos , to Selfhosted in Traveling personal cloud options?

This. Tailscale is a VPN solution for this that's free for personal use.

markstos , to Selfhosted in Which of these VPS providers would you recommend?

After 10 years with Linode I've just completed a transition to hosting hardware at my house instead. https://urbanists.social/@markstos/112267184724721864

markstos , to Selfhosted in Help with reverse proxy architecture

It depends on the trade-offs you want to make. If you want to maintain one less Nginx install with a little more risk, that's a way to go.

If your priority is security, use a separate proxy for your private services and do allow your public VLAN access into your private VLAN.

My home network only has public services on it right now, but now you are making me think I should segment it further if I want to host any truly private services there.

markstos , to Selfhosted in Help with reverse proxy architecture

The comment above is accurate how domain names can be passed to Nginx that would resolve to private IP addresses. But that doesn't mean they need to exposed. Nginx has a listen directive that specifies what IPs are listened on. So If your Reserve Proxy has both a public IP and private IP. then the private services can have a a listen directive like this:

server {
  # Whatever your proxy's private IP is
  listen 10.0.0.1;
  server_name my-private-service;
}

No matter what hostname is passed in, Nginx would only reply to requests that can reach the Nginx host at it's private IP address.

markstos , to Mildly Infuriating in You have to type www. to access the Texas DMV website.

But it’s the last www site left, right?

markstos , to linuxmemes in Why don't banks like root on Android?

The concern is not much phones rooted with intent by their owners, but phones rooted by malware without the owner’s consent:

https://thehackernews.com/2021/10/this-new-android-malware-can-gain-root.html

If there was a way to signal that a rooted phone was actually secure, malware would send that signal.

markstos , to linuxmemes in Why don't banks like root on Android?

And if you don’t want to wear a mask on your face during a pandemic, you should be able to? Not everything is about you.

Banks practice defense in depth as other security practitioners do. Not every defense will stop every attack, so a layered, overlapping approach is used.

markstos , to linuxmemes in Why don't banks like root on Android?

There is parallel with masking. The bank values the safety of the whole rather than the freedom to root for an individual. You stand to lose only your own bank balance. The bank stands to lose the funds of every rooted phone that contains a banking app exploit targeting them.

markstos , to linuxmemes in Why don't banks like root on Android?

Old, insecure browsers are rejected too.

markstos , to linuxmemes in Why don't banks like root on Android?

The word “potentially” was critical in the parent’s comment. A banking app cannot be assured that other apps are prevented from accessing its data when the phone is rooted.

markstos , to linuxmemes in Why don't banks like root on Android?

Your risk exposure is that you could lose your bank account balance. The banks risk exposure is that they could lose every bank account balance exploited by the same rooted phone vulnerability. So they evaluate risk differently than you do.

markstos , to linuxmemes in Why don't banks like root on Android?

Rooted mobile devices are a reasonable signal they been have hacked and security features might be disabled or work as expected.

It just banks, a lot of corporate security polices don’t allow rooted devices, as they could bypass mobile device management policies for devices owned by the company.

With laptops it’s a different story. Whether users have Mac, Linux or Windows, there’s a reasonable chance they have admin access too, so checking for root access is not such a useful signal there.

markstos , to Comic Strips in XXX

My sister, too. That was the 80s.

markstos , to linuxmemes in Asking a Linux user to recommend a printer

Yep, I like to eco-tank feature…. And the drivers work.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • random
  • meta
  • All magazines
    •