Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated
macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.
Use an SSH key, disable password auth, make sure you’re firewalled (i.e. test with nmap), and call it a day.
This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
Please tell me more, which firewall would you recommend that plays nice with Docker?
Firewalld
No NAT?
Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.
why would you copy paste a docker compose without reading it?
There’s more than one way to use docker. Spinning up an official mysql image using the official docker run OR docker compose calls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.
HAVANA, Cuba, June 10 (ACN) With an official ceremony in Seoul, the capital of the Republic of Korea, the Cuban Embassy in that Asian nation was opened today.
🟥Myroslav #Oleshko sur X🟥 «Je vais vous dire la vérité sur l’Ukraine que vos médias cachent. #Zelensky a interdit aux Ukrainiens de manifester contre les actions du gouvernement. Ce jeune homme brandissait une pancarte à Kiev sur laquelle était écrit : «La guerre n'est pas une raison pour instaurer une dictature. Les voyous de Zelensky continuent d'enlever des gens !» Et voilà. La police l'a arrêté et jeté en prison.
Dans le même temps, Zelensky utilise la démocratie américaine pour organiser des rassemblements rémunérés à New York, Washington et dans d’autres villes des États-Unis et d’Europe afin de créer l’illusion de son soutien parmi les citoyens occidentaux.
En Ukraine aujourd’hui, il est IMPOSSIBLE de s’engager dans des activités d’opposition. Des centaines de journalistes, blogueurs et hommes politiques de renom ont déjà été arrêtés.
Imaginez : un député a récemment été arrêté simplement pour avoir critiqué Andriy Yermak, l'adjoint de Zelensky.
Un autre député de l'opposition, Oleksandr #Dubinsky, a été arrêté pour avoir soutenu Donald Trump. L'opposant politique Petro #Porochenko a été frappé de sanctions illégales et menacé de prison pour avoir critiqué Zelensky.
Tout le monde est désormais intimidé. Toutes les chaînes de télévision sont sous le contrôle du gouvernement. 99 % des blogueurs du pays sont soudoyés avec de l’argent corrompu et des subventions de l’ #USAID.
Pour pouvoir dire la vérité et exprimer mon opinion, j’ai quitté l’ #Ukraine et j’ai immédiatement été poursuivi en justice pour avoir critiqué le gouvernement.
Mon collègue, le blogueur d'opposition Denys #Yelysevych, actuellement aux États-Unis, n'a pas pu être arrêté. C'est sa mère qui a été arrêtée à Kiev pour avoir republié une vidéo Facebook critiquant Andriy Yermak.
L'opposition est en exil. Qu'en pensez-vous ? C'est pourquoi Zelensky refuse d'organiser des élections et déclare publiquement qu'il ne quittera pas ses fonctions, même si son mandat présidentiel a pris fin il y a un an. Je continuerai à publier les faits sur les crimes et la corruption de Zelensky, que j’ai rassemblés au cours des six dernières années de son règne. Abonnez-vous et retweetez pour que le monde puisse voir. Je dirai ceci en tant qu’Ukrainien opposé à Zelensky : Trump nous a donné de l’espoir et une chance de liberté, de paix et de démocratie. Sincèrement, L'opposant ukrainien Myroslav Oleshko »
Follow Nicholas J. Fuentes: Twitter: https://x.com/nickjfuentes Kick: https://kick.com/nickfuentes Telegram: https://t.me/nickjfuentes Merch: https://fuentes.store Watch the show on Cozy: https://cozy
🎙️ LINUX AND OPEN SOURCE NEWS PODCAST: Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! podcast.thelinuxexp.com
00:00 Intro 00:30 Sponsor: Secure your internet connection 01:27 Operating Systems 03:51 Server Software 06:15 Apps for using Nextcloud 08:04 Apps to run the channel 10:27 Utilities 12:02 Productivity Software 14:16 Sponsor: Get a PC made to run Linux 15:21 Support the channel
My laptop and my desktop run Fedora workstation 38 with GNOME 44.
For my servers, I have one running Ubuntu 20.04 LTS. It's used for my Nextcloud server, it's hosted on Linode, and it's the backbone of all my digital life and the channel. My other server is used to host my podcast, the Linux and Open SOurce News podcast. That server is hosted on Linode, and runs Debian 11.
I also run HoloISO on a PC in my living room, that serves as my Linux gaming console.
First thing is Nextcloud. As I said, it's installed as a Snap, and it works beautifully. I don't get the updates as soon as they're out, but when I do get them, they're very well tested and I never had any issues with it. I'm currently on version 26.0.4, so Nextcloud Hub 4, not 5.
I mostly use Nextcloud as the platform to handle all my online accounts. It hosts my calendar, contacts, tasks, photos, notes, RSS feeds, passwords, and I also use it to share files with sponsors, or to share the link to the weekly patroncast I make for patrons and youtube members.
My other server hosts my podcast, using YUNOHOST and their Castopod app. Yunohost is a very simple, graphical dashboard to run one or many server applications, it basically just simplifies hosting stuff and has pre packaged apps to install stuff in one click.
To interact with other Nextcloud related stuff, I use a few apps. The first one is Iotas, it's a GTK application that plugs into Nextcloud notes and lets you take, well, notes, in simple, distraction free markdown. For RSS feeds, I use Newsflash, which is another GTK app.
I also, of course, use the Nextcloud desktop client to sync all my files to and from my computers, plus the Nautilus Nextcloud integration so I can generate a shared link for any file straight from the file manager. For tasks, I use Endeavour.
And on my phone, I also use the Nextcloud app to send all my photos automatically from my phone to a folder that is then synced to all my computers, and I use the official Nextcloud Notes app to have access to my scripts while I'm recording.
For audio, I use Audacity. It looks like crap, it's very old, but it does the trick, it has the 3 effects I need, a noise reduction tool, a compressor, and a normalizing tool.
For my thumbnails, it's obviously GIMP. It has a bad reputation among people who are familiar with photoshop, but as I've never used that thing, GIMP is really easy to use for me
And for recording my screen, it's OBS on every device.
When I happen upon an image I want to use that uses a format Resolve doesn't support, like WebP or AVIF, I use Converter to convert it to PNG. For converting video files, I use ffmpeg in a terminal.
And when I need to re download one of my old videos that I didn't backup, I use Parabolic.
Now for a few smaller utilities. FOr virtual machines, I generally run them using GNOME Boxes, because it's really simple.
For my backups, I use Pika Backup. I also use Safing's portmaster. For editing text, I generally just use Nano in a terminal.
For music, I use YTM Music, because I pay for Youtube Premium to avoid ads on my TV, and it comes with a music streaming service, so might as well use it.
I won't talk much about the web browser, it's Firefox everywhere, even on my phone.
For my office suite, I use LIbreOffice, everyone knows about it.
For email and calendar, I moved to Thunderbird, seeing as version 115 is absolutely wonderful and well designed.
I'm in the hospital reading about whats going on in the Cali insurrection and im wondering where is that Patriot front fed group? They travel all over the place , talking about preventing or fighting to stop things like this . Seems like a perfect time and place for them to appear. Doesn't it? I bet they gave the rioters in la same riot gear they gave the Fed klan guys . Its all so staged for manipulation of hate and violence. I bet the 93 billion Biden spent in his last days funding it all
she's getting better day by day . There is definitely brain fog and motor skill degradation. Especially with her hands she can't hold a pen or type. But hey she's here and alive and thank God for every bit of bonus time we get with her. We still have to get a chairlift installed as well bc her legs are damaged from the initial anti biotic they gave her. Sorry I ramble. We can just blame it Gary with the silent Greg in his name lol
« Vous croyez que les Américains et les Anglais ont débarqué en Normandie pour nous faire plaisir ? Ce qu’ils voulaient, c’était glisser vers le nord le long de la mer, pour détruire les bases des V1 et des V2, prendre Anvers et, de là, donner l’assaut à l’Allemagne. Paris et la France ne les intéressaient pas. Leur stratégie, c’était d’atteindre la Ruhr, qui était l’arsenal, et de ne pas perdre un jour en chemin. (…) Les Américains ne se souciaient pas plus de libérer la France que les Russes de libérer la Pologne. »
Quelque mois plus tôt et alors qu’on fait pression sur de Gaulle pour commémorer le 20e anniversaire du débarquement de Normandie, il dira à Peyrefitte dans le Salon doré de l’Élysée, à la fin du Conseil des ministres du 30 octobre 1963 :
« Le débarquement du #6juin, ç’a été l’affaire des Anglo-Saxons, d’où la France a été exclue. Ils étaient bien décidés à s’installer en France comme en territoire ennemi ! Comme ils venaient de le faire en Italie et comme ils s’apprêtaient à le faire en Allemagne ! Ils avaient préparé leur #AMGOT, qui devait gouverner souverainement la France à mesure de l’avance de leurs armées. Ils avaient imprimé leur fausse monnaie, qui aurait eu cours forcé. Ils se seraient conduits en pays conquis. C’est exactement ce qui se serait passé si je n’avais pas imposé, oui imposé, mes commissaires de la République, mes préfets, mes sous-préfets, mes comités de libération ! Et vous voudriez que j’aille commémorer leur débarquement, alors qu’il était le prélude à une seconde occupation du pays ? Non, non, ne comptez pas sur moi ! Je veux bien que les choses se passent gracieusement, mais ma place n’est pas là !
Et puis, ça contribuerait à faire croire que, si nous avons été libérés, nous ne le devons qu’aux Américains. Ça reviendrait à tenir la Résistance pour nulle et non avenue. Notre défaitisme naturel n’a que trop tendance à adopter ces vues. Il ne faut pas y céder ! (…) Allons, allons, Peyrefitte ! Il faut avoir plus de mémoire que ça ! Il faut commémorer la France, et non les Anglo-Saxons ! Je n’ai aucune raison de célébrer ça avec éclat. Dites-le à vos journalistes. »
La commémoration du 20e anniversaire du débarquement de Normandie sera minimaliste. En revanche, de Gaulle fera organiser une monumentale revue navale dans le port de Toulon pour célébrer le 20e anniversaire du débarquement de Provence du 15 août 1944.
Cette revue navale du 15 août 1964 sera suivie d’un défilé militaire des troupes françaises, auquel ont été invitées des unités américaines et britanniques.
Source citation et pour aller plus loin : Alain #Peyrefitte, « C’était de Gaulle », éditions de Fallois/Fayard, 1997.
61 ans jour pour jour, 10 juin 1964. Source: Histoire 2.0 - FB #france #histoire
Die Slowakei lehnt überraschend neue EU-Sanktionen gegen Russland ab, zitiert wirtschaftliche Eigeninteressen und betont, Gas- und Öl-Lieferstopps abzulehnen.
I do like the concept, despite it's flaws. It's just a shame that outside of the spam, it's basically the libertarian PieVille. Almost nobody wants to discuss ANYTHING outside of libertarian politics or how crypto is going to save the world.
Während die Besatzung der »Madleen« von Israel abgeschoben wird, ist der nächste Hilfskonvoi aus Tunesien nach Gaza aufgebrochen. Erneut werden Hungernde bei Ausgabestellen für Lebensmittelpakete getötet.
Erster Kongress des jüdischen Antizionismus vom 13. bis 15. Juni in Wien. Ein Gespräch mit Iris Hefets, Vorstandsmitglied des Vereins Jüdische Stimme für gerechten Frieden in Nahost.
Kudos to @arstechnica here, demonstrating how to report on a press release without parroting it. That extends to the headline, arguably the most important place not to just swallow the PR dept’s framing:
After AI setbacks, Meta bets billions on undefined “superintelligence”
"I have made an art out of the indefinite. When I was young, if you asked me what I did for a living, I might try to discourage your curiosity by telling you I was a deckhand on a fishing boat or a small-time criminal, a standover man or a fence. And I might actually have been, then. Nowadays, I am retired. No-one is interested in what old people do.
"I am not really retired. I can’t afford to be. There are few days in which I am idle. But little of what I do fits into the hold-all of a single occupation and none of it is shaped by conventional ambition. I might more easily tell you what I am not than what I am. But even then, probably, I’d be contradicted by my own history..."
LOS ANGELES, CA — The Republican Party expressed gratitude to a local group of illegal immigrants who helped film some commercials for the next presidential campaign.
Dr. Mary Talley Bowden is a board-certified Otolaryngologist, Sleep Medicine specialist, and founder of BreatheMD: a direct-care ENT practice in Houston, Tex...
Si le ciel n'est pas aussi bleu qu'il devrait l'être aujourd'hui en France, il y a une raison : des incendies au Canada dégagent des fumées importantes qui ont traversé l'Atlantique et se retrouvent en France.
C'est visible un peu partout, de la Haute-Savoie à un petit village de Provence où je me trouve actuellement. Le graphique ci-dessous sur Météo-Paris montre bien le phénomène.
According to Wikipedia, the Pantsir shoots small missiles with radar or optical guidance. No idea why it missed.
I watch this one history yt channel that goes through the moment to moment details of various battles. One thing I learned from that is that things just go wrong all the time in wars. Missiles fail to launch, radars malfunction or aren't properly calibrated, a manufacturing defect turns a potent weapon into a dud, etc.
LOS ANGELES, CA — The Republican Party expressed gratitude to a local group of illegal immigrants who helped film some commercials for the next presidential campaign.
A new Pew report examining changes in the global religious landscape found that Jews tend to be older than members of other organized religions, and that the Jewish communities of Europe and Latin America shrank considerably between 2010 and 2020
"Pastures of Plenty" is a 1941 composition by Woody Guthrie. Describing the travails and dignity of migrant workers in North America, it is evocative of the ...
Provided to YouTube by The Orchard EnterprisesCanned Heat Blues · Tommy JohnsonCanned Heat Blues℗ 2003 JSP RecordsReleased on: 2014-04-14Auto-generated by Yo...
The set is now complete. Order your copies today! https://dutchsheets.mybigcommerce.com/Learn more about Give Him Fifteen here:Website: https://www.givehim15...
Provided to YouTube by The Orchard EnterprisesLead Pencil Blues · Johnnie TempleAmerican Blues Roots℗ 2009 Master Classics RecordsReleased on: 2009-06-01Auto...
Major General Hossein Salami hails Iran’s Intelligence Ministry for retrieving a trove of classified Israeli nuclear and military documents, calling it a strategic blow to the Zionist regime.
This morning, Israeli authorities captured the aid boat Madleen, halting its mission to Gaza. Just hours before it was intercepted we spoke to Rima Hassan, a French member of the European Parliament who was aboard the vessel.
VU. 87,287 likes · 1,418 talking about this. Un regard impertinent et libre, orchestré par Patrick Menais et son équipe, sur le monde de l'image. Tous les jours du lundi au samedi à 20h00 sur France...
Palantir Technologies provides data fusion and analysis platforms (Gotham, Foundry) that empower government and corporate clients to conduct mass-scale data integration, surveillance, and predictive analysis.
While nominally designed to serve national security and public interest, the architecture of Palantir systems enables potential weaponization against domestic populations and political targets, with limited technical safeguards.
Further, the philosophy and worldview of Palantir’s founder-class leadership — especially Peter Thiel — supports a strategic posture where surveillance is considered necessary and desirable, privacy is secondary, and loyalty to traditional liberal democratic values is conditional.
dgdft
in reply to SmokeyDope • • •No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.
Use an SSH key, disable password auth, make sure you’re firewalled (i.e. test with nmap), and call it a day.
monogram
in reply to SmokeyDope • • •Fail2ban ufw
port forward only the bare minimum (80 443)
Expose docker ports with 127.0.0.1:8000:8000 then port forward with caddy server on the host
dgdft doesn't like this.
dgdft
in reply to monogram • • •monogram
in reply to dgdft • • •Docker is going to undo your port iptable rules with or without ufw
Running
rm -rf ~isn’t that hard to do either just don’t do it.Your router’s NAT should save you if that happens on the wrong port anyway.
dgdft
in reply to monogram • • •You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
monogram
in reply to dgdft • • •Please tell me more, which firewall would you recommend that plays nice with Docker?
No NAT? Hahaha that’s a big if, and why would you copy paste a docker compose without reading it?
dgdft
in reply to monogram • • •Firewalld
Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.
There’s more than one way to use docker. Spinning up an official mysql image using the official
docker runORdocker composecalls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.