Absolutely. VMs and Containers are the wise sysadmin's friends. Instead of rolling my own ip blocker I use Fail2Ban on public-facing machines. It's invaluable.
derek
joined 1 year ago
That sounds pretty good to me for self-hosted services you're running just for you and yours. The only addition I have on the DR front is implementing an off-site backup as well. I prefer restic for file-level backups, Proxmox Backup Server for image backups (clonezilla works in a pinch), and Backblaze B2 for off-site storage. They're reliable and reasonably priced. If a third party service isn't in the cards then get a second SSD and put it in a safety deposit box or bury it on the other side of town or something. Swap the two backup disks once a month.
The point is to make sure you're following the 3-2-1 principal. Three copies of your data. Two different storage mediums. One remote location (at least). If disaster strikes and your home disappears you want something to restore from rather than losing absolutely everything.
Extending your current set up to ship the external SSD's contents out to B2 would likely just be pointing rsync at your B2 bucket and scheduling a cron or systemd timer to run it.
After that if you're itching for more I'd suggest reading/watching some Red Team content like the stuff at hacker101 dot com and sans dot org. OWASP dot org is also building some neat educational tools. Getting a better understanding of the what and why around internet background noise and threat actor patterns is powerful.
You could also play around with Wazuh if you want to launch straight into the Blue Team weeds. Education of the attacking side is essential for us to be effective as defenders but deeper learning anywhere across the spectrum is always a good thing. Standing up a full blown SIEM XDR, for free, offers a lot of education.
P. S. I realize this is all tangential to your OP. I don't care for the grizzled killjoys who chime in with "that's dumb don't do that" or similar, offer little helpful insight, and trot off arrogantly over the horizon on their high horse. I wanted to be sure I offered actionable suggestions for improvement and was tangibly helpful.
You can meaningfully portscan the entire internet in a trivial amount of time. Security by obscurity doesn't work. You just get blindsided. Switching to a non-standard port cleans the logs up because most of the background noise targets standard ports.
It sounds like you're doing alright so far. Trying not to get got is only part of the puzzle though. You also ought to have a backup and recovery strategy (one tactic is not a strategy). Figuring out how to turn worst-case scenarios into solvable annoyances instead of apocalypse is another (and almost equally as important). If you're trying to increase your resiliency, and if your Disaster Recovery isn't fully baked yet, then I'd toss effort that way.
The poor thing has a concussion and is still required to go to the office. Absolutely absurd.
Condolences and solidarity. My dad died a few years ago. His trajectory was a few months of steady decline, one really good day out of the blue, and then he was gone about two weeks later.
We knew it could happen but experiencing it was surreal emotional whiplash.
That makes sense. Not a misconfiguration on the site's end then. Thanks for the clarification.
Weird. I've tested on a desktop and mobile device. Both loaded the archive.is link via Tor Browser (no extensions) without a problem in both "Normal" and "Safer" modes. "Safest" mode fails at the CAPTCHA page but that's expected.
Maybe the node(s) you were connected to were having issues with that domain at the time.
I found a place in Colorado that does private autopsies for the entire continental US: https://www.postmortempath.com/
I verified they're a real business. Here's an excerpt from their FAQ:
How much does an autopsy cost?
A private autopsy generally runs between $3000 to $5000, depending on the company that you use and how many additional tests and procedures you wish to be performed.
The suggested alternatives don't work though because they're superfluously suggestive. We have a few ways to fine-tune the story. I'm not sure there's an inarguable improvement but, to my taste, I see two.
"Well... You are what you eat!" She replied.
Pinocchio's gaze moved slowly toward the school.
- It doesn't matter who the speaker is. If the reader is familiar with the original story and they assume correctly that's fine. We don't need the information for our delivery though. Dropping the reference makes for a cleaner read.
- Ixnay the garnish. I considered "eager gaze" but that still felt clunky. Communicating the action in a way which mirrors the unspoken internal processing of the monstrous consideration itself leads to a more powerful realization for the reader. It now paints a scene instead of hinting how the reader should feel about it.
Part of my execution comes down to styling, and I'm particular, but packaging compact work for ease of digestion and letting the words rest as they fall leads the reader succinctly to our intended moment (which, as I understand it, is the purpose of the exercise).
What browser are you using and with what plugins?
Another consideration is that expertise in a domain highlights ignorance. I've known experts who refuse to dabble outside their expertise because they're keenly aware of how much they don't know and feel they'd be doing a disservice to the requester if they agreed to help out. Better to leave it to the right experts.
That's a certain kind of person. I'm not like that. I don't mind breaking things so long as their mine or it's agreed to up front. Some people are more anxious about these things though. I'd guess none of us know the fellow, so it's all speculative anyway, but it's possible this angle is the source of refusal.