hayalci

joined 2 years ago
sorted by: new top controversial old
Cosmos server — a comprehensive all-in-one self hosting solution in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 2 points 2 years ago (1 children)

Did you consider keeping the services closed to the outside world and using tailscale to access them? Doesn't work well if you want to give access to a bunch of people, though.

Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA in c/science@beehaw.org
[–] hayalci@fstab.sh 6 points 2 years ago

CRISPR to the rescue!

Server not reachable after while in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 2 points 2 years ago (1 children)

Random idea, continuously ping the router from the laptop so it doesn't "forget" that the laptop exists on the WLAN?

(I know you mention the laptop can still reach out when you try, but maybe the trick is to keep having traffic to-from the laptop continuously)

*Permanently Deleted* in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 1 points 2 years ago

i also think that it's overkill, especially for a minimalistic tool like wireguard. That's why I mentioned "if you want to be extra paranoid". This forum is for learning, and this question is an open ended learning question, hence, an opportunity to learn about port knocking, even if the actual real life benefit of that would be minuscule.

*Permanently Deleted* in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 5 points 2 years ago (1 children)

+1 on not using containers.for Network routing stuff That way lies pain and misery.

*Permanently Deleted* in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 3 points 2 years ago (2 children)

Good point, kernel updates should be paired with reboots to get kernel patches applied quickly.

Yes wireguard would only accept connections clfrom clients with known certificates, but this is "belt and suspenders" approach. What happens if there's a bug in wireguards packet parsing or certificate processing? Using port knocking would protect against this —very remote— possibility.

*Permanently Deleted* in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 3 points 2 years ago (4 children)

VPN software usually is built strong to begin with, and any vulnerabilities discovered will be promptly fixed as well, so updating frequently should suffice. (Why not automate it with unattended-upgrades package?

Using a random high port number will probably hide it well enough for Internet-wide port scanners as well.

if you want to be extra paranoid, you can hide the VPN service behind a port knocker as well.

Best free/cheap web host for DIY email in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 1 points 2 years ago

I recommend https://migadu.com. not free, but the lowest price tier has lots of features, unlimited mailboxes etc.

[Solved] I want to ditch Nextcloud notes in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 1 points 2 years ago

See https://lemm.ee/post/4593760 for a related post and more discussions about pros and cons of each.

My new favourite password manager in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 2 points 2 years ago

keepass2android is worth a try as well.

Could use a tl;dr guide (if there is such thing) on how to build a kernel. in c/linux4noobs@lemmy.world
[–] hayalci@fstab.sh 2 points 2 years ago

You got an excellent short answer here, but for a more extensive article check out https://itsfoss.com/compile-linux-kernel/

Anyone else wants a one box replacement to a switch attached to USB NICs? in c/selfhosted@lemmy.world
[–] hayalci@fstab.sh 5 points 2 years ago (1 children)

A good answer to a "why?" question is "why not?" This can be a great learning or practice opportunity for redundant network links and other interface challenges.

view more: ‹ prev next ›