Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.

There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.

I don’t think they have skin the in shipping game but their algorithms are over optimized that they don’t even show what your searching for, but trying to infer why you’re searching for it. That or whoever pays them more. Certainly a search risk

was it ever? I participate in interview rounds at my company (several tech screens a month) and I must say a candidate’s email was not something that drew attention

you’re able to unsubscribe from all those protomtions . . . that is in settings. Personally, a once-a-month newsletter of everything that is new is helpful bc I don’t need to put in the effort tlinto keeping up

For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

I also have a policy to sync specified folders (and subfolder) with my family’s devices. No more " hey can you send me all the pics from the XYZ trip"

We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.

Debian has the advantage of not using snapd like Ubuntu does. You have to not only remove snaps but also instruct the package manager not you pull in snaps as dependencies and not to favor snap packages.

I have fond memories of Ubuntu being my first distro many years ago but pushing snaps onto users to compete with flatpak is a nuisance.

newsblur

The statement is very informative. The bug happens under increased read/write operations to the same file causing a race condition.

I also found interesting:

Despite the bug being present in OpenZFS for many years, this issue has not been found to impact any TrueNAS systems. The bug fix is scheduled to be included in OpenZFS 2.2.2 within the next week

This is the best suggestion for DIY, I can even get away without a printer and just write by hand. Perfect! Wish I could pin this comment.

nothing wrong with being self taught, you could follow these basics topics before poking holes in firewall.

1. VLANS: learn how to separate your LAN into networks with different security requirements. For wireless, try to make a “main” and “IoT” network so that IoT network that can’t talk to your “main” network but “main” can reach IoT devices. For wired, try to have a Management network, and a “Dirty network” etc.
2. Firewalls and Routing: You will need to be able to route between your VLANS and set firewall rules to allow certain traffic. Best practice is block everything and allow only what you need.
3. NMAP: learn how to do NMAP scans of your network to discover hosts and their open ports/services. This is a similar approach that “hackers” and script kiddies use on the public internet to find vulnerae and open services. Being able to probe your own network is crutial in understanding how others might approach in penetrating it.
4. Wireguard VPN: Learn to access your network remotely by setting up a wireguard VPN. Wireguard is preferred because it is “stealthy” and will not respond to unsolicited attempted to probe your network. Start small by using wireguard to access between VLANs so you don’t run the risk of using the internet.
5. NGINX and Reverse Proxy: If necessary, learn to expose your services or blog or website by only exposing nginx and proxying to your services. Many guides on securing NGINX exist. Try not to expose anything, but sometimes necessary if you want others to reach your website/blog/hosting etc.

That’s a rough outline that you can use to guide yourself and achieve milestones with hands on experience. In your pursuit you’ll run into certificates and domain name hosting and stuff. But all this is on the web so let your curiosity (and paranoia) drive! Have fun!!

The table of contents hints there is only one section relevant to security, Lab Firewall Config.

Anyone have experience with this book that could vouch for other chapters that explore best practices for security?

interesting, I’ll have to read about this some more then. thanks for pointing me in the right direction

WARP (a client) just connects you to CF’s network.

If your server is running cloudflared (an outbound-only tunnel) then you can enroll your WARP client to reach your server, while your server is never accessible on the public web. That’s the principal behind Zero Trust.

While techinically yes, WARP can be considered as a VPN, it is just a secure tunnel to an endpoint. In which case you can argue any point-to-point tunnel is a VPN.

discovered tailscale from this post and after reading their “how tailscale works” I was hoping to get some clarification from an activer user (you).

CF tunnels setup an outbound-only tunnel from my private network via cloudflared, I have no ingress holes in my firewall to access my services. cloudflared does all the proxying. Plus my IP changes monthly as I don’t pay for a static one from my ISP. This “outbound-only” connection is resilient to that.

Tailscale is point-to-point (for data plane) connection and only the control plane is “hub and spoke”. This sounds like I need to allow ingress rules on my private network so my server can be connected to? Is this true or where did I misunderstand?

Youre right, The 2 port vaults are $176 which is almost double your budget. I figured you could find a used one for cheaper, but I just looked around and you cannot :(

You can check out ODROID. The ARM version for $83 and a x86 version for $129. You can play around with specs and models and get those numbers down lower. Pretty large community playing with them, BSD probably can support them or at least the info is most likely in a forum somewhere.

check out Protectli Vault. They have different hardware configuration options depending on what you need.

Protectli supports virtually anything you want to slap on it, be it BSD or Linux based. A popular approach is to put Opensense on it (BSD based firewall).

I can vouch for it, quality hardware and silent. Easy to repurposed.