I’m self hosting to learn. I’ve been hacked before and I lost stuff and then I refined my technique and started over again. Nothing I do is “mission critical”, so I now have the mindset that it will fail, I will lose data and time and I will get hacked. Honestly, it’s helped me to be better at home and at my workplace to have this mindset. Always plan for failure (and keep backups).

A port scan and then inspection of the ports is a great habit. Another fun thing to do is to set up WireShark to listen to what your fridge’s IP address is doing. Who is it calling? How often? What services (ports)? While your fridge may have a DNS server, unless it’s been pre-loaded with the internet, it’ll need to query another DNS to reach the outside world. DNS is usually unencrypted, so you can see what it’s asking to connect to.

Many of these devices announce their services via Bonjour or whatever protocol. It’s a way for devices like Alexa to find out that you have a printer, interrogate the printer and then Alexa will tell you that your printer is low on ink and by the way, Amazon has a special sale, just for you.

If anything is unencrypted, check it out (with WireShark). If it is encrypted, there’s a chance that you can hijack it with a proxy server. Set up a SOCKS proxy and add a DNS label (I can’t remember what it is) to tell the devices in your network that you have a proxy. Block the fridge from the internet and see if it will autodetect the proxy. There are other ways to tell devices that your home network requires a proxy via autodetection & wpad.dat files in specific locations on your network. You can configure your proxy to log all traffic, like WireShark does and then see what’s in the payload.

I’ve done this with limited success on various devices. More mature products like Alexa are locked down. Those cheap home cameras from China are pretty hackable.

Have fun!

I came here to say the same thing except that I have a pi locally and one at a relative’s house. I back up to the local pi and a nightly cron starts rsync to pull my local copy.

I chose this so that i could control the rstnc start time, bandwidth and stop time but also so I could leave the remote network vanilla with no open ports, etc. With bandwidth limiting, it may take a few days to catch up from full backups, but a differential is same day.

Be sure to use a RO filesystem or overlay FS on the Pi card. I’ve had them go corrupt.

My mantra is “plan to be hacked”. Whether this is a good backup strategy, a read-only VM, good monitoring or serious firewall rules.

It’s a VGA connection and, yes, my primary concern is resource usage. I’m running 2-3 VMs on it so that I can easily migrate the VM around.

I had plain old top and it was boring. I did not know how many alternatives there were.

I’ll also have to check out cmatrix.

This is an excellent idea!

The cash registers at a place I worked had this for the PS2 keyboard connection, too. IIRC, you needed to slide back a sleeve before giving the cable a tug. All this was behind the tight counter, buried under a layer of dust and whatever else fell behind the register. A skilled coworker could do it with one hand, but I never mastered that skill.

Generally, no. On some cases where I’m extending the code or compiling it for some special case that I have, I will read the code. For example, I modified a web project to use LDAP instead of a local user file. In that case, I had to read the code to understand it. In cases where I’m recompiling the code, my pipeline will run some basic vulnerability scans automatically.

I would not consider either of these a comprehensive audit, but it’s something.

Additionally, on any of my server deployments, I have firewall rules which would catch “calls to home”. I’ve seen a few apps calling home, getting blocked but no adverse effects. The only one I can remember is Traefik, which I flipped a config value to not do that.

I don’t know the building code for your area or if it would even work with the other stuff in the area, but the idea is to lay at least 2x2’s every 16", put Styrofoam between the 2x2’s, lay plastic or tyvek or some vapor barrier over it all then lay down plywood and carpet on top of that. It’s a lot of work to retrofit this into an existing space, but if you’re starting over, it may be worthwhile.

I had a townhouse on a concrete slab and in the winter, the cold would transfer through the concrete to the point that when it was below 0F, the water lines running through the concrete would freeze up.

Probably true, but there were still some useful bots that I enjoyed on a regular basis like the metric conversion bot, the invidious link switcher and the remindme bot.

I think that Lemmy will allow you to use bots only if you declare them as such which should allow users to block or allow to customize their own experiences.

In addition to the other advice, if it is reasonable to do so, you would benefit from raising the floor up a bit to add insulation and a vapor barrier. The concrete will draw in the cold and humidity.

Ditto. I started my linux journey with Slackware 1.0 that I got in a book. I quickly got tired of dual booting so I picked up a used 486dx66 on Craigslist. It even came with a green on black 12" CRT! I took a class and started hacking on the kernel to learn the innards. I fixed a semaphore issue, improved the task scheduler for performance and constantly rebuilt the kernel for performance (before modularized drivers were a thing). I learned not to panic from a kernel panic.

Slackware’s “package manager” was a notepad next to the computer. I switched to debian later and loved the whole idea of a package manager. Mostly because it was a trove of free software, but also because it would handle all the dependencies for me and cleanly uninstall (at a time when disk space was valuable).

Those were the days! Long live apt & apt-get!

I was hacked years ago. I was hosting a test instance of a phpbb for a local club. Work blocked SSH, so I opened up telnet. They either got in from telnet or a php flaw and installed password sniffers and replaced some tools (ps, top) with tools that would hide the sniffer service they installed.

After that, I changed my model. My time lab is for learning and having fun. I’m going to make mistakes and leave something exposed or vulnerable and hackers are going to get in. Under this new model, I need to be able to restore the system easily after a breach. I have a local backup and a remote backup and I have build scripts (ansible) so that I can restore the system if I need to. I’ve had to do this twice. Once from my own mistake and one from hardware failure.

Same. I have spent way more time troubleshooting a pipeline than it saves. I like the idea of automation but laziness prevails.

For my own curiosity, how do you perform a build? Is it all done in pipelines, kicked off on change? Do you execute the whole infra build each time you release an update?

As others have said, a traditional off site backup will work. How do you plan to perform a restore, though? If you need the self hosted source repo, it won’t be available until the infrastructure is stood to creating another circular dependency.

I’m still in the early stages of exploring this, too. My solution is to run a local filesystem git clone of the “main” repo and execute it with a Taskfile that builds a docker image from which it can execute the ansible infrastructure build. It is somewhat manual but I have performed a full rebuild a few times after some Big Mistakes.

After breaking “prod” many times, I have a Dev (local machine), Test (small VM) and Prod (big VM). My test is just less RAM and space and I need to spin down certain K8s things to spin up others, but it’s a close mirror of Prod, just less.

I can’t speak to the quality outlook, but from what I understand about enshittification, it typically requires a self-serving entity like a corporation whose interests are not in alignment with its customers/consumers/userbase. In some of Mr. Doctrow’s writings, he indicates that federating cans be a “circuit breaker” for enshittification.

In a well federated platform, when one node begins to act counter to its users, the users can easily move nodes/instances. This is one of the reasons why there needed to be a law to allow phone number portability. Email is similar, but only if you own your own domain. Look for Cory Doctrow’s writings on BlueSky for more examples.