maybe the lying presentation-style of the arguments in the given picture then sort of also represents the same style arguments of those who became rich and powerful by only lies and abuses?
not sure, just speculation ;-)
but if making it worse and causing losses on the other side for the gain of an “imagined good outcome” where the other (victim) just “has to accept the loss and work hard to make the good outcome to become real” is considered to be “good” behaviour by them, then maybe they also say within the same argument that bankrobbers, shoplifters and housebreakers should be honored (as in taxfree extra money paid by the victim or such) for “helping them (bank, shop, homeowner) to develop better security” instead of prosecution and forced handing back of what they took.
the island next to england is called iceland, its in the upper left corner. but please don’t use AIs, they always do it wrong and i.e. mark the wrong spot like in your picture.
secretly: its really called Avalon, but don’t spread it, its secret and should stay so 8-)
but i think laws should have some “binding” effect on how police acts on suspects of murder like separating the suspects from their comrades to disenabling them from making up cover stories until beeing presented to a court or such? also disenabling them from:
walking free and killing a next victim (maybe accidental witnesses they want to get rid of for undenyable cover stories)
destroying evidences as they seem fit
vanishing forever as they like
creating false evidences
All this is not regulated to at least some degree in laws to be followed strictly by police officers? i am not talking about laws preventing actions of one person or two, but laws binding police in general on how to handle these suspects depending on the crime suspected and that there seems to be no doubt who was on-scene when that happened.
and maybe they only have a dumb trainee or one of those super intelligent AIs to search for the specialists they urgently need (or both in combination)
sell 10million packages each with missing 2% of contents.
sell those 200000 extra packages with the contens you “saved” (no, not 204000 with again missing 2%, see below why)
do not pay taxes on extra packages you sold as you can “proof” you sold all 10million paying those taxes.
receive 200000 * price of package as personal taxfree extra income.
write that one guy who complained about missing 8grams of pasta a sorry letter
complain about time loss and costs writing a single sorry letter and pay paper and stamp out of “marketing” campaigns budget
complain about the world not trusting companies
complain about people using badly adjusted scales
complain about someone selling none-genuine products on market with your logo faked.
assume that those packages with missing contents could be just those fake products.
done a full circle.
but… kitchen scales are really bad. most other scales as well. i tried to find (electronic) scales that are actually precise:
for low weights i ended up with a scale with 0.01 gram precison, but it could only measure a bit more than 100grams (and also included a 100gr calibration weight)
for higher weigths i only found a scale for post offices measuring packages. the only thing the vendor “really” promised was that multiple times measuring the same thing would be showing the same weight (nope the best “affordable” scale on the market here did not promise to measure correctly, just to measure over and over the same…)
i guess the options for accurate measuring of more than 100gr are:
old style mechanical scales daily adjusted
high priced industry/laboratory scales with warranties
fun fact:
after i bought that 0.01gr precicion scale, amazon showed me small plastic clip bags with green leaf signs on it as “recommended” products for month, while i used the scale to mix just small amounts of 2-component epoxy resin in projects.
Do you think that without all of the evilish illminded so called “economic society” abuse-of-everything pyramid scheme there would be as much or even any sort of mental illness?
imagine not beeing confronted with thousands of commercial advertising lies a day (just walk the streets). imagine not beeing poisoned with all the industry waste they call food today … imagine not beeing manipulated by century-overpsanning massive propaganda against countries that literally have done no harm to you in the first place (propaganda that solely exists to create war and kill your could-be-friends before you can even try to know them)… and there is a statistically relevant connection between times when cities had lead pipes in fresh water systems and high occurance of murderers that also vanished together with the lead pipes, looking at historic data over decades. (dont have the link though) just by not living in a single place for too long would have prevented that lead-pipes-are-good-for-business that caused murders to cause too much damage to your mental health.
i do believe that there are lots of people who choose to disconnect from the mental illness swarm that calles itself western culture. and i guess that in countries where climate allows living without a “home”, some of them will choose to live just like that to “keep” their mental sanity and “not” get such illnesses.
also there are “homeless” insiders of the very same ill-mind-creating society, just think of “digital nomads”. and you do not need to have a mental illness to want to live such a lifestyle, do you? some countries have laws to attract difital nomads.
when it comes to mental healthyness and types of sports that include mental balance (like kung fu, yoga, etc) look at people who are fond of yoga, how they talk about how important yoga has become for them.
no, one does not need to have mental problems to choose to live any type of homeless lifestyle, but if you live a lifestyle within western “culture” you are more than a few steps closer to developing a mental illness by design(d by your “wealthy” billionaires) ;-) and if you add a mental balancing element like yoga or kung fu (or others) to your lifestyle that maybe also comes along with a philosophy of its own that is a trillion times more worth beeing lived than the whole western “culture” itself, then i am sure, one cannot persuade those, with no existing luxury, no advertising, propaganda, or other brainwash technics to leaver their “homeless” lifestyle. for what? (list of all low-value “luxuries” that any ill-minded society could “give” them while stealing everything of value from them to be added here)
humans have choosen to wander around, to walk to a different continent or to a religious site for lots of millenia, maybe since humans even exist. Doing such by walking on foot can take years or even decades but deciding to do so does not need a mental illness.
as far as i have met a few people that are on such a course by chance, my best guess is that you maybe just have to change your viewing point and direction to get in contact with some of them, maybe no matter where you are on earth (excluding antarctic and north korea maybe)
maybe make a test by your own, make a backpack travel for some month in a different country/continent, do not start unprepaired, plan how to do it, read and talk to people who have done it, look for a route that is common to do such, think of what you “need” to take with you and fits in a backpack not too heavy, reconsider to leave everything out you “might not” need or could buy on the way if really needed. when starting, stop your time schedule, follow your planned route somehow but allow side trips, talking to strangers for hours about anything if you like, tell your friends at home whenever your route changes, but let things happen and see who you meet. Getting lost can become an advanture with experiences you might not want to have missed for the rest of your life. But take care, there are dangers out there too (better not swim with crocodiles)
there is no substitute for getting your own glimpse of what freedom feels like.
I don’t mean like scams or anything like that. I mean what’s the ad that has done the worst job as an advertisement? Instead of making you want to buy the product you wanted to avoid it.
i disliked an ad in tv before 2000 and decided to not buy the deodorant stick then because of that. like 10 to 15 years later i accidently bought the product- long forgotten that this was the one with that bad ad and actually liked the product and bought it regulary for some time (then remembering how bad that ad was, but okay the product was good actually). that was until they decided to put more plastics into packaging as well as less content into it (same price for package) just to make it more costly for me thus more profitable for them, whilst producing more litter and destroying more resources just for profit. The higher price would not have been too bad, but creating more litter for more profit made me then search a better product. then found a bio product with all natural contents, very few plastic packaging and even less pricy.
That ad made me NOT buy it. So that was the worst ad i’ve ever seen in two ways: it reduced my willingness to buy their product to far below zero lasting for a decade and i did not even want to try the product that i later found to be actually good, so worst case for the vendor AND the customer.
However that product later also had the “best” Price raise (by less content) for me ever as that made me search and find the then newly existing even better and more natural, less pricy product of their competitor.
I know about Clonezilla and copy pasting partitions with gparted, but can I just use dd to copy a partition with batocera to a USB stick and will it then boot from the stick? Do I have to set the boot flag or take any other steps?...
you can copy your system live, but that would involve other tools than dd too.
with dd when copying the whole device (instead of just partitions) everything gets cloned. This includes uuids, labes, lvm devices with the names of their lv and vg names and raid devices in case you have any. all of these (c|w)ould collide unless the original disk was taken out or either the new or old disks labrls uuids etc are previously to the boot changed to prevent collusions or accidently mounting/booting the original partitions. also if (!) you use device names i.e. in fstab, crypttab, scripts or such, like with the uuids things could break. also you might have to take action for your bios to actually boot from the stick. most people disable usb boot on notebooks for security reasons.
using dd, cloning the full disk to the full stick, then removing the original disk + set bios boot setting might work out of the box, i’ld try that first as it takes only the effort to boot from another os to do the dd-copy offline (preventing filesystem damage while copying).
a live copy could be done by cloning only the partition layout and bootloader, then setting up new filesystems (with new uuids) and new lvm group/volumes etc if any, copying original disk using rsync then (maybe “bind” mounting to separate partitions if needed), then adjusting boot config to match new uuids/labels. This could be done while running the system to be copied, but of course even running rsync twice might lack some updates of currently open files by sth like desktop programs or logfiles.
Without knowing the exact setup, only limited answers can be given, but you have to make sure the boot process will work, so at least the boot loader (grub?) and its files will be needed, which -at least in the past and for old lilo/grub- could not reside at some position on the disk after some “high value” like some number GBs. if that limitation is still there, your new exact partition layout on the usb stick might be relevant for success, but try/error should give you the hints you need.
you might use “language models” for getting hints, but they are language models, not friends, their “solution” might break your system and delete your data, and they are trained to say they are sorry afterwards, but the are’nt sorry, its just a sequenze of probabilities and words to them not more.
So always only work on data that has been backed up and prooven to be suitable for you to recover everything you need from scratch, no matter if friends, language models or lemmy users assist you ;-)
UPDATE: just learned that batocera is “designed” to be just copied to usb stick and run from there, so it will most likely already include everything you need. best is to follow their instructions how to create the usb stick to boot from. if you already have it running from partition, you most likely can copy your current data using rsync. but beware, if you have two copies with the same uuids (partition +usb) that might not work as expected.
I’ve spent some time searching this question, but I have yet to find a satisfying answer. The majority of answers that I have seen state something along the lines of the following:...
As i see it, the term “firewall” was originally the neat name for an overall security concept for your systems privacy/integrity/security. Thus physical security is (or can be) as well part of a firewall concept as maybe training of users. The keys of your server rooms door could be part of that concept too.
In general you only “need” to secure something that actually is there, you won’t build a safe into the wall and hide it with an old painting without something to put in it or - could be part of the concept - an alarmsensor that triggers when that old painting is moved, thus creating sort of a honeypot.
if and what types of security you want is up to you (so don’t blame others if you made bad decisions).
but as a general rule out of practice i would say it is wise to always have two layers of defence. and always try to prepare for one “error” at a time and try to solve it quickly then.
example: if you want an rsync server on an internet facing machine to only be accessible for some subnets, i would suggest you add iptables rules as tight as possible and also configure the service to reject access from all other than the wanted addresses. also consider monitoring both, maybe using two different approaches: monitor the config to be as defined as well as setup an access-check from one of the unwanted, excluded addresses that fires an alarm when access becomes possible.
this would not only prevent those unwanted access from happening but also prevent accidental opening or breaking of config from happen unnoticed.
here the same, if you want monitoring is also up to you and your concept of security, as is with redundancy.
In general i would suggest to setup an ip filtering “firewall” if you have ip forwarding activated for some reason. a rather tight filtering would maybe only allow what you really need, while DROPping all other requests, but sometimes icmp comes in handy, so maybe you want ping or MTU discovery to actually work. always depends on what you have and how strong you want to protect it from what with what effort. a generic ip filter to only allow outgoing connections on a single workstation may be a good idea as second layer of “defence” in case your router has hidden vendor backdoors that either the vendor sold or someone else simply discovered. Disallowing all that might-be-usable-for-some-users-default-on-protocols like avahi & co in some distros would probably help a bit then.
so there is no generic fault-proof rule of thumb…
to number 5.: what sort of “not trusting” the software? might, has or “will” have: a. security flaws in code b. insecurity by design c. backdoors by gov, vendor or distributor d. spy functionality e. annoying ads as soon as it has internet connection f. all of the above (now guess the likely vendors for this one)
for c d and e one might also want to filter some outgoing connection…
one could also use an ip filtering firewall to keep logs small by disallowing those who obviously have intentions you dislike (fail2ban i.e.)
so maybe create a concept first and ask how to achieve the desired precautions then. or just start with your idea of the firewall and dig into some of the appearing rabbit holes afterwards ;-)
you do not need to know the source ports for filtering outgoing connections.
(i usually use “shorewall” as a nice and handy wrapper around iptables and a “reject everything else policy” when i configured everything as i wanted. so i only occasionally use iptables directly, if my examples dont work, i simply might be wrong with the exact syntax)
something like:
iptables -I OUTPUT -p tcp --dport 22 -j REJECT
should prevent all new tcp connection TO ssh ports on other servers when initiated locally (the forward chain is again another story)
so … one could run an http/s proxy under a specific user account, block all outgoing connections except those of that proxy (i.e. squid) then every program that wants to connect somewhere using direct ip connections would have to use that proxy.
better try this first on a VM on your workstation, not your server in a datacenter:
“-I” inserts at the beginning, so that the second -I actually becomes the first rule in that chain allowing tcp for the linux user named “squiduser” while the very next would be the reject everything rule.
here i also assume “squiduser” exists, and hope i recall the syntax for owner match correctly.
then create user accounts within squid for all applications (that support using proxies) with precise acl’s to where (the fqdn’s) these squid-users are allowed to connect to.
there are possibilities to intercept regular tcp/http connections and “force” them to go through the http proxy, but if it comes to https and not-already-known domains the programs would connect to, things become way more complicated (search for “ssl interception”) like the client program/system needs to trust “your own” CA first.
so the concept is to disallow everything by iptables, then allow more finegrained by http proxy where the proxy users would have to authenticate first. this way your weather desktop applet may connect to w.foreca.st if configured, but not e.vili.sh as that would not be included in its users acl.
this setup, would not prevent everything applications could do to connect to the outside world: a local configured email server could probably be abused or even DNS would still be available to evil applications to “transmit” data to their home servers, but thats a different story and abuse of your resolver or forwarder, not the tcp stack then. there exists a library to tunnel tcp streams through dns requests and their answers, a bit creepy, but possible and already prepaired. and only using a http-only proxy does not prevent tcp streams like ssh, i think a simple tcp-through-http-proxy-tunnel software was called “corckscrew” or similar and would go straight through a http proxy but would need the other ond of the tunnel software to be up and running.
much could be abused by malicious software if they get executed on your computer, but in general preventing simple outgoing connections is possible and more or less easy depending on what you want to achieve
But the point that I was trying to make was that that would then also block you from using SSH. If you want to connect to any external service, you need to open a port for it, and if there’s an open port, then there’s a opening for unintended escape.
now i have the feeling as if there might be a misunderstanding of what “ports” are and what an “open” port actually is. Or i just dont get what you want. i am not on your server/workstation thus i cannot even try to connect TO an external service “from” your machine. i can do so from MY machine to other machines as i like and if those allow me, but you cannot do anything against that unless that other machine happens to be actually yours (or you own a router that happens to be on my path to where i connect to)
lets try something. your machine A has ssh service running my machine B has ssh and another machine C has ssh.
users on the machines are a b c , the machine letters but in small. what should be possible and what not? like: “a can connect to B using ssh” “a can not connect to C using ssh (forbidden by A)” “a can not connect to C using ssh (forbidden by C)” […]
so what is your scenario? what do you want to prevent?
I don’t fully understand what this is trying to accomplish.
accomplish control (allow/block/report) over who or what on my machine can connect to the outside world (using http/s) and to exactly where, but independant of ip addresses but using domains to allow or deny on a per user/application + domain combonation while not having to update ip based rules that could quickly outdate anyway.
This is most likely a result of my original post being too vague – which is, of course, entirely my fault.
Never mind, and i got distracted and carried away a bit from your question by the course the messages had taken
What is your example in response to?
i thought it could possibly help clarifying something, sort of it did i guess.
Are you referring to an application layer firewall like, for example, OpenSnitch?
no, i do not conside a proxy like squid to be an “application level firewall” (but i fon’t know opensnitch however), i would just limit outbound connections to some fqdn’s per authenticated client and ensure the connection only goes to where the fqdns actually point to. like an atracker could create a weather applet that “needs” https access to f.oreca.st, but implements a backdoor that silently connects to a static ip using https. with such a proxy, f.oreca.st would be available to the applet, but the other ip not as it is not included in the acl, neither as fqdn nor as an ip. if you like to say this is an application layer firewall ok, but i dont think so, its just a proxy with acls to me that only checks for allowed destination and if the response has some http headers (like 200 ok) but not really more. yet it can make it harder for some attackers to gain the control they are after ;-)
so here are some reasons for having a firewall on a computer, i did not read in the thread (could have missed them) i have already written this but then lost the text again before it was saved :( so here a compact version:
having a second layer of defence, to prevent some of the direct impact of i.e. supply chain attacks like “upgrading” to an malicously manipulated version.
control things tightly and report strange behaviour as an early warning sign ‘if’ something happens, no matter if attacks or bugs.
learn how to tighten security and know better what to do in case you need it some day.
sleep more comfortable when knowing what you have done or prevented
compliance to some laws or customers buzzword matching whishes
the fun to do because you can
getting in touch with real life side quests, that you would never be aware of if you did not actively practiced by hardening your system.
one side quest example i stumbled upon: imagine an attacker has ccompromised the vendor of a software you use on your machine. this software connects to some port eventually, but pings the target first before doing so (whatever! you say). from time to time the ping does not go to the correct 11.22.33.44 of the service (weather app maybe) but to 0.11.22.33 looks like a bug you say, never mind.
could be something different. pinging an IP that does not exist ensures that the connection tracking of your router keeps the entry until it expires, opening a time window that is much easier to hit even if clocks are a bit out of sync.
also as the attacker knows the IP that gets pinged (but its an outbound connection to an unreachable IP you say what could go wrong?)
lets assume the attacker knows the external IP of your router by other means (i.e. you’ve send an email to the attacker and your freemail provider hands over your external router address to him inside of an email received header, or the manipulated software updates an dyndns address, or the attacker just guesses your router has an address of your providers dial up range, no matter what.)
so the attacker knows when and from where (or what range) you will ping an unreachable IP address in exact what timeframe (the software running from cron, or in user space and pings at exact timeframes to the “buggy” IP address) Then within that timeframe the attacker sends you an icmp unreachable packet to your routers external address, and puts the known buggy IP in the payload as the address that is unreachable. the router machtes the payload of the package, recognizes it is related to the known connection tracking entry and forwards the icmp unreachable to your workstation which in turn gives your application the information that the IP address of the attacker informs you that the buggy IP 0.11.22.33 cannot be reached by him. as the source IP of that packet is the IP of the attacker, that software can then open a TCP connection to that IP on port 443 and follow the instructions the attacker sends to it. Sure the attacker needs that backdoor already to exist and run on your workstation, and to know or guess your external IP address, but the actual behaviour of the software looks like normal, a bit buggy maybe, but there are exactly no informations within the software where the command and control server would be, only that it would respond to the icmp unreachable packet it would eventually receive. all connections are outgoing, but the attacker “connects” to his backdoor on your workstation through your NAT “Firewall” as if it did not exist while hiding the backdoor behind an occasional ping to an address that does not respond, either because the IP does not exist, or because it cannot respond due to DDos attack on the 100% sane IP that actually belongs to the service the App legitimately connects to or to a maintenance window, the provider of the manipulated software officially announces. the attacker just needs the IP to not respond or slooowly to increase the timeframe of connecting to his backdoor on your workstation before your router deletes the connectiin tracking entry of that unlucky ping.
if you don’t understand how that example works, that is absolutely normal and i might be bad in explaining too. thinking out of the box around corners that only sometimes are corners to think around and only under very specific circumstances that could happen by chance, or could be directly or indirectly under control of the attacker while only revealing the attackers location in the exact moment of connection is not an easy task and can really destroy the feeling of achievable security (aka believe to have some “control”) but this is not a common attack vector, only maybe an advanced one.
sometimes side quests can be more “informative” than the main course ;-) so i would put that (“learn more”, not the example above) as the main good reason to install a firewall and other security measures on your pc even if you’ld think you’re okay without it.
depending on overall comfort and freedom desires, you/he could have a look on crimes that happened and how they would be prosecuted, quit renting contracts or sell, tell police one of the crimes was actually you/him and for some month/years the bills will vanish. when living in one of the most shitty countries of the world, police and court might be fully ok if they enprison an innocent anyway and you/he could help someone safe his (bad) ass.
not the expected answer? maybe just find a flat where street lights shine in all night and quit the utility contracts (or just don’t sign up) done: lights will stay on ;-)
maybe even better: help healing the world and help fixing politics and utility bills could vanish all over the world, all needed resources are ready available, it just needs a big fix of their distribution.
even though maybe weird, all of above ideas would work =D hope you/he choose no 3
So, I got into NixOS and installed it on a VPS a few days ago. I’ve previously used yunohost.org (a debian based all-in-one selfhosting solution) and docker-compose. But I (now) really like the Nix(OS) approach, the amount of packaged software and how everything ties together in a clean server configuration....
i guess those who say you should not run your own mail server are maybe those who run one, earning money with it?
I am running my own mail server for >15 years now. What you should do:
check your ip and the subnet your server is in is not found in blacklists (mxtoolbox has blacklist check)
make sure you do not run an open relay server, thus only allow authenticated users to send email, use good passwords and youre likely done
stay up to date and read security notes for your server, especially whatever you run as exposed service, register on security news etc.
do not use software that is known to make trouble (no M$, maybe better also avoid microsofts systemd)
setup your config to match exactly what you need, disable unneeded features (like if you use cram-md5 for auth, disable plain and all others)
send mails via deliver port and only receive them via port 25.
setup dkim
setup dmarc
check DNS to be precisely how it should be, MX record to match PTR, correct dmarc and dkim settings, setup spf records for your domain and *.yourdomain.tld too (using txt records this could collide with letsencrypt certupdates via dns)
use mailserver check services i.e. mxtoolbox but you will need others to also check dmarc and dkim (services where you can send an email to and they tell you problems)
use publicly validatrable ssl certificates (letsencrypt) so other servers are not “scared” to send emails using tls instead of plaintext. (disable plaintext transfer anyway) update the certificates regulary before they expire. you can use ssl checkers (ssl labs) to validate your certificate
verify sending and receiving using some external email accounts from other providers (google microsoft, a small hoster is good too, but for big ones checking with their system sometimes shines light on their bad services ;-)) and keep in mind that the big ones are not doing everything right or sane.
do not send spam or mass mailings (even if this is your business, please stop, get a good job instead, if you know how to sneak emails through filters, maybe someone pays you to do the opposite)
regulary check your server logs for weird things
maybe use vpn to access imap and deliver port do reduce the exposed services to minimum
disallow ipv6 to all providers that do not allow sending to them via ipv6 (like google)
use fail2ban to block abusers in the firewall (less for security but for keeping logs cleaner) sometimes you need to block others misconfigured servers forever (like if one server tries to send an email to your server for a domain that you dont host, but this email is one of an autogenerated error sort that just sits in the logs every few minutes for as long as you let it. be aware that fail2ban blocks ip addresses while with ipv6 spammers like all others have billions of them in their range.
be aware that some providers do weird checks “before” trying to send email to you like deutsche telekom, checking some html page on your domain to show a postal address before they try sending an email to you. these basically betray their customers. depending on how important this one provider is for you, you can do what they want (the postal address telekom checks could be set to the name of their CEO to actually work lol) but you do not have to fulfill every wish other platforms would like to force you into, regulary those who want so send emails to you, will deliver them for their customers (not deutsche telekom though)
be aware thar your emails that you send to other servers could end up in spamfilters, no matter what you do, spam filters are error prone and CEOs tend to hire less than a quarter of how many admins they need to not betray their customers with ads vs reality, but (!) mostly the receiver (companies) “wants” to get your email thus checks spam folders anyway or you could be added to contacts (friends). if your email is lost completely (microsoft cloud services tended to do so for years and during that time even turned off sending DSNs which i had used to proof the regular email loss to the M$ enthusiasts muahahaa) and if that email is important, you have to “ensure” checking its delivery anyway maybe also send via postal services. thus normally spam filters - as of my feeling for this - are not really a problem, google is a problem (reported emails as received, then always deleted them directly without notice to neither sender nor receiver, betraying their customers while breaking some laws too), microsoft is a problem and some other providers too, but that has exactly nothing to do with your domain or your email server, you are not responsible for their (intentional) errors or crimes.
regulary repeat your checks especially for blacklists - some blacklists show your ip as blacklisted because another ip that “looks similar” - same provider/network - is found in another blacklist (they dont like you cause you live in the same city as that other guy wich they were told was bad - weird though but some blacklist should be blacklisted… ) but has nothing to do with you, just a blacklist that is f***ed up. depending on what is the problem, your hoster can help, or you can choose another (cheaper or better) hoster anyway.
setup monitoring for mail roundtrip using a mailaccount at another provider and there a forwarding back to your server so you get an alarm if something breaks.
filter incoming emails by SPF (reject before they are received, but do not filter by bad dmarc setup of other providers (the CEO problem mentioned above, even most newsletters i receive show to have a broken email setup even if “professional” paid services are used) . setup all your filters with relaxed settings (warning only) first before you enforce them
consiser firewall blocking on port probes: every ip who probes ports where you have no services running on, could imho get immediately blocked with packet drop immediately forel 24h just to keep logs a bit cleaner ;-)
setup your email server with at least two nodes on different hosters in different regions so that any problem local to a hoster or region does not affect both and you stay online with sending and receiving. (hosting your own DNS is even more reliable)
never under no circumstances? sure, of course yes! but it can be some work to do. but if you do, its in my experience more stable than any provider, paid or unpaid, cloud or not, and you get the most possible privacy (all of your non-internal-only emails are available to at least one other server anyway) and flexibility too, and you have the possibility to proof that the other server lost your email, not yours as they like to just blindly claim by default =D
What's stopping you from coding like this ? (lemmy.world)
0% defrost speedrun rule (files.catbox.moe)
Two have a point. One does not.
Unnamed island (startrek.website)
17-year-old shot and killed by officer conducting welfare check (abcnews.go.com)
Really narrowed it down there, cheers (lemmy.world)
Your everyday Linux maintenance experience (files.catbox.moe)
Bartender Qualifications (programming.dev)
It seems like all packaged foods do this now (lemmy.world)
I bought 175 g pack of salami which had 162 g of salami as well.
deleted_by_author
What's the worst ad you've ever seen?
I don’t mean like scams or anything like that. I mean what’s the ad that has done the worst job as an advertisement? Instead of making you want to buy the product you wanted to avoid it.
Can I just use dd to clone my laptop to a bootable USB stick?
I know about Clonezilla and copy pasting partitions with gparted, but can I just use dd to copy a partition with batocera to a USB stick and will it then boot from the stick? Do I have to set the boot flag or take any other steps?...
When do I actually need a firewall?
I’ve spent some time searching this question, but I have yet to find a satisfying answer. The majority of answers that I have seen state something along the lines of the following:...
Sovereign citizen has a totally sane question. (lemmy.world)
Looking for good resources for a selfhosted home-server, especially the more advanced stuff
So, I got into NixOS and installed it on a VPS a few days ago. I’ve previously used yunohost.org (a debian based all-in-one selfhosting solution) and docker-compose. But I (now) really like the Nix(OS) approach, the amount of packaged software and how everything ties together in a clean server configuration....