A word about systemd by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 3 points 23 hours ago* (last edited 23 hours ago)

Systemd is no longer just an init system, but the project began with Poettering's dislike of other init systems. I use systemd and I do not like its performance (too slow in some cases).

The tragedy is that being an end-user, it is ridiculously hard to replace systemd on "regular" distros. Admittedly, Debian can be moved back to sysVinit without backbreaking work, but the fact is that distros don't seem to have any intention of providing choice, making applications assume that systemd exists wherever they will be installed. That is the complaint I have against the Linux community

Uniting for Internet Freedom: Tor Project & Tails Join Forces | Tor Project by Findmysec in c/linux@lemmy.world
[-] Findmysec@infosec.pub 1 points 1 day ago

I don't care as long as they keep it technically sound.

A word about systemd by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 1 points 1 day ago

Why would you need a GUI for the init?

A word about systemd by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 4 points 1 day ago

Explain how other init systems are necessarily worse than systemd

A word about systemd by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 13 points 1 day ago* (last edited 1 day ago)

I've heard of s6 and runit alongside OpenRC as alternatives. I believe distros should make the init system agnostic of the rest of the software and not force users to stick with what they force them to do. Systemd is really slow.

What infuriates me more than distros playing the heavy hand in adopting it, are applications depending on it (I'M LOOKING AT YOU GNOME). This is completely unacceptable. If I find an application that doesn't work without systemd, I either compile it to see if it will work otherwise or give up on it.

Maybe my view of systemd will change if I delete all of the other binaries and just use the init module. Who the fuck decided to put a fucking log in manager with the init system???? This is the feature bloat that I'm talking about and I hate it

Feather-Atomic atomic swap plugin for feather wallet v1.1 released by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 1 points 1 day ago* (last edited 1 day ago)

Yes of course, transacting amounts close to the payments you want to make is a bad idea.

I should probably study a bit more about MW, it's been a while

Feather-Atomic atomic swap plugin for feather wallet v1.1 released by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 1 points 1 day ago

I do not know the specifics of how MimbleWimble works, but like XMR, transaction history and metadata is no longer public. Your trace of coins are effectively evaporated when you move coins over MW to another wallet from your "compromised" wallet, and from there you convert to XMR/move to another LTC wallet and pay merchants who accept LTC without MW. Obviously, basic OPSEC is expected but other than that the technology is supposed to work fairly well.

You could also do a swap like LTC->XMR->LTC and spend it that way, losing some money in the process but soothing paranoia in return

Feather-Atomic atomic swap plugin for feather wallet v1.1 released by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 1 points 1 day ago

I just never looked into BCH, I'll take a look thanks

Feather-Atomic atomic swap plugin for feather wallet v1.1 released by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 1 points 1 day ago

You can just create two different accounts, both with MW on LTC and pass coins between them to break the chain. But yes you're right, I wish it was opt-out instead of opt-in

Parental controls? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 2 points 1 day ago

I found this but it's from a while back: https://h-mdm.com/advanced-web-panel-installation/

Not too many out there TBH. If I had a daughter she'd be getting a Pixel with Grapehene and a DNS server on it (different user) if she really didn't have any self control

Parental controls? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 3 points 1 day ago* (last edited 1 day ago)

Create a new user and give explicit permissions via doas + SELinux (corporate style lockdown). And deal with network policies with a DNS filter on your LAN (or maybe run an unbound service on her device with a different user without a login so she can't change the config). Easy

For Android, use a FOSS MDM

Feather-Atomic atomic swap plugin for feather wallet v1.1 released by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 2 points 2 days ago

Can we do one for LTC please? Arguably more private

193
Reminder: seeders, please seed on I2P (infosec.pub)
submitted 1 week ago by Findmysec@infosec.pub to c/piracy@lemmy.dbzer0.com
77 comments fedilink

Regular users in Sweden are in danger because a corporation needs to fill their pockets. Studios are suing your ISPs to get to you.

Use I2P. It will hide your IP address (among the many things it can do), afford you more privacy and allow you to torrent freely, even without a VPN/seedbox. The catch? You'll have to add the I2P trackers to your torrent.

I believe I2P is the way forward for piracy and I look forward to it getting bigger than it already is.

36
Is StormyCloud the only I2P outproxy? (infosec.pub)
submitted 2 weeks ago* (last edited 2 weeks ago) by Findmysec@infosec.pub to c/privacy@lemmy.ml
17 comments fedilink

A lot many individuals run TOR exit nodes, but I never hear about people running their own I2P outproxies. Is it really hard to host, or is there some other reason? I thought that if you could run a TOR exit node I'd think you'd be just fine running an I2P outproxy.

Running more outproxies will help in bridging torrents from the clearnet to I2P, which would be a very good move considering the crackdowns on torrents right now. Companies even want to involve civilians into their lawsuits in Sweden now, making the need for privacy/anonymity even more important when torrenting, which I2P provides.

145
Does Wikipedia really need my donations? (infosec.pub)
submitted 3 weeks ago by Findmysec@infosec.pub to c/asklemmy@lemmy.ml
59 comments fedilink

Every now and then I'll get an email from someone higher up in Wikipedia asking for a donation. I don't really mind a tenner but I don't know if it pads the pockets of corporate management or actual contributors. Also, are they really short of money or is this tugging at emotional strings a play at something else? I wish Wikipedia survives but there's a lot of projects I need to donate to and I have a budget.

156
What's with the sheer number of shutdowns recently? (infosec.pub)
submitted 1 month ago by Findmysec@infosec.pub to c/piracy@lemmy.dbzer0.com
25 comments fedilink

I've never known so many shutdowns inside 2 weeks as the last two have been. Even websites pirating manga were shut down. What happened? What's with this massive legal wave of shutdowns, and why now?

92
I find no motivation in working for myself (infosec.pub)
submitted 1 month ago by Findmysec@infosec.pub to c/asklemmy@lemmy.ml
67 comments fedilink

The title is really vague, so I'll try to clarify my intentions here:

I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.

However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.

This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.

What do I do? What would you do in this situation?

161
Why do so many people use NGINX? (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
102 comments fedilink

I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.

If you're starting from scratch, why did you pick/are you picking NGINX over the others?

0
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
4 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

3
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/linux@lemmy.world
2 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

14
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/linux@lemmy.ml
8 comments fedilink

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

4
Somebody please explain PROXYv2 to me and the myriad of ways to do DoH? (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/networking@sh.itjust.works
0 comments fedilink

I've been looking to implement DoH

  1. The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
  2. Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.

However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.

My questions:

  1. I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
  2. Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?

I am still confused, would really appreciate some help :)

100
Is Backblaze a reliable provider? (infosec.pub)
submitted 2 months ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
67 comments fedilink

Hi everyone,

I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.

However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.

What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.

Thanks!

view more: next ›

Findmysec

joined 2 months ago