VPS + VPN is the cheapest option I believe for the services. It doesn’t have to be “elaborated”.

You can port-forward public VPS ports to your private addresses/ports. If you don’t want to use iptables you can use firewalld.

The only “but” will be latency. For gaming it won’t perform as you may need.

• https://major.io/p/forwarding-ports-with-firewalld/
• https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-port_forwarding#sec-Adding_a_Port_to_Redirect

It’s no longer open source. Big Deal in my books.

Vault features are cool. I really like it. But with Hashicorp now there is this big risk of “rug pulling” regarding its license.

The wise thing, in my opinion, is to avoid this company as much as possible.

If your comments have been federated to other instances, they will be there until they are deleted locally. If someone clicks on your user profile, they will get a DNS error if the domain is no longer there. Images in the comments pointing to you instance will be broken too. Nothing terrible actually happens.

Migrating accounts a la Mastodon is not happening soon in Lemmy.

My advice is: Go on and save some money.

Sorry to read that.

I’ve dded an external drive instead of an SD card once by mistake. I’ve never felt more stupid than that day.

It’s running NetBSD, isn’t it?

Some security tips:

Firewall should block everything by default, and you start allowing incoming and outgoing connections when you need them or if something fails.

Disable passwords and root access in ssh daemon.

Use fail2ban or something similar to block bots failing to log-in.

Use random long passwords for everything (eg: like databases). And put then in a password manager. If you can remember the database password, it’s not strong enough. If you can remember the admin password for a public web service, it’s weak.

Don’t repeat the passwords. Everything should have its own random long password.

.env files and files with secrets should be readable only by its service user. Chmod them to 400.

Monitor logs from time to time to see if something funny is happening.

Random ports are easy to discover and there are tools to discover what service is behind a port.

It’s annoying for the legitimate user and easy to bypass by an actual attacker.

Also, if you use a random port above 1024 it could be a security issue since any user could star listening if the legitimate process crashes.

See this

Nothing illegal is being discussed.

But I’m happy to talk about Jolly Roger.

https://workaround.org/

Wow! this is exactly what I needed. Although, I didn’t exactly ask for it.

Thank you very much

Thanks to both of you.

I had the hope that DMARC, SPF and DKIM was stuff I could just ignore if not sending email. It seems I was wrong about that.

I’ve got 3 tricks for ya:

• backups
• backups
• backups

I also assume it’s an expired certificate.

See, this is what happens when certificates are not renewed automatically.

The article says the projectos are discontinued. That’s probably the reason no one is monitoring these certs.

Another glorious benefit of DRM.

You may have one psql server per region and then use Bucardo to synchronize them.

I’ve never done this in production, so take my advice with a grain of salt.

Since you posted it in a selfhosting community, this is the feeling I get:

You’re right.

I used the phrase “wrong ideas” precisely to evoke that sentiment. Stallman’s ideas may be “wrong” for us, for good reasons. But that doesn’t make them objectively wrong. And he doesn’t seem to cross any legal boundary using his blog to defend some ideas we don’t like.

And neither should we mix the work of FSF with Stallman’s weird blog posts.

The things you say actively reflect on your employer and future employers.

why?

Imagine a interview where employer tries to know every aspect of your personality and ideas, before hiring you.

Seems quite impossible.

For a celebrity like Stallman seems easy. But imagine checking the background of a random candidate just to see if she posted something bad years ago. And rejecting her application because of a post defendig the wrong ideas.

I agree we already have courts and police. If he did something illegal, there’s a course of action there.

I don’t know any product that matches your requirements.

If I had to deal with that today I’d buy a rasberry pi, a USB sim card dongle and some raspberry hat with GPS receiver.

You can write a small API that listens to the raspberries, who sends periodically their positions, and save it to a database.

But it’s a quite large project. There’s a lot of aspects to consider. The GUI, security, batteries, and a way to attach it to an animal without being lost or destroyed.

Sorry for not giving a useful answer lol. If you come out with an actual solution I’ll be glad to hear it, so I can track my cats in case they get lost.

In Chile I recall Microsoft sending a notification to my former worplace because someone used torrent to download a game from inside the company network. That person didn’t notice that all traffic was being routed to company’s VPN hosted in MS Azure.

ISPs don’t give a shit. The goverment has laws against piracy that are never applied (you know: Southamerica, the lawlessness). But gringo companies do care.

My advice is to avoid Google, MS and the big tech to follow your pirates activities. They may suspend services to you, or notifiy some local authority.

Use a different browser or machine for your big tech interactions, and you’ll be fine.

Edit: typos.

Are you using Docker Desktop? It uses a headless virtual machine inside host, so connecting to host is tricky.

You may use hostname host.docker.internal from the container to access host.

edit: link to the docs https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host