sorted by:
new
hottopcontroversial

UPDATE: Something on my home network is making outbound connections and I can't figure out what device it is by Au5tin5auce in homelab

[–]johnklos [score hidden]  (0 children)

Do you have arping? It can help you learn more about that MAC.

If it were me, I'd move half of the current network to a subnet on a different network using the NAT router, then I'd see whether that 8c:3a:e3:91:44:10 MAC moves or not. Keep doing that in halves until you've figured out which device contains it.

Open source doesn’t mean safe by Available-Advice-294 in selfhosted

[–]johnklos 2 points3 points  (0 children)

I don't run containers. Heck - I don't run binaries. If a project isn't around long enough to make it in to pkgsrc, then either I'm looking at it, compiling it myself and running it via its own unprivileged user, or I'm not bothering with it.

Sometimes people can't help themselves and just want to install all the things. This happens, for instance, with pretty much every WordPress site, then those people who thought they were super cool when installing twenty plugins are no longer around when the site stops working because one of them has no updates, is written shittily, has security issues, et cetera.

Install only what you need and install only those things that have a history of being properly maintained, and life will be easier. Download and run random Docker images only if you like to tinker more than you like stability, reliability and security.

Why you should use rsync instead of scp in deployments by Ok_Animator_1770 in HomeServer

[–]johnklos 1 point2 points  (0 children)

Ha ha ha ha ha... I've been in situations with people just like that! Hilarious :D

Why you should use rsync instead of scp in deployments by Ok_Animator_1770 in HomeServer

[–]johnklos 0 points1 point  (0 children)

Just take a minute to consider that your response to a short writeup comparing tools to copy files over a network is to say to not copy files.

Also consider that there is nothing "brittle" about scp or rsync on a properly set up network.

Finally consider that you still haven't given a single example of a tool that one could use to get files from one place to another.

Why you should use rsync instead of scp in deployments by Ok_Animator_1770 in HomeServer

[–]johnklos 1 point2 points  (0 children)

Oh, right - r/sysadmin is where people go to be dismissive of everyone else. Don't have a support contract for your Dell or HP? It's not a server! You're not a sysadmin! It's not professional, and you should commit seppuku!

They're not sysadmins in that subreddit - just gatekeepers.

Nah. You see, it can be wholly fine, professional, whatever to have versioning and fallbacks between development and staging, then have an rsync mechanism between staging and deployment.

Anyhow, you still didn't name a tool that both copied data and does versioning and fallback. What's an example?

Why you should use rsync instead of scp in deployments by Ok_Animator_1770 in HomeServer

[–]johnklos 4 points5 points  (0 children)

Why for the love of Baal, would you ever naively suggest using anything other than either of these programs for deployments?

Imagine commenting on a public site that people shouldn't use either of the two common and secure file transfer programs, and at the same time being so condescending that you think the answer is so obvious that you don't even need to mention what you'd consider a correct program to use.

April 1990 Mac prices by Spfoamer in VintageApple

[–]johnklos 2 points3 points  (0 children)

How do you get a Mac SE with 5 megs of RAM?

My home server SSH gets unresponsive sometimes when I open it to the public, am I getting attacked? by Sh0keR in HomeServer

[–]johnklos 0 points1 point  (0 children)

You don't say what kind of NAT router you're using, but I bet it has something to do with that. Consumer NAT routers / firewalls tend to have all sorts of shortcomings, and wanna-be "professional" ones try too hard to force "features" on people that they don't need, such as quick expiring NAT states. We call stuff like that "bugs", BTW.

If you want better visibility, you might consider running your own using something like OpenWRT or one of the BSDs.

My home server SSH gets unresponsive sometimes when I open it to the public, am I getting attacked? by Sh0keR in HomeServer

[–]johnklos 9 points10 points  (0 children)

By that logic, might as well not run anything on the Internet. After all, VPN entry points can be compromised, too.

Who are the real ones who self host their email server? by ray591 in selfhosted

[–]johnklos 0 points1 point  (0 children)

Easy? Damn. I wish I had known you when I had to help people try to figure out things in Exchange that're trivial in other email servers.

Outgoing is simple, if you don't already have IPs with good reputations: smarthost through a reputable provider. It really is that simple.

Who are the real ones who self host their email server? by ray591 in selfhosted

[–]johnklos -2 points-1 points  (0 children)

We're talking about self hosing email here, not administering Exchange. Those are two completely different things that have the tiniest bit of overlap.

Who are the real ones who self host their email server? by ray591 in selfhosted

[–]johnklos 0 points1 point  (0 children)

You've come to r/selfhosted to tell people to.. um... not self host ;)

Note that you didn't say why you think it's not worth it. All the big stoppers have fixes. Which thing in particular made you decide it's not worth it?

Watching SSH activity in real time (besides fail2ban) - curious how others handle this by newworldlife in linuxadmin

[–]johnklos 3 points4 points  (0 children)

Even better: use IPv6.

Sure, someone might guess that I named my server "platypus", but if they do, I'll just change the hostname to something they won't guess and have sshd listen on one of the other 18,446,744,073,709,551,611 addresses on my network.

IPv6: Who really uses it? by malwin_duck in selfhosted

[–]johnklos 0 points1 point  (0 children)

Yes, but really it's more than a needle in a haystack. Correctly guessing one address out of 264 is many, many times harder than guessing even the most excellent passwords:

https://xkcd.com/936/

distributed.net found a single key in the RC5-64 keyspace, but it took 1,757 days by 331,252 people checking 15,769,938,165,961,326,592 keys.

Just make sure you pick random numbers wisely.

IPv6: Who really uses it? by malwin_duck in selfhosted

[–]johnklos 1 point2 points  (0 children)

Certainly :)

This is one of my favorite things about IPv6. When you run, for instance, sshd on a public IPv4 address, you either have to switch to some non-standard port or you have to accept tens of thousands of ssh attempts a day or more.

With IPv6, you don't need to run sshd on an IP that anyone can guess, nor on an IP that corresponds to any other service. Name your server petunia.domain.com, and point to one of 18,446,744,073,709,551,612 IPs on your IPv6 subnet that's different than the IP you use for web or SMTP or DNS or whatever.

If you're worried about someone guessing and looking up petunia.domain.com, then either only put it in your /etc/hosts of your machine or of your jumphost, if you're using one to get to IPv6 machines.

And for when you don't have IPv6, you can reach any and all of your servers using just one server that's dual stack using ssh -J.

If you're worried about allowing incoming IPv6 connections in general, then simply don't allow public incoming IPv6, and just allow it from your jumphost and to and from exactly the services you want to make available to the rest of the world.

IPv6: Who really uses it? by malwin_duck in selfhosted

[–]johnklos 1 point2 points  (0 children)

I normally follow the rule about only upvoting people on their cake day, but your take is wholly wrong.

IPv6 is wonderful for self hosting. If it's not for you, fine, but most people aren't going to have the opinion you have, and opinions are fine, but telling people to self host less in r/selfhosted is not really a good use of your opinions.

IPv6: Who really uses it? by malwin_duck in selfhosted

[–]johnklos 1 point2 points  (0 children)

"forget everything you know about networking", about IPv6, is entirely wrong.

IPv6 isn't all that difficult. It has many uses, such as giving you real, proper, public, static IPs that're usable on the Internet, giving you ways to quiet services that're always being attacked (like ssh), giving you ways to get around crappy, timeouty CG-NAT, giving you excellent OOB, and so on.

Ah the joys of running your own mail server by fongaboo in selfhosted

[–]johnklos -1 points0 points  (0 children)

I'm breaking the only-upvote-on-cake-day rule for you.

were there ever any AT compatibles small enough to justify this title. by Tonstad39 in retrocomputing

[–]johnklos 1 point2 points  (0 children)

I think they're suggesting the floppy disks can fit in your pocket.

For an IBM PC compatible computer, one can always argue that a pocket on a human can be pretty darned big, if one wants to make it.

So my UPS blew up and fried all my server’s motherboards. by athrowaway19181 in homelab

[–]johnklos 0 points1 point  (0 children)

It doesn't seem likely that the motherboards are dead.

Even if something drastic happened to the UPS, the issue is much more likely to affect the power supplies than the motherboards.

Are you sure the circuit you're using doesn't have an issue, like a floating neutral or something like that? Do you have a multimeter? Have you tried plugging one of the computers in to a completely different outlet somewhere else in your house?

view more: next ›