spottyPotty

joined 11 months ago
[–] [email protected] 1 points 11 months ago

Ssh with ed25519 pubkey access and password login disabled works fine for me. I have access from my phone via termux and any other terminal software.

As far as your changing ip goes, you could have a cron job that periodically checks your current IP and notifies you of changes over telegram or other method.

[–] [email protected] 1 points 11 months ago

I was thinking of creating a power management module myself that would have had a raspberry pi receiving periodic battery level readings and controlling a relay accordingly but the battery on the laptop was already messed up.

I don't know whether it's possible to recondition a messed up battery by managing the charge cycles.

[–] [email protected] 1 points 11 months ago (2 children)

Depending on your laptop's battery management system, keeping the laptop constantly connected to your charger could damage the battery and severely reduce its capacity. That happened to 2 batteries on my Dell xps 13

[–] [email protected] 1 points 11 months ago

sudo certbot certonly --manual --preferred-challenges dns -d

And it's a TXT record that you need to add.

[–] [email protected] 1 points 11 months ago

Because it's "everyone's MITM" it would make it a perfect spot for state actors to tap into in order to surveil pretty much everything without anyone being able to notice.

Yep, that's my main point

[–] [email protected] 1 points 11 months ago

You trust your employer, don't you friend citizen?

This is exactly the original point I was trying to make regarding cloudflare.

The point that i take from this tongue-in-cheek sentence of yours is that no, we should absolutely not trust our employer with our unencrypted traffic.

But then on the other hand there are loads of people on here saying that, yes, of course we should trust cloudflare with having access to all of the data flowing through it.

[–] [email protected] 1 points 11 months ago

Maybe it's my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You're right, r/privacy might be a better sub for this conversation.

In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

[–] [email protected] 1 points 11 months ago

To clarify, I did not mean MITM attack. It actually wouldn't make sense to say that cloudflare is a man in the middle attack, since it is a company and not an action.

I didn't include the word "attack" anywhere.

MITM is commonly used together with attack, so your misunderstanding is understandable. However the acronym just stands for Man In The Middle, which is why it is followed by "attack" in such situations.

[–] [email protected] 1 points 11 months ago

nginx can be configured to throttle connections and fail2ban to refuse them to mitigate this

[–] [email protected] 2 points 11 months ago

The question was a more general one, and not specific to my personal data needs.

The existence of such a ubiquitous centralised service that actually IS a MITM, whether they are malicious or not, seems curious to me.

As they say, if the product is free, then you are the product. If people accept, but recognise, a loss of privacy when using free services from Google and meta, for example, knowing that the data they provide is used for personalised ads, then how come CF's free tier isn't viewed with the same level of scrutiny?

[–] [email protected] 1 points 11 months ago (3 children)

Isn't this also what many companies do to monitor web-traffic from their network?

[–] [email protected] 0 points 11 months ago (6 children)

Then trusting root CAs is a non-issue?

 

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

view more: next ›