Findmysec

joined 4 months ago
[–] Findmysec@infosec.pub 1 points 4 months ago

Qubes OS doesn't have GPU acceleration using Virtio-powered interfaces if that's something you need. Also it's based on Xen and you are not encouraged to mess around with dom0.

TBH if there's a way that you can attach to the display output of a VM with a GUI when you start your computer, it will probably fit your use-case perfectly. I haven't found a method to do this but I think there should be some way to attach directly to the display of a VM after booting up.

[–] Findmysec@infosec.pub 2 points 4 months ago (4 children)

I'm an old timer and was recommended tachiyomi a lot, but these days I just go online TBH. Most manga isn't worth it for me to keep

[–] Findmysec@infosec.pub 5 points 4 months ago

Those remote access fears can be solved with a wireguard VPN

[–] Findmysec@infosec.pub 2 points 4 months ago

They do, but VRAM. Unfortunately, the cards that do have that much of memory are used by OEMs/corporations and are insanely pricey

[–] Findmysec@infosec.pub 2 points 4 months ago

I don't know why people are recommending apps like Navidrome and Jellyfin when it isn't a music server that you're looking for but a way to share the music collection.

With that said, I can think of 2 approaches, and (likely) the easier option will be to use the help of such a server. Both will require a VPN server in the cloud which will be redirected via NAT/reverse-proxy into your network.

  1. Use something like Navidrome with LDAP/Auth solutions like Authelia. User has to authenticate themselves to access their account on the service like something in the cloud.

  2. To offer more barebones access to the underlying storage directly: set up NFSv4 for Kerberos.

[–] Findmysec@infosec.pub 1 points 4 months ago

Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn't the most trivial thing. With that said, dekstop linux/windows isn't a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there's a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I'd like find a way to do it just for browsers on Android using adb if possible

[–] Findmysec@infosec.pub 4 points 4 months ago* (last edited 4 months ago) (1 children)

Running a CA is cool however, just be aware of the risks involved with running your own CA.

All they say that if the private key is stolen then you're screwed. Think about it, if an attacker can:

  1. Get into your network.
  2. Presumably bypass key-based ssh/container runtime protections
  3. Access pod/VM which is running the CA
  4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
  5. Steal private key without you knowing from your logs

You have a much bigger problem my friend

[–] Findmysec@infosec.pub 7 points 4 months ago (2 children)

why is creating one's own CA the wrong way? I don't want to have to pay cloudflare or porkbun to run HTTPS at home

[–] Findmysec@infosec.pub 10 points 4 months ago* (last edited 4 months ago)

The easiest way is to pay for a public domain, use a subdomain of that which does not have an A record on the wide internet, and then use certbot to get Let's Encrypt certificates for them and auto-renew. Stuff these in your individual reverse-proxy instances (or propagate them, no idea how) and you're done

[–] Findmysec@infosec.pub 3 points 4 months ago

So, you want an LDAP server or a forum? That's either FreeIPA or hosting Discourse

[–] Findmysec@infosec.pub 1 points 4 months ago

Is there an SLA on the Hetzner storage boxes? What do you think about their reliability (will they recover if their underlying hardware fails?)

[–] Findmysec@infosec.pub 2 points 4 months ago (1 children)

How much does OVH cost you for storage?

view more: ‹ prev next ›