• 1 Post
  • 946 Comments
Joined 3 years ago
cake
Cake day: June 18th, 2023

help-circle
  • I wonder what you are securing against?

    OK, you’re familiar with vulnerability scanners and port scanners right?

    The threat model here isn’t really attackers specifically targeting your home network for any particular reason (unless you’re a LastPass engineer working remotely while running an exposed Plex server). They’re not looking for you, they’re looking for anything useful.

    The threat model is attackers using scanning tools to discover vulnerable systems connected to the Internet. All they need from you is an active connection and a system that can store data, from which they can host malware files for distribution to other targets or conduct attacks or just run a cryptominer (if you’re lucky and they’re not very ambitious). They can find this by scanning for open ports and then running a vulernability scanner to figure out if there’s some exposed hardware that can be exploited.

    An unsecured system is a hazard that could land you in jail when someone else starts using your device and network connection to commit crimes.

    Now, as long as you’re behind a standard residential network service, and your ISP is in control of your gateway device, you’re relatively safe from this. Most ISPs will block any traffic like that very strictly. If your ISP is in control of your gateway device then they’re responsible for its behavior (demarcation matters).

    But, most self-hosters run into limitations with their ISP blocking a lot of ports by default, because they want to access their personal server from outside their home, and so they take control by running their own gateway device or paying for a business connection which gives them complete control over which ports are open. This is where the risk comes in. You are assuming the responsibility for properly securing your connection to the public Internet, taking it off your ISP’s hands.

    If you’re going to do this, you should know exactly which ports you have open to the outside and why, and a general idea of what traffic you expect to see on them when and how much. Monitor that traffic at your firewall. Every other port should be closed and your firewall (on your router, gateway device, or better yet a dedicated OPNSense firewall) should be configured to drop packets received by closed ports (“stealth” mode). You don’t want it to respond that those ports are blocked, you want it to appear to not be there at all.

    Every other security implementation is a secondary concern for a home network. Yes you should patch your software regularly and you should practice deny-by-default and least-privilege as a matter of course, but you’re going to mitigate 90% of your risk by just not accepting incoming connections for anything you don’t need. Most vulnerable systems are discovered by automated scanning, so the less your system responds to external connections the better. If you’re going to worry about configuring, securing and patching one device, make it that front line firewall. And be very selective about which internally hosted services you expose externally.



  • Moving to another country is complicated and difficult even under normal, stable circumstances. Doing it successfully (not ending up broke and homeless with no support) requires a lot of planning and money, or else a lot of help from someone else.

    Even if the other country is willing to let you immigrate, and you have good prospects for a regular income and a stable living situation, you have to leave friends and family behind. That means leaving your support system. If you have children that’s going to be very difficult. If you have aging parents that you support, or other family with medical issues, it may be impossible.

    Really, the only people who think picking up and moving to another country is something you can just do are young, single, above the poverty line, and have no dependents.




  • Well, credit to Wikipedia and the people who spend so much time maintaining the articles there.

    One other note I’ll make, just to avoid misinterpretation: repeating this information in this context might make it seem like I am particularly critical of the US, but I am not.

    Very few other nations have such a legislative history of various groups being explicitly enfranchised. This is because in most other nations, disenfranchised groups are rarely if ever enfranchised throughout the nation’s entire history. The fact that the US has so many such instances in its legal history puts it in front of other nations in this context, not behind.

    Dealing with bigotry in the US has been a long and violent process, and we’re not done, but at least we are dealing with it.








  • Bigotry was not one of our founding principles.

    You say that, but…

    1790: The Naturalization Act of 1790 limited citizenship to “free white persons.”[23] In practice, only white male property owners could naturalize and acquire the status of citizens, and the vote.

    The 1828 presidential election was the first in which non-property-holding white males could vote in the vast majority of states. By the end of the 1820s, attitudes and state laws had shifted in favor of universal white male suffrage.

    It was not until the passing of the Fifteenth Amendment that men of all races were allowed to vote:

    1870: The Fifteenth Amendment prevents state governments and the federal government from denying the right to vote on grounds of “race, color, or previous condition of servitude”.

    And it would be another 50 years before women were granted the right to vote:

    1920: Women are guaranteed the right to vote in all US States by the Nineteenth Amendment. In practice, the same restrictions that hindered the ability of poor or non-white men to vote now also applied to poor or non-white women.

    There’s some other interesting bits in here:

    1943: Chinese immigrants given the right to citizenship and the right to vote by the Magnuson Act.

    1948: Arizona and New Mexico became one of the last states to extend full voting rights to Native Americans, which had been opposed by some western states in contravention of the Indian Citizenship Act of 1924.

    1965: Protection of voter registration and voting for racial minorities, later applied to language minorities, is established by the Voting Rights Act of 1965. This has also been applied to correcting discriminatory election systems and districting.

    1966: Tax payment and wealth requirements for voting in state elections are prohibited by the Supreme Court in Harper v. Virginia Board of Elections, under the Equal Protection Clause of the Fourteenth Amendment.

    https://en.wikipedia.org/wiki/Voting_rights_in_the_United_States#Milestones_of_national_franchise_changes

    So… it seems like the bigotry has kind of always been part of the system, and had to be specifically legislated against ex post facto.



  • You are running into the ultimate, and ultimately unavoidable, limitation of self-hosting, which is the self.

    You should run a VM on the VPS for Vaultwarden, with no other services in the VM except whatever you need to connect to it remotely. Keep it simple. Run an exact copy of the VM on your local server. Have the VPS instance push its database to the local instance regularly, to keep up with any changes that your users make. Make regular backups of the local instance.

    When you need to update the software, freeze an image of the local VM and then update the local VM, then when you’re sure it’s stable, copy the updated local VM to the VPS. If either the local or VPS instance crashes out, you should be able to recover (or reproduce) one from the other.

    In the end though, it is functionally impossible to ensure reliability by yourself. Hosting Vaultwarden on a VPS shifts the responsibility for running the underlying server and network connection to the provider, and probably removing the dependence on your residential network connection will be better for your family/users.

    You are still the weak point in your system. You need someone else who can log in to your local server, and into the VPS, and perform recovery if needed. There is no technical solution for this. You cannot be the sole admin, and also ensure reliability for other users.






  • Rosen misses what he considers to be a bygone era of elite dominance. Lamenting the current state of democratized influence, Rosen says “the old gatekeepers were political professionals who could count cards; small dollar donors today are amateurs yanking the handles of ActBlue slot machines.”

    Abundance adherents often bristle at the suggestion that the project is orchestrated by Silicon Valley elites. But as the leaked documents demonstrate, Rosen and his colleagues clearly view it as such, and even frequently use the word “elite” by choice.

    ROSEN OPERATES AT THE NEXUS of tech titans’ “hostile takeover” of San Francisco politics through a “grey money” network, documented in reporting from The Guardian and Mission Local. The Phoenix Project has dubbed this overlapping set of organizations and campaigns the “Astroturf Network” and detailed its operations in a set of reports and a pair of influence maps.

    These people are villains.