Max-P

I keep hearing claims that it’s not secure enough to be exposed on the Internet, but I can’t seem to find anything about unauthenticated vulnerabilities. It’s got a fair amount of CVEs but they all seem to affect when you’re an already authenticated user, mainly to XSS an admin as a regular user or the likes.

It’s written in C#, and publicly all you can do is pretty much attempt to log in, this feels like it should be pretty sane compared to some other PHP crap I run.

Do you have any examples of previous exploits or anything else to be concerned about?

deleted by creator

I think it counts. You always have the option of taking your data with you and go elsewhere which is one of the main points of self-hosting, being in control of your data. If they jack up the prices or whatever, you just pack up, you never have to pay or else.

Also hosting an email server at home would be an absolute nightmare, took me 10+ years to get that IP rep and I’m holding on to it as long as I can.

I have a mix of it: private services run at home, public ones run on a bare metal server I rent. I still get the full benefits of having my own NextCloud and all. Ultimately even at home, I’d still be renting an Internet connection, unless you have a local only server.

It’s literally been working just fine for like a decade? Even for NVIDIA users that’s kind of a stretch.

Maybe if you share more details about your issues and your setup we can help fix it.

NixOS isn’t a bad option, I’m not sure how much you can trim it down but I’d expect it to be possible to express in Nix to install to a target that’s different from the host. Maybe not NixOS but Nix itself as a package/config manager. I’m sure at minimum it makes for a great development environment for building a buildroot.

It’s hard to give concrete advice without knowing the specs or the software you want to run on this, but for tiny Linux systems there’s Buildroot so you can compile just the bare minimum you need and not use a distro at all (unless you could Buildroot as a distro). This is what OpenWRT uses to build all the router firmwares among other things.

For something that would go in a car that seems pretty ideal to me. Skip initializing things you won’t use, make something that boots to GUI in 3 seconds. When you want to update the software you flash it as a new firmware image, no on-device installing or anything.

Depending on what you run, ideally you’d skip Xorg/Wayland and use the framebuffer directly. But if you need to run a more standard environment, that’s what things like Cage are designed for. Single app, always full screen. It’s called a kiosk environment.

Is it directly exposed over the Internet? If you only port forward the VPN on your router, I wouldn’t worry about it unless you’re worried about someone else already on your LAN.

And even then, it’s really more like an extra layer of security against accidentally running something exposed publicly that you didn’t intend to, or maybe you want some services to only be accessible via a particular private interface. You don’t need a firewall if you have nothing to filter in the first place.

A machine without a firewall that doesn’t have any open port behave practically the same from a security standpoint: nothing’s gonna happen. The only difference is the port showing as closed vs filtered in nmap, and the server refusing to send any response not even a rejection, but that’s it.

Proton is Wine but tweaked for the sole purpose of running games, so it packs a bunch of extra stuff needed to make games run well together.

Usually there’s also a long list of per-game tweaks and changes to make sure it runs, it’s all preconfigured so you press play in your launcher and it works. Not need to change settings whenever you want to play a game.

You can still use regular Wine but you’ll have to set up a bunch of stuff yourself, and eventually you run into a game that needs a different version of something that breaks another game, you get into prefix management and it’s a mess. Or oh this game runs better when we pretend to be Windows 7 but this one works best with Windows 10. Proton just does it all for you, every game gets its own space with all the correct settings from the get go, and you just launch into the game and play.

Honestly a VPN that doesn’t support Linux at least through manual connection settings, run away. All reputable and even the sketchier VPN providers support Linux, because that’s what the privacy crowd uses, not supporting it implies those aren’t even the target user base at all. It’s a red flag. It’s not a VPN for privacy or getting another country’s Netflix.

I’d trust Norton about as much as my ISP, so unless you use public WiFi somewhat often, it doesn’t add much value, just the downsides of captchas everywhere. They’re probably analyzing the traffic to map out malware campaigns and such, which would make sense but isn’t very private.

The business model of antivirus companies is fear, and they sell the solution to that fear. They have a VPN because people assume VPN means more security, of course they’ll sell you one. At best they block known malware domains and IPs, which is utterly useless on Linux anyway.

If you want a VPN get a real VPN.

Proof of work is what those modern captchas tend to do I believe. Not useful to stop creating accounts and such, but very effective to stop crawlers.

Have the same problem at work, and Cloudflare does jack shit about it. Half that traffic uses user agents that have no chance to even support TLS1.3, I see some IE5, IE6, Opera with their old Presto engine, I’ve even seen Netscape. Complete and utter bullshit. At this point if you’re not on an allow list of known common user agents or logged in, you get a PoW captcha.

Envoyer des gens désespérés dans les églises c’est ptête pas la meilleure idée. Y vont tous se faire brainwasher.

Back in the days we’d get free hosting and slap phpBB on it. Run for kids by kids, no pesky adult rules!

Those were the days. No credit cards needed, no nothing, just free 50MB of Apache/MySQL/PHP4 hosting with no strings attached.

If the fediverse was a thing I’d probably have had my own instance starting age 14-15ish.

I was totally above 13 or had parental consent when I went to forums in the early 2000s. I totally wasn’t actually 9.

It’s wild to me this concept disappeared? It’s literally never been a good idea to reveal you’re a minor online. The laws are against you. Companies don’t want to deal with a curated minor experience, even less so in the current times. If they do, you get the crappier version of things.

The worst thing to happen to the Internet is when Facebook normalized using your real name and real info online.

A lot of those identify as christian because of cultural heritage and because it’s the “not some brown people’s religion” but are non-practicing or straight up non-believers otherwise. Those that do maybe go in the church once a year for the christmas stuff

The churches are packed with mostly tourists and the parking lot is filled with Ontario plates.

You’re just not gonna find many nutjobs like the rest of Canada and the US here. Even my grandparents pretty much just go out of habit from the old times. I haven’t once been in a religious argument in Québec my whole life. It’s basically unavoidable in the US.

The quiet revolution is a fairly interesting piece of history.

A good chunk of them have already been converted into condos and shops. I even hooked up with a guy that lived in one of those.

Christianity died in the 70s in Québec, you won’t find many people under like 40 that still gives a crap about religion in Québec.

It’s not impossible, been running my own email server for about 10 years and I inbox pretty much everywhere. I even emailed my work address and straight to inbox. I do have the full SPF, DKIM and DMARC stuff set up, for which I get notices from several email provides of failed spoof attempts.

Takes a while and effort to gain that reputation, but it’s doable. And OVH’s IPs don’t exactly have a great reputation either. Once you’re delisted from most spam databases / old spam reputation is expired, it’s not that bad.

Although I do agree it’s possibly one of the hardest services to self host. The software to run email servers is ancient and weird, and takes a lot to set up right. If you get it wrong you relay spam and start over, it’s rough.

Ordered two drives from them, came in very well packaged and even included the PWDIS adapter. Very good deals. Could throw the box across the yard and the drives would probably survive.

As a starting point. Are there any hardware recommendations for a toy home server?

Whatever you already have. Old desktop, even old laptop (those come with a built-in battery backup!). Failing what, Raspberry Pis are pretty popular and cheap and low power consumption, which makes it great if you’re not sure how much you want to spend.

Otherwise, ideally enough to run everything you need based on rough napkin math. Literally the only requirement is that the stuff you intend to run fits on it. For reference, my primary server which hosts my Lemmy instance (and emails and NextCloud and IRC and Matrix and Minecraft) is an old Xeon processor close to a third gen Intel i7 with 32GB of DDR3 memory, there’s 5 virtual machines on it (one of which is the Lemmy one), and it feels perfectly sufficient for my needs. I could make it work with half of that no problem. My home lab machine is my wife’s old Dell OptiPlex.

Speaking of virtual machines, you can test the waters on your regular PC by just loading whatever OS you choose in a virtual machine (libvirt if you’re on Linux, VirtualBox or VMware otherwise). Then play with it. When it works makes a snapshot. Continue playing with it, break it, revert to the last good snapshot. A real home server will basically be the same but as a real machine that’s on 24/7. It’s also useful to test things out as a practice run before putting them on your real server machine. It’s also give you a rough idea how much resources it uses, and you can always grow your VM until it fits and then know how much you need for the real thing.

Don’t worry too much about getting it right (except the backups, get those right, verify and test those regularly). You will get it wrong and eventually tear it down and rebuild it better what what you learn (or want to learn). Once you gain more experience it’ll start looking more and more like a real server setup, out of your own desire and needs.

I feel like a lot of the answers in this thread are throwing a lot of things with a lot of moving parts: Unraid, Docker, YunoHost, all that stuff. Those all still require generally knowing what the hell a Docker container is, how to use them and such.

I wouldn’t worry about any of that and start much simpler than that: just grab any old computer you want to be your home server or rent a VPS and start messing with it. Just pick something you think would be cool to run at home. Anything you run on your personal computer you wish was up 24/7? Start with that.

Ultimately there’s no right or wrong way to do things. It’s all about that learning experience and building up that experience over time. You get good by trying out things, failing and learning. Don’t want to learn Linux? Put Windows on it. You’ll get a lot of flack for it maybe, but at the very least over time you’ll probably learn why people don’t use Windows for server stuff generally. Or maybe you’ll like it, that happens too.

Just pick a project and see it to completion. Although if you start with NextCloud and expose it publicly, maybe wait to be more comfortable with the security aspect before you start putting copies of your taxes and personal documents on it just in case.

What would you like to self host to get started?

deleted by creator