I’ll put a recommendation out for if you’re going to open ports: use abnormal ports. Someone is likely to try to hit your port 22 for ssh, but not your port 49231.

Edit: It’s definitely some security by obscurity. Still use a strong password or keys.

For people who don’t mind it not being self hosted: Authy is good for this. You can also set a backup password (to encrypt your tokens on their servers) and optionally use it cross device.

You can allow multi device temporarily to setup, then disable to not allow new devices, etc.

(I get you didn’t ask this specifically, but figure it could be useful to someone else).

Yeah… but I think its overkill. The root cert would be on the same box somewhere nearby. Compromising the host has the same issue as plaintext.

This is likely a too late, but reasonable moment to say this server happens to be Windows based.

… for backup reasons.

(The tool used for online backup only allows home versions of Windows and local drives)

One day if I build a new one, I might start with a Linux base, though that kind of requires this one to be on its last leg before I get to that point. It’s running a processor/mobo that are 14ish years old… so maybe I should think more about it.

I think you hit the nail on the head with the true security being black box. The moment I need access, I’m making a hole.

I guess at the end of the day there is also a root of trust. In an enterprise setting a system giving out certs could be compromised and give out certs to the wrong people/machines. In a home setting, the machine being compromised has a similar affect.

Funny enough, I thought of using a USB stick or something as a physical security key, using that for a vault, then having secrets in the vault… but then realized I’d have to leave it plugged into the server, making it so anyone with server access would get the password anyways.

Makes me think that everything is security by obscurity at some level. The more obscure: the more ‘secure’.

It’s kind of like how an SSH key is generally considered more secure, but if I used password authentication and had a file with a 512 character random password, it would be more/less the same thing. Either way, we have the key in a file.

The problem is that would be so annoying/impractical. In an optimal world, yeah a person checking a prompt and approving could make sense, but in practice that would also mean that the MFA prompt would have to ask for the password anyways. (Or the password would be on the phone with the same problem as on the computer).

Can you imagine having to type a password on an hourly schedule or something? If the password was cached, we have the same problem again.

I thought that people who would eat fish but not other animals were pescatarians.

It could be related to more blood flow to the brain and less to extremities.

… I am not a doctor. Recommend asking a doctor.

I’ve never tried it, but I think Amazon now has the ability to do virtual medical visits in some places.

Maybe that could work as a second opinion?

When I get stock from work, I have to pay tax on the value at the time as if it was just regular cash coming in (even if i don’t immediately sell). It gets added into my W2. It’s really annoying since it leads to a bigger tax bill come tax season … why doesn’t that happen for them?

I’ve never met someone like this but have heard its a thing for some.

Raise taxes on people making billions of dollars a year. Redo the tax code to make it impossible for them to avoid paying a fair share.

Also while were at it, I’d be in favor of a maximum allowed compensation (for hot shots) based off the salary of rank and file employees.

If you have media: Plex.

On your feed there are:

Subscribed is what you said. Local is just your home Lemmy instance. All is everything (that wasn’t blocked).

I imagine how the check folks is related to local legislation.

Those AI systems will happen either way. Take the EZ-Pass example. It wouldn’t surprise me if they want to use facial recognition to cross reference the driver with the plates on the car to find a kidnapper.

I understand that this stuff could be used for… evil … but acting like they can be stopped from being developed is like saying no country should make nukes. We still make nukes… and this tech. The only ones who don’t do it are the ones who fall behind.

You can slow it down maybe but you can’t stop it.

People say the same thing about AI like chatgpt: we should slow it down or pause it till yadayada. Anyone who ‘pauses’ is just hiding results longer.

Honestly living in a world with great facial recognition could have benefits. Would be cool to be able to shop without needing my wallet or phone and have it charged to me automatically based off my face. My Google Photos has facial recognition and I think it’s a great feature… I wish it worked even better.

Yep! The credit agencies are very likely to get your data when applying for a credit card or loan or etc. So they have basically everyone at some point. Honestly the only other info Zuck has on me is random photos from 10 years ago.

I guess I don’t care about lots of data things normally. Honestly at this point I care more about the Elon V Zuck fight.

There is no semblance of privacy anymore. Most people need a bank account or a credit card. Boom someone has (some of) your data.

In the US, at that point, credit agencies also have (some of) your data.

Even in something like Lemmy, someone could easily scrape all the data about what you post/do/etc. At some level almost everything you do is public to some extent.

Edit since I thought of something else: Even if you drive in a big city: something is tracking your license plate. In NYC they do it for EZ-Pass, and in the Bay Area they do it for Fast-Trak.

Unless you have multiple systems, I don’t think k8s will yield much benefit over plain docker.