BEEP IS HACKED edition! + use the new privacy focused DNS by cloudflare 1.1.1.1 + run your own DNS server edition: zwischenzugs.com/2018/01/26/how-and-why-i-run-my-own-dns-servers/ + RISCV Homeservers NOW Are you interested in learning Linux or BSD administration and configuration better. Becoming a systemd expert? Or maybe you hate that shit and want a cozy little BSD machine to run services on and interact with. Or practice more advanced and complicated networking setups.
>news: > BEEP is HACKED. > PATCH IS HACKED. > WE. ARE. FUCKED.
What is your experience with source based distros for a server?
Christopher Gutierrez
>+ use the new privacy focused DNS by cloudflare 1.1.1.1 >privacy >Cloudflare
Jace Jones
gentoo is absoluetly fine
Kevin Hill
>server died few months ago >too lazy + didn't had the time to get a new one >finally order something It should come next week.
I'm actually wondering which distro I should install on it. For some reason I tried arch last time and it was actually not that bad. I'll fall for the gentoo meme.
Also, I already found a sys admin job offer. All their servers were running gentoo
Hunter Gomez
how to make deluged run on startup?
Carson Walker
>+ use the new privacy focused DNS by cloudflare 1.1.1.1 In the end, is there any agreement on this ? Is it really secure or just a way for them to datamine you. Can we be sure they are safe ?
Leo Williams
I run a music streaming service and a torrenting daemon on my shitty server. I only have port 22 forwarded and I connect to these services using firefox and ssh tunneling. Should I use SSL?
>holeybeep.rockstarninjaguru >How do I uninstall Linux? >Please follow these instructions. kekd nah m8 that's security by observation
Thomas Gutierrez
Switch default port, enable pubkey authentication and install/configure fail2ban.
Jace Adams
>unit And people wonder why systemd is shit.
Easton Robinson
>enable pubkey authentication enable pubkey authentication AND DISABLE password authentication
John Reed
>trusting cloudflare Consider sudoku
Samuel Mitchell
I tried Deluge and what the FUCK is this pinko commie bullshit? >set seed ratio to 0 so torrents stop on completion >changes itself back to .5 Yeah nah cunt, fuck you got mine. You can shove that hammer and sickle right up your starved ass. God Bless America.
>+ use the new privacy focused DNS by cloudflare 1.1.1.1 How do I use this again? I tried putting it on my router but after I restart it I can't connect at all to the internet. Same thing happened when I tried to use AdGuard dns. The only dns addresses that work in my router are google and opendns. Do I have to register or something to use those dns or is my router at fault here?
Henry Green
Are there any decent cheaper alternatives to 4-bay x86 synology and qnaps? Looking for something tiny and quiet to replace my old space heater.
Nolan Gonzalez
You need to modify the conf - I can't remember the exact name, but it's pretty obvious when you are looking at the files.
Hunter Scott
morning hsg, thinking about getting a ODROID to program in assembly with. Crazy or good idea?
Connor Smith
Fucking hell, my power went out yesterday for like 4 hours. What is the cheapest backup UPS /combo that I can get that will push past the two hour mark? On 800+ watts?
800 watts for over two hours? Only way you can do that is a generator. With all the associated problems like needing to position the thing outside so it doesn't give you carbon monoxide poisoning, while wiring it to things inside, and being around to manually start the thing when the power goes out. A UPS that can give you 800 watts for two hours on its own is well into "if you have to ask, you can't afford it" territory.
Kevin Taylor
I need IPtables help. I have one interface for talking to the internet with a public IP, and one that is used for talking to the other devices on the home network, via switch. None of the services will be listening on the interface directly connected to the internet with a public IP. What do I need to do to secure it?
Samuel Green
First, use nftables instead, it's much nicer and every vaguely recent distro has it. (if you're running kernel 3.18 or newer you should be good) Second, be a little bit more precise here. I take it this machine is your router, and you want to run services on it, and make sure that they are only listening for connections from your LAN and not from the internet? Depending on the service, you might not need your firewall's help at all, many things can be told directly "only accept connections from this address range". If you want to be sure you can always add a rule to explicitly drop connections from the WAN interface to the port your service is listening on. But it's better to have a default-deny policy anyway. Allowing inbound connections by default and blocking things manually, that way lies madness.
Charles Morgan
I just want to know what firewall rules are necessary for an interface connected directly to the Internet with no services listening on it.
Gavin Gutierrez
Unrelated to this general just stopping by but I finally got on gigabit ethernet and feel like I was living like a caveman before. I was previously using 5GHz AC wifi @ 433mbps for casual networking (not home server) with a fingernail sized USB adapter and the signal quality was shit.
Carry on, maybe one day my autism will ascend to yours. But for now the 100MB/s end to end is blowing me away.
Luke Rodriguez
>beep is hacked
chmod -s `which beep`
Aaron Rodriguez
I leave my SSH port 22 open on purpose. It's pubkey only so I don't give a fuck. Plus it's amusing to see bulgarians trying creds.
Parker Rivera
>tfw still no fiber They put the cables in my street, so it's a matter of weeks before I get it. I hope ?
Bentley Miller
I only pay for 18/2 from my ISP but bitched so hard about the poor service on the old plan/router they gave a "free upgrade" (botnet included) to an AC/Gigabit one. I'm not complaining though as I'll use the speeds locally to my benefit.
I can't imagine fiber. Downloads finishing within a couple minutes like back in the old days of faster internet? Whoa.
Kayden Brooks
Allow established and related connections, then deny everything. This is essentially what NAT does anyway, but do it explicitly, since if your ISP gives you IPv6 then NAT won't protect anything.
I had some chucklefuck in China who tried to door on port 22 from the same IP once a minute for over a week until I got around to blocking him. He wasn't even getting to the auth phase, every connection failed because he was only offering DH-SHA1 MACs that I told sshd not to accept.
Jace Williams
i ran sudo systemctl enable deluged and it didnt run on startup
Bentley Thompson
The connection can be more secure to CloudFlare's DNS servers than most other public servers. So technically DNS leaks should be less likely if that's a concern. Whether you trust CF to treat your data well or not is mostly up to you. They say they've been externally audited and can't access your info but I don't think anyone except CF engineers and the NSA can say for sure.
In general I think they're a better option than using your ISP/gateway's DNS (because they definitely sell your shit) but probably more vulnerable than having your own recursive nameservers. If you do host your own just please for the love of fuck secure your shit because otherwise you'll just be another bot in DNS amplification DDoS attacks.
Connor Parker
Don't try and keep it running for two hours, not worth it at all. You just want one that can keep it powered long enough to finish a safe shutdown.
Kayden Morris
>secure your shit because otherwise you'll just be another bot in DNS amplification DDoS attacks. By hosting your own DNS server, can't you decide either if you make it public or not ?
Mason Watson
No sense in changing it if you allow only pubkey and don't allow root. Port scanners will pick it up whichever port you use for it.
Anthony James
Not really. Pick a random port and port scanners will not pick it up. They totally can, and would if they spent time scanning all your ports, but the fact is that they don't do that. They just do a 10-30 most popular ports scan on each IP in the range 0.0.0.0/0
Evan Nelson
Yes but people sometimes make it public so they can keep using it while mobile without a VPN..
Logan Collins
I would generally say use SOCKS via ssh -D proxies instead of VPN.
Connor Gomez
Here's a few reasons to use a VPN over SSH tunnels: Client software is available on basically all devices and is generally easier to use once a configuration is created Keys+configs are easier to manage and distribute Easier to forward DNS only, rather than all browser/system traffic
Ayden Murphy
What's a good way to make a media center with a linux distribution ? All it will do is stream music or video to other devices either locally or via the net. Server doesn't have a GUI if that could be problematic
Anthony Baker
Simplest solution is just run a file server. If you want transcoding and pretty interfaces look at plex or emby.
I chose FreeBSD specifically because it lets me do either. Source based when I need it, binary when I don't. It's great because I only have to learn 1 OS regardless of what platform I use and regardless of how I want to use it.
>use official binary packages if available and no need to customize the builds or >setup cross compile package server >point low resource board at it >install third party software from myself or >download ports and compile software on the target system
This was my main draw to the system. The cool thing though is that with projects like pkg-src you can essentially turn any OS into that. People use the Arch build system on Windows as well which is cool. There's stuff like MacPorts.
I really like seeing third party, portable, source+package management solutions. If only for ubiquitous sake. I'd like to see people do more with the Gentoo solution since people say it's really nice. Imagine having that as an option.
