John
Wrangler of imaginary computers. Dodger of orange cones. Recovering player of Stadia. Antecedent of he/him.
Joined Dec 2020
π¨ π¨ π¨
Heads up #DevOps folks - #Gitlab has a couple of CRITICAL security vulnerabilities (10/10), one of which could allow for complete account hijacking without any user interaction. That's, uh, not great.
Fortunately we have fixes for all of these vulns; you just need to be sure the updates get applied in your environment.
Go do it. NOW.
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
What a time to be alive!
"Researchers Install Ransomware on Internet-Connected Wrench"
https://www.404media.co/dr1llcrypt-researchers-install-ransomware-on-internet-connected-wrench/
I am once again urging you not to use `thingadmin` as the password to secure your `thing` account.
And pls pls pls pls pls pls pls enable MFA - even SMS-based MFA is still better than no MFA.
I've deployed several new-to-me self-hosted services over the past few days:
- https://miniflux.app/ for #RSS
- https://immich.app/ for #photos
- https://github.com/sissbruecker/linkding for #bookmarks and link sharing
What else am I missing?
/ #SelfHosting #CoSoTech
Anyone have a favorite self-hosted #RSS aggregator thing?
I'm playing a bit with https://miniflux.app/ and like it so far, but wondering if there's another killer app I'm not aware of.
I threw together a quick Salt state to streamline deploying netdata and proxying it with Tailscale Serve on all of my systems:
https://runtimeterror.dev/salt-state-netdata-tailscale/
It's not particularly robust or elegant, but it did the trick for configuring my dozen-or-so minions at once.
I put together some quick notes on using some of my favorite #Tailscale features: SSH, Serve, and Funnel.
I just recently discovered netdata (https://github.com/netdata/netdata) and have started using it for lightweight local monitoring of some of my systems.
It's really slick!
#SteamDeck + #Tailscale + #Nix
These are my favorite things.
https://www.reddit.com/r/Tailscale/comments/183ppq1/steam_deck_using_nix_install_guide/
I've been using #Cloaked for a few months now, and I can't imagine going back to life before Cloaked. Quickly spawning a new identity (working email and phone number along with the usual username+password stuff) for each online account or interaction is liberating. Cloaked lets me control the effective blast radius of my personal data.
Anyhoo, you can currently save a whopping 75% on an annual subscription with the code CYBERCLOAK.
And there's the post-mortem:
https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/
Should be a good read, as always.
Ooh, this is handy - easily connect to / interact with #Tailscale nodes right from the comfort of your #VSCode window:
https://marketplace.visualstudio.com/items?itemName=Tailscale.vscode-tailscale
/nosanitize
Cloudflare is having _a time_ and I can't WAIT to read the after-action blog post!
"Cloudflare is assessing a loss of power impacting data centres while simultaneously failing over services."
I really love it when cloudflare breaks because then we get cool posts like these:
https://blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/
I've been using Cloaked for a few weeks and have been hugely impressed by the product. Being able to create complete identities on the fly for online accounts, signing up for rewards programs, or just establishing contact with new people and companies is kind of liberating. It's awesome having control over who has what information about me. The team really embraces "Privacy by Default" and it's great to see.
In case you ever find yourself trapped inside a vim session, here are some simple tips:
#OpenTF is now #OpenTofu, the free open-source fork of #Terraform:
I sense a new `tofoyolo` alias in my shell's future...
#CoSoTech #Tech #CoSoSec #Security
π Don't π sync π MFA π secrets π to π the π cloud π
- Don't put them in your password manager, no matter how convenient that may be. In the unlikely event that someone gets into your PW DB you *don't* want to also give them all your MFAs.
- Don't sync them with a third-party app/service, which automatically becomes a priority target.
- And DEFINITELY don't sync them in an already-high-value account, like your Google account.
I put together some quick notes on how I set up a self-hosted instance of ntfy.sh and started using it for easy push notifications from my various servers and other systems.
I'm really impressed by how easy it was to configure and how well and reliably it works. I'll definitely be setting up a gratuitous number of notification hooks for everything I can think of now.
https://runtimeterror.dev/easy-push-notifications-with-ntfy/
It took me all of five minutes to get ntfy.sh (self-hosted) running on one of my cloud VMs and send my first test push to my phone.
Less than an hour later, I've got all my other servers set up to send a simple notification with an authenticated curl POST when they finish booting.
I'm VERY pleased with ntfy.sh so far, and the docs are really impressive and helpful too. My mind is spinning with all the other stuff I'm gonna set up with this!
John
Wrangler of imaginary computers. Dodger of orange cones. Recovering player of Stadia. Antecedent of he/him.
Joined Dec 2020