Served in the Krogan uprisings. Now I run a podcast

https://bdsmovement.net/get-involved/what-to-boycott

  • 0 Posts
  • 89 Comments
Joined 2 years ago
Cake day: June 12th, 2023
  • JoeKrogan@lemmy.worldtoSelfhosted@lemmy.worldwg-easy plus gluetunEnglish
    1·
    2 months ago

    I have something similar . I have WG on the host to access my services and gluetun in a container using openvpn for specific services.

    In my case I have the host wg pass through connections to the outside via iptables rules but I’m not forwarding the connection to gluetun. I have the ip of my server as my ip.

    In your case as you want a commercial vpn ip as your exit ip you would need to use iptables to pass traffic between the 2 networks .

  • JoeKrogan@lemmy.worldtoSelfhosted@lemmy.worldWhat's up? - Sunday weeklyEnglish
    8·
    2 months ago

    No issues at the moment but need to update a few containers when I get the chance. I also need to set up contacts sync in radicale for the address book and integrate it with Thunderbird and davdroid.

    In the near term I’ve been working on a plan to make sure my keepass db is accessible to my SO and family in the event of my demise. I recently lost a dear friend and had to gain access to his stuff for his family, luckily he didn’t have the linux partition encrypted so I got a recovery shell then remounted the disk and changed the password and could then also mount the windows partition once I logged in.

    It made me think as all my stuff is encrypted and there is no way someone would guess it nor crack it so I’m writing documentation and leaving it with family members.

    The documentation explains how to use keepass and who to contact for support. Im leaving the db with family members and the password with a select few people that dont have the db. My SO will have access to all the info too.

    I’ll update the db periodically and give them a newer version but keep the same password

    I encourage you all to consider this too.

  • JoeKrogan@lemmy.worldtoOpen Source@lemmy.mlXZ Hack - "If this timeline is correct, it’s not the modus operandi of a hobbyist. [...] It wouldn’t be surprising if it was paid for by a state actor."
    121·
    1 year ago

    I’m curious to know about the distro maintainers that were running bleeding edge with this exploit present. How do we know the bad actors didn’t compromise their systems in the interim ?

    The potential of this would have been catastrophic had it made its way into the stable versions, they could have for example accessed the build server for tor or tails or signal and targeted the build processes . not to mention banks and governments and who knows what else… Scary.

    I’m hoping things change and we start looking at improving processes in the whole chain. I’d be interested to see discussions in this area.

    I think the fact they targeted this package means that other similar packages will be attacked. A good first step would be identifying those packages used by many projects and with one or very few devs even more so if it has root access. More Devs means chances of scrutiny so they would likely go for packages with one or few devs to improve the odds of success.

    I also think there needs to be an audit of every package shipped in the distros. A huge undertaking , perhaps it can be crowdsourced and the big companies FAAGMN etc should heavily step up here and set up a fund for audits .

    What do you think could be done to mitigate or prevent this in future ?