• 1 Post
  • 270 Comments
Joined 3 years ago
cake
Cake day: June 18th, 2023

help-circle
  • Ask your medical care provider about genetic testing. It’s a lot more affordable these days, and you should get a report on any genetic conditions you might be susceptible to. This keeps the test results within your medical record, with all of the legal protections that apply.

    Of course this won’t try to match you up with unknown family members like 23&me, but you can’t really do that and have privacy because it requires broad analysis of all available test results.




  • The bubble will pop, but I’m not convinced the hobbyist PC hardware market is going to recover.

    Realistically, the consumer market for PC components existed because there was a business market for desktop computers as employee workstations. That’s mostly dead now. Businesses mostly buy laptops or mini PCs for employee workstations, they have less and less need for desktop hardware because most of the computing tasks have moved to SaaS platforms. The consumer PC hardware market isn’t that profitable on its own, it exists on the margins of production for business purchasing, and it’s been coasting on momentum built up in the 2010s.

    Processor architectures are changing to support machine learning tasks, GPU production is shifting toward ML-specialization, and everyone in the design field is trying to remove the barriers between the CPU and the RAM, which means shortening the path, which means getting rid of the socket and end-user upgradability in favor of soldered components. With SaaS taking over everything in the business world, we’re trending back toward the mainframe computing model and away from powerful local hardware.

    I’m not saying there won’t be a consumer PC market in the future, I’m just saying that it will be different. There won’t be enough demand for common desktop components to keep the custom PC build market alive as it was five years ago.





  • More specifics are needed for a support request. Provide the baseline specifications please.

    What OS are you using? What is the make and model of the drive? Is it internal or external? USB? SATA? SAS? NVMe? A PCIe adapter? Is this a desktop, laptop, NAS, server, NUC, Raspberry Pi with an expansion board?

    For all we know you’re using a refurbished and relabeled SAS drive plugged into an adapter on an eSATA port on a 10 year old motherboard sitting in a cardboard box.

    Are you familiar with SMART? Have you done any diagnostics?








  • I wonder what you are securing against?

    OK, you’re familiar with vulnerability scanners and port scanners right?

    The threat model here isn’t really attackers specifically targeting your home network for any particular reason (unless you’re a LastPass engineer working remotely while running an exposed Plex server). They’re not looking for you, they’re looking for anything useful.

    The threat model is attackers using scanning tools to discover vulnerable systems connected to the Internet. All they need from you is an active connection and a system that can store data, from which they can host malware files for distribution to other targets or conduct attacks or just run a cryptominer (if you’re lucky and they’re not very ambitious). They can find this by scanning for open ports and then running a vulernability scanner to figure out if there’s some exposed hardware that can be exploited.

    An unsecured system is a hazard that could land you in jail when someone else starts using your device and network connection to commit crimes.

    Now, as long as you’re behind a standard residential network service, and your ISP is in control of your gateway device, you’re relatively safe from this. Most ISPs will block any traffic like that very strictly. If your ISP is in control of your gateway device then they’re responsible for its behavior (demarcation matters).

    But, most self-hosters run into limitations with their ISP blocking a lot of ports by default, because they want to access their personal server from outside their home, and so they take control by running their own gateway device or paying for a business connection which gives them complete control over which ports are open. This is where the risk comes in. You are assuming the responsibility for properly securing your connection to the public Internet, taking it off your ISP’s hands.

    If you’re going to do this, you should know exactly which ports you have open to the outside and why, and a general idea of what traffic you expect to see on them when and how much. Monitor that traffic at your firewall. Every other port should be closed and your firewall (on your router, gateway device, or better yet a dedicated OPNSense firewall) should be configured to drop packets received by closed ports (“stealth” mode). You don’t want it to respond that those ports are blocked, you want it to appear to not be there at all.

    Every other security implementation is a secondary concern for a home network. Yes you should patch your software regularly and you should practice deny-by-default and least-privilege as a matter of course, but you’re going to mitigate 90% of your risk by just not accepting incoming connections for anything you don’t need. Most vulnerable systems are discovered by automated scanning, so the less your system responds to external connections the better. If you’re going to worry about configuring, securing and patching one device, make it that front line firewall. And be very selective about which internally hosted services you expose externally.


  • You are running into the ultimate, and ultimately unavoidable, limitation of self-hosting, which is the self.

    You should run a VM on the VPS for Vaultwarden, with no other services in the VM except whatever you need to connect to it remotely. Keep it simple. Run an exact copy of the VM on your local server. Have the VPS instance push its database to the local instance regularly, to keep up with any changes that your users make. Make regular backups of the local instance.

    When you need to update the software, freeze an image of the local VM and then update the local VM, then when you’re sure it’s stable, copy the updated local VM to the VPS. If either the local or VPS instance crashes out, you should be able to recover (or reproduce) one from the other.

    In the end though, it is functionally impossible to ensure reliability by yourself. Hosting Vaultwarden on a VPS shifts the responsibility for running the underlying server and network connection to the provider, and probably removing the dependence on your residential network connection will be better for your family/users.

    You are still the weak point in your system. You need someone else who can log in to your local server, and into the VPS, and perform recovery if needed. There is no technical solution for this. You cannot be the sole admin, and also ensure reliability for other users.





  • There’s a new one being launched by a San Francisco-based startup that has some impressive specs, is powered by Linux, and isn’t looking to sell user data.

    yet.

    This is not an open source project. We covered it because the operating system for this is based on Linux.

    It’s (not) FOSS

    Some use cases the company points to include hands-free coding agents, reading board schematics mid-build, following a recipe in the kitchen, and keeping sheet music in view while playing an instrument.

    We’re trying really hard to come up with justifications to normalize people wearing a camera and microphone on their face all the time.

    Before you get worried, Raven Prism will ship with a physical cover for the camera that you remove when you want to use it and put back when you don’t.

    Which people will discard or lose within a month, especially if it looks like a weird extra piece attached to the frame.

    There’s also “Beakon” lights that illuminate when the camera is active, making it visible to both the wearer and anyone nearby.

    Which will get disabled almost immediately.