I love this, and I’m definitely going to use it when describing enshittification to relatives. Kudos, genuinely.

Don’t worry, you aren’t missing much. That paragraph was kind of goofy anyway.

Think of a Seedbox as a cloud service provider with convenience features focused on enabling piracy, by keeping the hardware in a jurisdiction that doesn’t care what you pirate and giving you one-click easy installation methods for apps that make piracy simple. But without going so far as “Thank you for your payment, download these specific media files here.”

You debatably have to be a techie. But by techie standards it’s very easy to use.

If you really hate piracy, I suppose you could pay for one for a month, get the identity of who you paid, and use one of the apps to host a shell script that listens on one of the few public ports you have access to, that answers every incoming connection with “this is a seed box operated by ABC, with cards payments accepted by LMNOP Inc in Athens, Greece.”

But the most common usage is running packaged software they let you run (like BT clients you can remote-control, sickchill, radarr, sonarr, Plex, etc.) or remote desktops or shells. Usually implemented as docker containers.

Apologies, I did the American thing. Checks, which get turned into X9.100 files, which are just digital versions of bags of bundles of checks, with check images that were TIFF images in CCITT T.6 encoding.

I don’t know if you’re being serious, but I can confirm from my time at as a developer at a banking software company, we didn’t use a hard RT OS even for like Mosler or Hitachi high speed check sorters. Just fast C++ code. (On Windows XP still, when I left in 2016)

(Work load is basically: batch of checks is loaded into an input hopper, along with check sized pieces of paper which are headers and footers, machine rapidly scans MICR lines and they go flying towards output pockets, and our code has something like 20 ms to receive the MICR data and pass back a sorting decision.)

I feel like objecting to the “General advice about email is don’t” thing but I don’t know if I understand the objections well enough to refute them. I self host email for mspencer.net (meaning all requests including DNS are served from hardware in my living space) and I have literally zero spam and can’t remember the last time I had to intervene on my mail server.

On one hand: My emails are received without issue by major providers (outlook, gmail, etc) and I get nearly zero spam. (Two spam senders were using legitimate email services, I reported them, and got human-seeming replies from administrators saying they would take care of it.) And I get amusing pflogsumm (summarizes postfix logs) emails daily showing like 5 emails delivered, 45 rejected, with all of the things that were tried but didn’t work.

On the other: most of the spam prevention comes from greylist, making all new senders retry after a few minutes (because generally a legit MTA will retry while a spammer will not) and that delays most emails by a few minutes. And it was a bear to set up. I used a like 18 step walkthrough on linuxbabe dot com I think, but added some difficulty by storing some use and alias databases on OpenLDAP / slapd instead of in flat files.

But hey, unlimited mail aliases, and I’m thinking of configuring things so emails bounce if they seem to contain just a notification that terms and conditions are updated somewhere. I don’t know, cause some chaos I guess.

And I have no idea if my situation is persuasive for anyone because I don’t know what the general advice means. And I worry it’ll have the unfortunate side effect of making self hosting type nerds like me start forgetting how to run their own email, causing control of email to become more centralized. And I strongly dislike that.

Yep, mspencer dot net (what little of it is currently up, I suck at ops stuff) is 2012-vintage hardware, four boxes totaling 704 GB RAM, 8x10TB SAS disks, and a still-unused LTO-3 tape drive. I’ll upgrade further when I finally figure out how to make proper use of what I already have. Until then it’s all a fancy heated cat tree, more or less.

I don’t know what people call this, but I’m curious if you also need future balance prediction, basically “here’s how much left over you’re going to have this payday, next payday, etc”. I might switch from my homegrown spreadsheet to one of these recommendations if they also support that.

(I’m talking about something where you input your known scheduled debits and credits, especially for people with biweekly paychecks but monthly debits, and then you match recent actual activity with what’s expected. So you get “current balance is $1800 but it’ll get as low as $300 before you get paid next” type info to keep you from over spending.)

I have an iPhone and a gl.inet gl-e750 portable cell router, and my SIM card stays in the router. I don’t actually restrict my phone the way you’re talking about, but this gives me vpn to my home network without needing the vpn running on each client device. And if I wanted to block connections to big tech company services, I could do that.

Are you going to be hosting things for public use? Does it feel like you’re trying to figure out how to emulate what a big company does when hosting services? If so, I’ve been struggling with the same thing. I was recently pointed at NIST 800-207 describing a Zero Trust Architecture. It’s around 50 pages and from August 2020.

Stuff like that, your security architecture, helps describe how you set everything up and what practices you make yourself follow.

Thank you for your reply, but to be clear, I’m not looking for individual details to be spelled out in comments. What you said is absolutely correct, thoughtful, and very helpful. But emotions are running a little high and I’m worried I’ll accidentally lash out at someone for helping. Apologies in advance.

But do you have any links? Beyond just the general subjects of security architecture, secure design, threat modeling, and attack surface identification, I’d love to see this hypothetical “generic VM and web application housing provider in a box” come with a reasonably secure default architecture. Not what you’re running, but how you’re running it.

Like, imagine decades in the future, internet historians uncover documentation and backups from a successful generic hosting company. They don’t necessarily care what their customers are hosting, their job is to make sure a breach in one customer’s stuff doesn’t impact any other customer. The documentation describes what policies and practices they used for networking, storage, compute, etc. They paid some expensive employees to come up with this and maintain it, it was their competitive advantage, so they guarded it jealously.

I’d want to see that, but (a) a public, community project and (b) now, while it’s still useful and relevant to emulate it in one’s own homelab.

If I can get some of that sweet, sweet dopamine from others liking the idea and wishing for my success, maybe I can build my own first version of it, publish my flawed version, and it can get feedback.

I’ve been struggling to wrap my head around a good security architecture for my mspencer.net replacement crap. Could I bug you for links?

I figured out a while ago to keep VM host management on a management VLAN, and I put each service VM on its own VLAN with heavy, service-specific firewalling and a private OS update repo mirror - but after hearing about ESXi jackpotting vulns and Broadcom shenanigans, I’ve gotten really disheartened. I’d love some safe defaults.

I think this needs to exist, but as a community supported system, not as a commercial product.

Pick a set of open technologies - but not the best, lightest weight, just pick something open.

Come up with a security architecture that’s reasonably safe and only adds a moderate amount of extra annoyance, and build out a really generic “self-hosted web hosting and VM company-like thingy” system people can rally around.

Biggest threat to this, I think, is that this isn’t the 90s and early 2000s any longer, and for a big project like this, most of the oxygen has been sucked out already by free commercial offerings like Facebook. The technical family friend offering to self-host email or forums or chat no longer gets gratitude and love, they get “why not Facebook?”

So… small group effort, resistant to bad actors joining the project to kill it, producing a good design with reasonably safe security architecture, that people can install step by step, and have fun using while they build and learn it.

Married, we both work from home, and we’re in an apartment.

First, all of my weird stuff is not between her work and living room pcs and the internet. Cable modem connects to normal consumer router (openwrt) with four lan ports. Two of those are directly connected to her machines (requiring a 150-ish foot cable for one), and two connect to my stuff. All of my stuff can be down and she still has internet.

Second, no rack mount servers with loud fans, mid tower cases only. Through command line tools I’ve found some of these are in fact capable of a lot of fan noise, but this never happens in normal operation so she’s fine with it.

Separately I’d say, have a plan for what she will need if something happens to you. Precious memories, backups, your utility and service accounts, etc. should remain accessible to her if you’re gone and everything is powered off - but not accessible to a burglar. Ideally label and structure things so a future internet installer can ignore your stuff and set her up with normal consumer internet after your business internet account is shut off.

Also keep in mind if you both switch over so every movie and show you watch only ever comes from Plex (which we both like), in an extended power outage situation all of your media will be inaccessible. It might be good to save a few emergency-entertainment shows to storage you can browse from your phone, usb or iXpand drive you can plug directly into your phone for example.

I use a USB BD-R burner and disks for this. I don’t have a solution for Bad USB protection though unfortunately.

I think this was asked in good faith, but is unfortunately unlikely to produce useful discussion. The down-voters are right but the original poster shouldn’t feel bad for asking.

Short answer: it’s ok to say “maybe, we have no way to know, moving on” when something is unknowable like this.

Longer answer / topic hijack: as voters there are many contradictions in our system, and important and necessary information is often hidden from us. Doing the best we can might take various forms:

• choose government ran by the least-evil people possible and trust the imperfect system formed by the structured interactions of those people

• choose government that follows policies that align the best with your values or your ethical understanding of the world

• choose government that is best able to reduce harms and injustices, in a practical and realistic way that anticipates the acts of other factions

• choose government led by people you hate the least — no, this one is toxic, lazy, easy to manipulate with lies. Manipulators know the longer they keep people hot with emotion the less time people spend learning.

Please do not reply to this with hatred or calls for strong emotion. Leaders at any level can be deliberately evil, sure, but it’s never helpful to dehumanize entire clusters or demographics.