nitrolife

I assume you are from Russia since you speak in first person, however, if the laws are so stringent against self hosting or private hosting, why is it a large portion of Warez sites emanate from Russia? They exist all over really, but it seems a lot of the very popular ones are in Russia.

because you might be surprised, but warez is not illegal in Russia. We have slightly different legislation in the field of intellectual property. Only the person who profits from warez can be held responsible. That is, either an organization that uses it commercially, or a seller. If I break the software or record a movie for the sake of art or love for my neighbor without money or donations it’s legal. of course, websites are responsible even if they receive income from advertising, well, many of them are blocked for Russians. I go to rutracker via VPN =)

But just try to talk with a voice call via telegram… You won’t be able to do that, because direct calls without anti-threat systems (i.e., after completely listening in on calls) are illegal.

UPD: how that look right now

It is impossible to place telephone nodes in Russia without equipping the server with threat protection equipment. Of course, I won’t buy a box for hundreds of dollars to use a home PBX, so technically I’m outside the law. =) It is also impossible to host sites with more than 10,000 visitors without registering with Roskomnadzor. and all accounts with authorization must support logging in through the public services portal or by phone number. considering that only legal entities can do this, of course I don’t do it.

The United States and the European Union have data protection laws, so if you decide to save money on hosting for friends and install a server outside the Eurozone, depending on the data you store, you are also formally violating the law.

well, in fact, you will literally be like Google. maybe there really are some subtleties, I’m not sure because I’ve never lived in the USA. the only difference will be how much it will cost. In the end, you won’t be able to provide a mailbox for free and not trade data.

UPD: the organization has completely different service requirements. Even for non-profit organizations, no one will wait a day for you to return from work and remember the service.

so why you think that a public pool of docker images is as secure as an aqua checked image in Google’s infrastructure? It’s a mystery to me. An ordinary user like Hilary can be checked even without a warrant, it’s enough to are plenty of vulnerabilities already.

As someone who has been building infrastructure for over 10 years, I can say that friendship is one thing, but no one is willing to share sensitive data with their friends. People prefer to use services out of border, not self hosted.

UPD: of all my friends, only 7 agreed to use mail on my domain, and after moving from Google Workspace to a private server, only three remained. one of them simply transfers mail to another mailbox, just in case. this is the result. not theoretical, but real.

Well, I don’t work in the USA, but in a telecom company, and I can say that if you really need it, they will just kick down the door and seize the server. no matter what. and a campaign interested in business is, after all, more technologically advanced than some guy who set up a server based on guides on the Internet. you won’t need to take anything from him, with a fairly weak literacy, it’s enough just to intentionally make a mistake in the public guide. Do you remember Hillary Clinton’s private email server case?

this can’t be a hardware problem other than the power supply, because judging by the screenshot, the disks have already been initialized, which means the entire kernel has loaded into RAM and even libraries have started loading. first you need to read dmesg and check exactly where the log stopped. rather than testing everything.

I do not know about Amazon, but in telephony you simply have to install a threat management system in accordance with the law. I think Amazon has the same thing. if there is a court decision, the servers will be arrested or a request for data will be received. It’s exactly the same thing.

what is configured on the server may or may not be enabled. and your neighbor just knows some of your data (your name, address, etc.), which increases the likelihood of an attack. To an Amazon engineer, you’re just bytes out of nowhere.

the normal story would be to encrypt everything on the client before anything gets to the server at all. but who exactly is going to bother so much? in this case, you might as well upload a bunch of encrypted data to Google.

so you’re suggesting storing sensitive data, work documents, passwords, not from a company with which there are at least some legal agreements, but from a neighbor, simply because you see him from time to time? what could possibly go wrong…

UPD: By the way, if we are talking about a state, your neighbor will be approached in the same way as Google, because everyone in the country obeys the same laws.

because most people are not looking for new ideas, but only for confirmation of their own. So it’s not evil businessmen who drive people into the echo halls, but they’re just happy to be alone in the echo halls. After all, the world is much simpler when you’re the same as everyone else and everyone is the same as you, rather than when you’re alone in a crowd of opponents.

so there were already a decentralized part of the nodes because “well, it’s obvious that they’re talking nonsense.” people were clearly just uncomfortable with the comments.

It’s especially fun to watch someone calculating upvotes and downvotes on a decentralized platform where anyone can endlessly turn a switch in any direction.

The average person doesn’t understand anything about technology and probably won’t even be able to install an operating system. The Internet literally became what it is now precisely because everything was left to corporations. For example, sip telephony is as decentralized and secure as possible, but how many people keep their own telephone exchange? therefore, it is more realistic for the average person to simply use services outside the jurisdiction of the state than to install something on their own. In some countries, it is also illegal to engage in self-hosting.

but if we talk about people who are interested enough, then yes, you can do self-hosting. However, people who are ready to understand at least a little, for example, according to the latest steam statistics, make up about 5% of the total mass.

try read dmesg

KeePassXC. I think you can install client on every OS.

as normal user but via systemd service (Linux with systemd system-wide)

I just use linphone with flexisip. I don’t understand why SIP dropped out of this chain.

And yes, there are encrypted 1-on-1 or group chats and you can send photos and documents. As a bonus, you can connect a SIP provider to access the telephony line.

You can use socks server for download toorrents. Best choise insert socks traffic to wireguard connection and use sockd for outgoing and clean wireguard + port forwarding for incoming connections.

And you can use i2p network for download torrents in that networks. qBittorrent support it in experimental mode.

I use my home server as media library and cloud gaming device (kvm with sunshine). Also I hosted my friends web sites and some my sites.

hosting my home lab’s server on hetzner would have been much more expensive I think.

But in reality, this will only allow you to receive incoming mail. In order for outgoing mail to work, it is necessary that the mail server and all the strapping go through the VPS to the Internet. This requires a rather complicated configuration of iptables, and I recommend that you simply either fill up the mailer on a VPS (there will be a maximum of gigabytes of mail. it’s not that heavy), or buy a static address at home.

If you still decide to go the hard way, here’s an approximate plan for what you need to do in the spirit of iptables, because setting it up in firewalld is a real torment.:

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -m owner --uid-owner 924 -j MARK --set-mark 0x300
COMMIT

where 924 is the postfix user ID, you may have a different number. check it out

ip route add default via 10.8.12.4 dev wg0 table 100

adding the default route via the VPS address to the routing table 100. replace 10.8.12.4 with the address of your VPS and wg0 with the name of the interface for communication between the VPS and home. Then

ip rule add from all fwmark 0x300 lookup 100

We are sending all packets with the label 0x300 to the routing table 100. In other words, the postfix user will have his own custom routing table via VPS.

This creates several problems due to the fact that with this configuration, it may not be possible to connect to postfix via your server’s interfaces. But in basic case all will work. Bypassing this problem will create even more complex routing rules and will generally be overkill. But if you’re interested, write to me and I’ll sign it.

Well… as I already wrote, my home server is literally on the Internet because I rent a static public IP address from the provider.

But if you have a VPS, then you just need to do port forwarding to your server with a VPS, and then add the following entries to the mx DNS server:

you.domain.              21600   IN      MX      10 you.first.vps.
you.domain.              21600   IN      MX      20 you.second.vps.

Where 10 and 20 are the server priority Or if the VPS is part of your domain then:

you.domain.              21600   IN      MX      10 first.vps.you.domain. 
you.domain.              21600   IN      MX      20 second.vps.you.domain. 

first.vps.you.domain.             21600   IN      A       1.1.1.1
second.vps.you.domain.        21600   IN      A       2.2.2.2

And if you also have IPv6, you can do

first.vps.you.domain.             21600   IN      AAAA       fd00::1
second.vps.you.domain.        21600   IN      AAAA       fd00::2

Where 1.1.1.1, 2.2.2.2, fd00::1 and fd00::2 are the addresses of your VPS

You also need to enter the address in the SPF:

you.domain.              21600   IN      TXT     "v=spf1 +mx -all"

What does it mean

v=spf1 is the SPF version.

+mx – it is allowed to send mail from the IP addresses specified in the MX records of the domain.

-all – prohibits sending from any other servers (hard refusal).

Also, in order for the signature to work on the mail server, you need to make several TXT entries (for a detailed explanation, see my links about DKIM):

keyname.__domainkey.you.domain. TXT "v=DKIM1; ...%DKIM params%"

and

you.domain.             86400   IN      TXT     "v=DMARC1...%dmarc params%"

And you need ask you VPS provider set PTR for you VPS IP address with first.vps.you.domain. Or some providers access that config in web panel.

Thanks, I’ll give it a try sometime.

On my home server. My ISP gives me a static address and makes PTR records for only about $1.5 per month.