Posts by ceresbzns@infosec.exchange
 (DIR) Post #ATQ2tgUb0kewU9b3mi by ceresbzns@infosec.exchange
       2023-03-05T17:56:52Z
       
       0 likes, 5 repeats
       
       Hey FOSS fam, I need your expert opinions: I'd like to stand up a chat server for a small 1-day con that I'm organizing, but I don't want to use Slack or Discord or any of the other freemium corpo services. What can I run instead?Must haves:* FOSS (obv)* can run on a relatively inexpensive VPS (e.g., Hetzner or Digital Ocean)* reasonably performant (up to 50 concurrent users)* web GUI for users who don't want to download an app* chat room* allows basic moderation functionality (eg ban) * reasonably secureNice to haves:* end to end encryption* ease of setup / administration* invite-only channels (in addition to public room)* direct messagingFrom my research so far, my understanding is that I can basically choose between #matrix or #xmpp. (Maybe #IRC ??)Of the two, XMPP looks like it's more performant (I see constantly see people complain about Matrix being slow) at the expense of encryption by default. Still, I'm not sure which implementation of XMPP server would suit our needs best.What do you think? What would you suggest?Boosts welcome!#foss #chat #privacy #infosec #linux #debian #ubuntu #bsides #cybersecurity #selfhost
       
 (DIR) Post #ATTGGCJlFQwMRGTSDo by ceresbzns@infosec.exchange
       2023-03-09T22:04:41Z
       
       0 likes, 0 repeats
       
       @carlosefr As someone who does some self-hosting out of my homelab, it's more of a problem for me that my ISP won't sell me a static IP of *any* kind without upgrading to a business account. Although I suppose a CG-NAT IPv4 would be just as useless as no static IP at all.
       
 (DIR) Post #ATxM500Ws7Kqm4oQrI by ceresbzns@infosec.exchange
       2023-03-23T10:12:40Z
       
       0 likes, 0 repeats
       
       Looking for opinions on the Free Software Foundation #fsf I only learned about them recently, but I've found their online resources helpful and some of the member benefits seem genuinely useful (jitsi servers, email forwarding, etc)I guess I'm just curious if there's any skeletons in that closet I should know about
       
 (DIR) Post #AUqaVakgVGzWaPch3w by ceresbzns@infosec.exchange
       2023-01-14T21:24:12Z
       
       0 likes, 2 repeats
       
       A message for all my friends as yet unacquainted with the fediverse
       
 (DIR) Post #AVJvFIEZJlRx8rVaSG by ceresbzns@infosec.exchange
       2023-05-04T18:47:13Z
       
       0 likes, 1 repeats
       
       Who's got suggestions for a good #Matrix home server?
       
 (DIR) Post #AlRhVA8gwgXEGsV5Qu by ceresbzns@infosec.exchange
       2024-08-29T02:55:43Z
       
       0 likes, 0 repeats
       
       @adam Curious to hear your thoughts on it once you've read
       
 (DIR) Post #Alq2ec4pCkGoM74sL2 by ceresbzns@infosec.exchange
       2024-09-09T20:40:27Z
       
       0 likes, 1 repeats
       
       This Cohost situation sounds pretty unfortunate, having been done in by Stripe changing their policies. Listen, and I mean this sincerely, what if we started paying attention to online payment systems that aren't gatekept by a handful of processors?
       
 (DIR) Post #Ao2suneA0mihPgy6Ea by ceresbzns@infosec.exchange
       2024-11-14T20:11:31Z
       
       0 likes, 0 repeats
       
       @silverpill 4.5 TB! $150/mo+ in hosting costs!even if it was possible to host the entire stack, no one is going to pay $2k a year just to host their own microblog, wtf
       
 (DIR) Post #AoKGF6EYDTjXU5xP0a by ceresbzns@infosec.exchange
       2024-11-22T23:32:15Z
       
       2 likes, 3 repeats
       
       lol lmaoSauce: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a#infosec #cybersecurity #redteam #cisa
       
 (DIR) Post #AokCc2GJ7GNtvTAnlw by ceresbzns@infosec.exchange
       2024-12-05T18:24:33Z
       
       0 likes, 0 repeats
       
       #unitedhealthcare #uspol
       
 (DIR) Post #AokCc4G1hHLe7B3bc0 by ceresbzns@infosec.exchange
       2024-12-05T18:44:40Z
       
       1 likes, 1 repeats
       
       @NosirrahSec "He belonged in jail, but dirt will suffice."goddamn, brother, what a line
       
 (DIR) Post #ApVdbyGEMuehxLfOLY by ceresbzns@infosec.exchange
       2024-12-28T15:50:20Z
       
       0 likes, 0 repeats
       
       @threalist what's going on now?
       
 (DIR) Post #Aq0GujpLzkktexDBS4 by ceresbzns@infosec.exchange
       2025-01-12T02:40:42Z
       
       0 likes, 0 repeats
       
       tldr; How common is it to find the software provided by the default Debian apt repo is out of date (maybe dangerously so) and you need to seek out a more secure version by setting apt to grab a different repo? Long version: OK, I have a sysadmin situation that I suspect may be fairly common, but it's the first time that I've encountered it because I'm new to all this:* Host I'm operating is running Debian 12  Bookworm stable* I updated my apt repo* I installed nginx web server software from the default Debian apt repo * Installed version of nginx is 1.22.1* Shodan monitoring flags nginx 1.22.1 as end of life - (thank you @shodan)* On investigation, nginx website shows a few known medium and low vulns in that version, and the latest mainline version of nginx is all the way up to 1.27.3 - so my current install is in fact five versions behind and very EOL* obviously this is concerning because I don't want my server to get pwned* nginx offers a way to update apt to point to their repo and pull the latest version (great service, thank you)#sysadmin #homelab #nginx #debian #linux #infosec #cybersecurity #shodan
       
 (DIR) Post #Aq0GunpV79FY4ZJMEi by ceresbzns@infosec.exchange
       2025-01-12T03:36:24Z
       
       0 likes, 0 repeats
       
       Quick update to this story:* I upgraded to latest version from nginx repo* reverse proxy breaks. can't figure out what's wrong.* I back out of all the changes and reinstall from debian stable repo* proxy is working againIt sounds like security updates are backported (thanks all for the feedback), so I'm just gonna leave the server running the way it is now
       
 (DIR) Post #AqDu2KxEmHdY6Mzb2u by ceresbzns@infosec.exchange
       2025-01-19T00:31:05Z
       
       0 likes, 0 repeats
       
       @alejandrobdn @thechrisdantes Yes also curious- what you up to
       
 (DIR) Post #Ar5vdGEMruNp2xT6LA by ceresbzns@infosec.exchange
       2025-02-13T14:10:16Z
       
       1 likes, 0 repeats
       
       @rooneymcnibnug @lispi314 Calvin's mom and dad were real ones
       
 (DIR) Post #At3UtHDYKGUuOsbfCy by ceresbzns@infosec.exchange
       2025-04-13T17:38:30Z
       
       0 likes, 0 repeats
       
       @futurebird so what I'm hearing is maybe we need to sample the aphid butt juice for ourselves
       
 (DIR) Post #Au4PhWRkir0C63wVBw by ceresbzns@infosec.exchange
       2025-05-14T02:00:54Z
       
       1 likes, 0 repeats
       
       @gabriel teacherscientistphysician / nurseopen source software maintainer
       
 (DIR) Post #AuQbv9oh0Jf3XYrQzw by ceresbzns@infosec.exchange
       2025-05-24T17:41:23Z
       
       0 likes, 0 repeats
       
       lmao, never a dull momentI got this email just now, sent from a domain of the provider where I host some Tor webtunnels. Hard to tell if the hosting provider has actually been pwned or if the threat actors are just bluffing.Any advice from cyber professionals? @briankrebs @PogoWasRight @metacurity @unredacted have y'all heard if ColoCrossing has been pwned?#infosec #cybersecurity #tor #privacy #vps #cloud
       
 (DIR) Post #AuRAGMc21P9xkTDqU4 by ceresbzns@infosec.exchange
       2025-05-03T17:16:38Z
       
       0 likes, 0 repeats