C’est pas illégal de le demander à ton/ta collègue cela dit.

My dear friend, this is (again!) some beautiful art you got there ! This could easily be the artwork for openbsd 7.6 ! If you don’t mind me I’d like to mention it on /c/openbsd so your work doesn’t go unnoticed? :D

I cannot speak for prahou, but I’m fairly sure we both agree on this:

• Codebase is clean and lean
• Security is a first grade citizen
• Dev team is not afraid to call stuff obsolete and remove/replace stuff
• It’s a full operating system, not just a kernel that you need to build on top of before distributing it
• Config files syntax is cohérent across the whole OS
• master Puffy rocks.

More like openblade2head. What an evolution !

The OpenBlade should be renamed OpenBard: prettify stories, lies, likes being thrown out.

Can’t wait for it to join Lo0 as a secondary singer tbh !

“And I took that personally”

Please provide your details and enjoy your new unlimited anonymity :

• name
• birth date
• email
• address
• social security number
• name of dog
• annual revenue

[ ] I accept to receive marketing popups through jack2head
[ ] I accept the privacy policy

A huge thank you for all of this !

The techno-mage and the unix_surrealism universe are the most entertaining and refreshing form of art I’ve seen regarding Unix and technology in general.

This is unlike anything else before, and definitely the #1 reason why I’m now sticking to Lemmy and the fediverse.

And man you know how much I love your style too ;)

Keep it up, you’re amazing ❤️

A VPN is easy to setup (and I have it setup by the way), but no VPN is even easier. SSH by itself is sufficiently secure if you keep it up to date with a sane configuration. Bots poking at my ssh port is not something that bother me at all, and not part of any attack vector I want to be secure against.

Out of all the services I expose to the clear web, SSH is probably the one I trust the most.

Yeah I know, I just don’t really care about that traffic to bother changing it :) Also, I’m talking about a server hosted on Hetzner, so I feel like it’s scanned a lot.

I get what you say, and you’re definitely not wrong to do it. But as I see it, you only saved ~80Kib of ingress and a few lines of logs in the end. From my monitoring I get ~5000 failed auth per day, which account for less than 1Mbps average bandwidth for the day.

It’s not like it’s consuming my 1Gbps bandwidth or threatening me as I enforce ssh key login. I like to keep things simple, and ssh on port 22 over internet makes it easy to access my boxes from anywhere.

Congratulations! A mail server is quite demanding in terms of initial setup, but it’s also very rewarding !

Here are a few pointers I can give you:

• Using a good domain is important, some provider block entire TLDs for cheap domains (eg. .tk or .pw). I learnt it the hard way…
• Set your MX records to A records, not CNAME
• Ensure your PTR records match your A records for the mail server
• Learn about SPF and DKIM
• Set them up, and verify with mxtoolbox
• Use the ip4:<ipv4> and/or ip6:<ipv6> selectors for SPF
• Setup a spamfilter (I like spamassassin)
• Leave it all running for a few weeks/months
• Publish a DMARC policy on your DNS, and verify with mxtoolbox

This should limit a lot your likeliness to end up in spam folders (which is usually the hardest part about running your mail server)

ELI5

So it’s saturday afternoon, a very hot one, so you ask your daddy for an ice cream (hosted service). The shop you go in is very bizarre though, as there is one vendor (TCP port) for each flavor (docker service/virtualhost). But it’s tricky because they’re all roaming in the shop, and you don’t know who’s responsible for each flavor. Your dad is also not very comfortable paying these vendors directly because they only accept cash and do not provide any receipt (self-signed certificate/no TLS).

Hopefully, there is the manager (reverseproxy) ! This girl is right where you expect her: behind the counter (port 80/443), accept credit cards and has a receipt machine (Domain name + associated certificate). She also knows everyone on her team, and who’s responsible for each flavor !

So you and your dad come to see the nice lady, ask for a strawberry + chocolate ice cream, and pay her directly. Once done, she forwards your request directly to the vendors responsible for each flavor, and give you back your ice cream + receipt. Life is good, and tasty !

Is the flying puffy the techno-mage’s system ? If yes, what’s the hostname ?