All of them if you configure it?
smiletolerantly
joined 2 years ago
Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a "local" jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It's a premade action called "cloudflare-token-multi"
We expose about a dozen services to the open web. Haven't bothered with something like Authentik yet, just strong passwords.
We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.
We also have a wireguard tunnel to home for all the services that don't need to be available on the internet publicly. That one also allows access to the management interface of the firewall.
In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you'll be able to read it from there.
I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.
Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I'm using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare's side, so before another malicious request ever reaches me.
Have not had any issues, ever.
Why tho? Over here they don't need refrigeration, keep longer, and are still salmonella-free. Really unproblematic to eat them raw as well.
Hab mich jetzt nur durchgeklickt um die Frage zu sehen, bin echt enttäuscht!
Yep, though it's currently just a portfolio site I link to in applications.
Plus also some selfhosting (jitsi, personal mailserver + webmail and contacts+calendar), though most other stuff is on a second domain and pointed at my home.
Cannot wait for it!!
No. I am not saying that to put man and machine in two boxes. I am saying that because it is a huge difference, and yes, a practical one.
An LLM can talk about a topic for however long you wish, but it does not know what it is talking about, it has no understanding or concept of the topic. And that shines through the instance you hit a spot where training data was lacking and it starts hallucinating. LLMs have "read" an unimaginable amount of texts on computer science, and yet as soon as I ask something that is niche, it spouts bullshit. Not it's fault, it's not lying; it's just doing what it always does, putting statistically likely token after statistically liken token, only in this case, the training data was insufficient.
But it does not understand or know that either; it just keeps talking. I go "that is absolutely not right, remember that <....> is <...,>" and whether or not what I said was true, it will go "Yes, you are right! I see now, ".
There's no ghost in the machine. Just fancy text prediction.
a) how do I keep discovering accounts of people I admire on this platform,
b) I fucking LOVE Accelerando and the Eschaton series,
c) that... really comforts me in a strange way. I always thought Veppers was supposed to be Bezos, but this is even better.
And lastly I am sorry for the loss of your friend.
A begruntled Culture citizen entasked with a seemingly straight-forward matter in a coincidentally-very-earth-like civ where capitalism reigns supreme in all the worst ways. A society on the brink of collapse due to leapfrogging technological advancements while ignoring, and possibly suppressing, the societal changes this necessitates, benefitting only those already in power. Not-entirely-clear motivations of unseen Culture Minds, presumably plotting beyond what is apparent to our protagonist. Getting to re-evaluate this strange society by experiencing first its thrills, then slowly but surely its horrors through the eyes of that protagonist, whose view of the world and themselves can never be the same afterwards.
All the while, a member of this fledgling society, finding themselves aboard the Culture vessel "I'm sorry, I thought there was still money on that card; here, try this one", a state-of-the-art ~~warship~~nope we don't do those, a state-of-the-art Very Fast Picket, earth-bound with engines pushing their limits, is motivated by the fleeting hope of maybe, just maybe, getting there in time to share a crucial piece of information with the protagonist, but - oh, too late. This storyline lead nowhere, and you are still glad to have read it, for the possibly best parts of the book where the witty ship-banter that had you laughing with tears.
Oh we also end the book with the cold-blooded murder of a ~~Bezos~~Musk look-alike at the hands of SC, and thanks to the book you are left with the clear impression that in the grand schemes of things, this was not simply necessary, it was just.
....something like that?
Did all that, minus the no ssh root login (only key, obviously) plus one failed attempt, fail2ban permaban.
Have not had any issues, ever