Oooohhhhh boy. Another one of these 🤣

It’s not like a package thing you can sell if you’re not supporting it. Then you’re just selling hardware at an inflated price. It’s not even self-hosting at that point. Why wouldn’t you just pay a regular company for a product?

Go for it.

Nah, just go read when you have time. They are well known around these parts.

Go read their post history first.

Don’t even get the reference, but this certainly provides more evidence for my other response to you.

No, you don’t “reserve the right to complain” if you aren’t taking part. That’s like saying you’re the asshole who gets to tell everyone else how they need to be living their lives just based on your own confidence that you have the better ideas.

You don’t. You have this tone of being some magnanimous asshole thinking everyone is just fucking up around you, but you’re just “allowing” it to happen.

“X” is something like 70% bots now since the Elon takeover.

You can read other articles that specifically go into detail on why Russia is investing in video and audio influencers now, but that’s mostly why.

Sure it is. Plenty of platforms are tied into federated information. Bluesky, Mastodon, Threads…

What in the hell are you on about?

Your username is known around here already. You think any person in politics who isn’t doing EXACTLY as you think they should do is making concessions and pandering, but you’re wrong. You’re not voting for her anyway, so why even bother commenting here?

You’re thinking too hard about this.

There needs to be a source of truth. LDAP is just a simple protocol that can be backed by whatever. You’re worried about the LDAP server going down, but guess what? It’s all in flat files. Go ahead and set it up in a bit repo for config management service for the server/protocol portion, and backup the DB. Easy peasy.

You can also cluster your LDAP service amongst all of your nodes if you have 3+ nodes and un-even number of them to ensure consensus amongst them. You can even back LDAP with etcd if you really want to go down that road.

You’re being paranoid about what happens if LDAP goes down, so solve for that. Any consumer of LDAP should be smart enough to work on cached info, and if not, it’s badly implemented. Solve for the problem you have, not for what MIGHT happen, or else you’re going to paranoid spiral like you are now because there is no such thing as a 100% effective solution to anything.

Then it’s the same situation. Find a box, setup an LDAP service, populate it, and you’re good to go. That’s it.

These people should be glad they have no feelings of shame or embarrassment. It’s the only way I can imagine they manage to live day to day.

Use unprivileged port numbers for your services.

It’s not fine. Easiest way to rack up utilization on your server is getting hits on all the default service ports. Change that port to any unprivileged port to avoid that somewhat. Not every bot crawler is doing port scans on random non-commercial and unidentified IP space.

What you’re describing is security through obscurity, but switching from the default port has other benefits like the above.

Not sure I can expand on it a ton more in a way that will make sense if it already doesn’t sound familiar.

Basically, there are various methods to authenticate yourself to most services. Password is usually the weakest and most succeptible to brute-force and social engineering. There’s certificates, key pairs, RBAC…etc. You can even setup TOTP/MFA really easily for anything that supports it these days. Just don’t leave a service hanging out on the Internet to get brute-forced by password though.

If you’re unfamiliar with this, start with SSH and key pairs. It’s probably the simplest intro and you can be up and running to try it out in seconds.

Even worse, these motherfuckers think it’s a job and not a civil service and privilege. Fucking out of touch.

See my comment in the post. You are dead on.

Well, yeah. But there’s many ways to make that happen. Sounds like this asshole is bragging he has it rigged.

You cant. You can only do your best to make it as secure as possible, but given enough time, someone can break it.

Basic tips:

• don’t run any services on their defaults ports
• don’t allow password auth for any exposed service. Ever.
• run intrusion detection (fail2ban for simple ssh / Crowdsec for something a little beefier)

For ssh specifically, lock down your sshd config, make sure only key-based auth is enabled, and maybe as an extra step, create a dedicated user, and jail it by only allowing it access for the commands you need to interact with.