Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 36 Posts
  • 1.93K Comments
Joined 1 year ago
cake
Cake day: March 24th, 2025

help-circle
  • I tried this a long time ago. My conclusion was that there is not really a way to install Linux on the Xbox One. There have been reports that have run Linux inside of a jail/VM, but things don’t seem to mesh correctly like network connectivity. There is a whole hacking and modding the boot chain. I gave up. LOL

    Perhaps there has been progress since I last tried. Also, very possible, I didn’t have the skills to pull it off. Perhaps someone else will chime in.


  • What are your concerns about Cloudflare and getting ‘banned’? There used to be a clause in the TOS that prohibited streaming video. However, as one user here has pointed out, that has been since superseded. Now, I’m not going to tell you that you can share your JF with 20 other users and not raise an eyebrow with Cloudflare. I don’t have a clue what they would do in that case. As far as streaming, I run Navidrome around the house from the time I get up in the morning, until I go to bed at night, and have had no issues. There also isn’t a bandwidth cap that I can find anywhere in Cloudflare’s documentation.



  • This is the security I’ve implemented on my network:

    • Modem receiving IP from ISP. Modem to router. Router to stand alone pfsense firewall. Router has a 54 character complex password for WiFi. There are no guest provisions for WiFi.
    • Pfsense firewall with pfblockerng & suricata running on both lan and wan, both with a full array of rules/feeds updated daily. pfsense has tailscale as an overlay vpn. Server traffic and PC traffic have their own VLAN provided by pfsense. My approach is to deny all until something complains and address that on a case by case basis. Additionally ntopng is utilized for traffic analysis. IPv6 is disabled.
    • Server running Tailscale as an overlay VPN, UFW deny all posture, and fail2ban with an aggressive posture. Server has been hardened against Lynis spec where applicable. Not all recommendations apply to my server. Server is utilizing host deny/host allow and SSH keys.
    • Server is utilizing containers for services.
    • Server is using Cloudflare tunnel/zero trust.
    • Server and pfsense communicate via Tailscale encrypted tunnel. PC/Phone/mobile device can communicate with pfsense via Tailscale.
    • Server services are accessed via https.
    • PC connected to pfsense firewall with same rules as server. PC is using a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries. Firefox is using 1.1.1.1/1.0.0.1. Settings for Firefox are the strictest for Enhanced Tracking Protection, and DOH. HTTPS-Only mode enabled. PC is also running a soft firewall.
    • All other devices such as phones, laptops, and tablets run a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries.
    • IoT devices are isolated. Phones are isolated. Smart TVs are isolated.

    I’ve been told repeatedly that I go overboard on security.

    Do you guys just enjoy cybersecurity?

    To the extent of my knowledge thereof, yes.

    Do you actually keep sensitive data on your self hosted systems?

    No I do not. No password vaults, no financial info, etc.

    Do you self-host on expensive hardware?

    No. In fact I just finished decommissioning one of my Dell T320s. In it’s place I put an Optiplex 7020 SFF. The Dell T320 was adding $40 USD of my electric bill, while the Optiplex 7020 sips about $8 a month, plus it doesn’t pump heat in to the lab like the T320s do. I have one more T320 to decommission and then I’ll be done with that type of equipment. I’m looking to sell the two T320s, but I’m not sure someone wants to pay to ship a boat anchor.

    It’s not that the data on my server is so sensitive. I just don’t want anyone mucking around in my lab all willy nilly, which is why I run all the above and isolate everything I can, so that anyone who might get through, wouldn’t have any lateral movement,
















  • I’ve never had an Oracle Cloud server. However, I do image backups of the server once a month, then test them in a VM, After hearing so much about Borg, I finally pulled the trigger and ran it from the cli for a while. Then I deployed Borg UI, and that’s pretty amazing. I used to use Duplicati, but while Duplicati seems great at making backups, it’s not so keen about doing restores. At least, that’s my experience.