@silhouette@dumbfuckingweb.site @phnt@fluffytail.org Sorry for the confusion, my comments on Proxmox were unrelated to my comments on garbage "soyware".
I don't think Proxmox is bad software in general. It has it uses.
However Proxmox (according to their own website) is a "server management platform for enterprise virtualization".
I believe that if you're using Proxmox outside of an enterprise setting you are probably heavily over complicating your home server setup and it's probably in your own best interest to maybe rethink how you've set up a few things.
Mostly to save server resources, reducing the time you spend maintaining it and maybe also saving money by lowering your power bill.
Conversation
Notices
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 17:43:01 JST 
SuperDicq
- Phantasm likes this.
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 18:41:13 JST
SuperDicq
@eliseo01@fe.disroot.org @phnt@fluffytail.org @silhouette@dumbfuckingweb.site Yes, we use Proxmox on our servers at my local hackerspace.
I still think it's a little overkill over there as well, but I mean it's a hackerspace so the act of overengineering everything is like half of the point of why we even do things. -
Embed this notice
eliseo (eliseo01@fe.disroot.org)'s status on Monday, 31-Mar-2025 18:41:15 JST 
eliseo
@SuperDicq @phnt @silhouette
Do you have any personal experience with Proxmox? -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 18:53:52 JST
SuperDicq
@eliseo01@fe.disroot.org @phnt@fluffytail.org @silhouette@dumbfuckingweb.site I don't really think virtualization itself (especially using LXC and such) is a massive overhead by itself.
The real overhead comes from the amount of applications that you're now running multiple instances in multiple containers which could be a single daemon. This is where the real overhead (and additional maintenance complexity) comes from.
Instead of running a single webserver with 8 vhosts, you're running 9 webserver daemons with a single main one connected to the 8 other webserver daemons using reverse proxies.
Same goes for everything else that server applications very often tend to share, such as database instances, cache storage, etc. -
Embed this notice
eliseo (eliseo01@fe.disroot.org)'s status on Monday, 31-Mar-2025 18:53:54 JST
eliseo
@SuperDicq @phnt @silhouette
If you're familiar with it then why do you claim that such is a massive overheard to the extent that your server would waste resources in a meaningful way? I am familiar with Proxmox, I have multiple servers running it and I think it saves resources and time if anything, as deploying LXC containers and VMs is trivially simple, and I can afford spending a couple extra dozen of hundreds of bytes of memory in a web frontend to remotely manage everything in a machine that has several millions of bytes of RAM. You don't need that much maintenance either, everything works on its own most of the time, it updates packages and backups everything automatically every week. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 19:45:04 JST
SuperDicq
@eliseo01@fe.disroot.org @phnt@fluffytail.org @silhouette@dumbfuckingweb.site in the possible scenario that a state funded scene cracks through SSH sercurity through some vulnerability to make it part of a botnetThe likelihood of this happening is so damn low and I don't think this is something you should even keep in mind when setting up your system.
Thinking state actors are actually going to risk exposing their zero days to infiltrate your personal home network is a giant LARP and is never actually going to happen unless you're a notable active terrorist or something. -
Embed this notice
eliseo (eliseo01@fe.disroot.org)'s status on Monday, 31-Mar-2025 19:45:06 JST
eliseo
@SuperDicq @phnt @silhouette
There's also the fact that if you have to forward through clearnet for a VPN router, for example, you'd rather expose a container or a VM than bare metal directly, in the possible scenario that a state funded scene cracks SSH security, through some vulnerability to make it part of a botnet or some-such, when you find out you'll simply have to rollback to a backup, apply upgrades and don't need to worry about having to reinstall everything and start over. -
Embed this notice
eliseo (eliseo01@fe.disroot.org)'s status on Monday, 31-Mar-2025 19:45:07 JST
eliseo
@SuperDicq @phnt @silhouette
Organizations and companies that have a dedicated budget with dedicated administrators can cope with redundancy overhead if they scale VMs and when you wanna run so many services you will want to start virtualizing anyway, personal users normally do not deploy dozens of VMs to host multiple different webservers but it still simplifies management a lot. In my case I deploy a GNU+Linux VM and then passthrough all physical drives to it, excluding two for backups, then from there I just mount filesystems through NFS or SSH to the rest of guests, which most of the time are containers that have torrent seedboxes, routers, VPNs, etc. Each one has its own IP as well so you don't need to worry about conflicting TCP/UDP ports, so if my niece asks me to start the Luanti server so she can play with her buddies I simply right click and start, or I invoke a single command, and I don't need to keep track of any other container I started months back that might interfere with it. -
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 20:01:15 JST
jae
@SuperDicq @phnt @silhouette @eliseo01
@eliseo01 @phnt @silhouette
> The likelihood of this happening is so damn low and I don't think this is something you should even keep in mind when setting up your system.
nothing ever happens. you need to be a high value target up against nation state (pick one). anyone who is likely has bigger problems than tier1 hypervisor, ssh vectors, etc
> Thinking state actors are actually going to risk exposing their zero days to infiltrate your personal home network is a giant LARP and is never actually going to happen unless you're a notable active terrorist or something.
it never happens. communities like r/privacy, techlore, rob braxman and others are shills. put them in an operational situation and they would crumble. these communities get users so fucking wound up before you know it they're paranoid someone will find their pirated pr0n and movie collection so they start hallucinating being snowden.
having a strong but simple security posture and iterating over a personal threat model should be a task not a life goal.✙ dcc :pedomustdie: :phear_slackware: and Phantasm like this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Monday, 31-Mar-2025 20:09:35 JST 
Phantasm
@eliseo01 @silhouette @SuperDicq
>Organizations and companies that have a dedicated budget with dedicated administrators can cope with redundancy overhead if they scale VMs and when you wanna run so many services you will want to start virtualizing anyway,
I like VMs much more than containers. Mainly from a security standpoint, because the container maintainers are the project developers and developers don't have a good track record with updating vulnerable libraries. And when you set up a container, there is more dependencies that what the project depends on. Give the typical developer a chance and they will happily use a library that hasn't been updated in 5+ years. If you are running everything "natively" in a VM, you can be reasonably sure that everything is patched after running apt update && apt upgrade / dnf update. Unless the vulnerable piece of software is written in Rust or Golang. Then good luck recompiling it, because static linking is awesome.
Containers are a security nightmare mostly used by inept developers that write software that is hardly packageable by normal means. The only place reasonable uses for them is making system packages, reproducible builds and scalability with a few exceptions in other places. To be honest the FreeBSD approach with jails, where they behave much like a normal isolated system with easy updates, is much better than Docker/Podman/systemd-machined. -
Embed this notice
(mint@ryona.agency)'s status on Monday, 31-Mar-2025 20:10:25 JST 
@phnt @silhouette @eliseo01 @SuperDicq >FreeBSD approach with jails, where they behave much like a normal isolated system with easy updates
LXC, anyone?Phantasm likes this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Monday, 31-Mar-2025 20:12:01 JST
Phantasm
@mint @silhouette @eliseo01 @SuperDicq LXC is great, but the tooling around it sucked for a long time. And probably still somewhat does. That said, I haven't used it in few years and probably should try it out again. likes this. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 20:13:35 JST
SuperDicq
@jae@fsebugoutzone.org @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @eliseo01@fe.disroot.org Yes, that's basically what I'm saying.
Your home network really should only realistically be protected against basic automated script kiddy level attacks such as having no exposed default passwords, enabling fail2ban, etc.
NSA level zero days should not be a concern in your threat model.
If the government really wanted your shit they would most likely just capture you and hit you with a $5 wrench until you tell them the password anyways lmao
Doing super advanced cybersecurity crap on something as benign as a personal home network is just cyber security nerd LARPing and nothing else. -
Embed this notice
(mint@ryona.agency)'s status on Monday, 31-Mar-2025 20:16:42 JST
@phnt @silhouette @eliseo01 @SuperDicq Libvirt can work with LXC machines in the same pool as proper VMs; that said I instead just have a bunch of basic containers with network bridge and static IPs (DHCP is bloat for what I'm doing). Phantasm likes this. -
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 21:05:09 JST
jae
@SuperDicq @phnt @silhouette @eliseo01
> Yes, that's basically what I'm saying.
we are aligned!
> Your home network really should only realistically be protected against basic automated script kiddy level attacks such as having no exposed default passwords, enabling fail2ban, etc.
precisely. if an advanced actor wants to pwn you, they will. there's really no stopping it. but the likelihood of it, is < 0.001%.
and for those that would have a direct expose of their homelab to 0.0.0.0/0 there's other ways to cordon off traffic such as wireguard backhaul from vps to the lab. only allow 443/tcp inbound and send it down the backhaul. many (myself included) do this.
> NSA level zero days should not be a concern in your threat model.
correct. threat model is like wearing a pair of pants. not everyone is going to wear sweatpants or jeans. it's personal and there's no right or wrong way. but the nsa doesn't care about us talking about terry, weird stuff, etc.
> If the government really wanted your shit they would most likely just capture you and hit you with a $5 wrench until you tell them the password anyways lmao
yes, the mysterious art of vanning. when met with a wrench i think most of us will give up their password to github. hell, i'll give up everyone's password to github to avoid getting domed
> Doing super advanced cybersecurity crap on something as benign as a personal home network is just cyber security nerd LARPing and nothing else.
this is true, with one exception. if you do this for a living (i do). i have a lab that's dedicated just to this really weird advanced shit. because i need to stay relevant in my field of expertise. i do like to eat (a lot)Phantasm likes this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Monday, 31-Mar-2025 21:11:48 JST
Phantasm
@m0xEE @jae @silhouette @eliseo01 @SuperDicq It's an MRF, because ete got fed up with constant politics on his timeline or something like that. -
Embed this notice
m0xEE (m0xee@nosh0b10.m0xee.net)'s status on Monday, 31-Mar-2025 21:11:51 JST 
m0xEE
@silhouette@dumbfuckingweb.site @eliseo01@fe.disroot.org @phnt@fluffytail.org @SuperDicq@minidisc.tokyo @jae@fsebugoutzone.org
Why is every post coming from FSE tagged as tesla-elonmusk? 🤪
It's not visible in Bloat/MastoFE/PleromaFE, but in snac2's web interface it is and it's very annoying.
Pete is sure doing some weird shit! -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 22:56:14 JST
SuperDicq
@Cyrillic@lab.nyanide.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @jae@fsebugoutzone.org @eliseo01@fe.disroot.org
Protip: intelligence agencies tend to leave you alone if you don't do anything that the government doesn't like :hackerman:Phantasm likes this. -
Embed this notice
Protoss (cyrillic@lab.nyanide.com)'s status on Monday, 31-Mar-2025 22:56:15 JST 
Protoss
@SuperDicq @phnt @silhouette @jae @eliseo01 there's an easy way to be immune to NSA 0-days: just don't have a home network. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 22:58:00 JST
SuperDicq
@Cyrillic@lab.nyanide.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @jae@fsebugoutzone.org @eliseo01@fe.disroot.org But yeah that's just not really an option because as a functional democracy you kinda need whistleblowers, journalists, activists or it will quickly become autocracy instead.
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 31-Mar-2025 23:01:55 JST 
翠星石
@SuperDicq @phnt @silhouette @Cyrillic @jae @eliseo01 Intelligence agencies have been known to prey on innocents that didn't even do anything that the government doesn't like. -
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 23:07:07 JST
jae
@Suiseiseki @SuperDicq @Cyrillic @eliseo01 @phnt @silhouette
drop your source. reddit and your imagination is not a source. -
Embed this notice
Protoss (cyrillic@lab.nyanide.com)'s status on Monday, 31-Mar-2025 23:07:23 JST
Protoss
@SuperDicq @phnt @silhouette @jae @eliseo01 I don't care about democracy, as far as I care, if any such government agency is within my threat model, it is an enemy. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:07:23 JST
SuperDicq
@Cyrillic@lab.nyanide.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @jae@fsebugoutzone.org @eliseo01@fe.disroot.org You should better start caring about democracy because saying what you just said here alone could be reason enough to get questioned in some autocratic countries.
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:09:37 JST
SuperDicq
@jae@fsebugoutzone.org @Suiseiseki@freesoftwareextremist.com @Cyrillic@lab.nyanide.com @eliseo01@fe.disroot.org @phnt@fluffytail.org @silhouette@dumbfuckingweb.site Edward Snowden, might've heard about him. Totally wasn't a big deal or anything.
-
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 23:19:24 JST
jae
@SuperDicq @Suiseiseki @phnt @silhouette @Cyrillic @eliseo01 i meant any detailed whitepaper/research papers. yes the stuff is real, but like i mentioned mostly dragnet surveillance. i've made peace with it. go into any grocery store, gas station, etc. you're being watched.
sometimes i just imagine i'm in some movie that never ends. it's hillarious -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:21:44 JST
SuperDicq
@jae@fsebugoutzone.org @Suiseiseki@freesoftwareextremist.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @Cyrillic@lab.nyanide.com @eliseo01@fe.disroot.org That is exactly the kind of mentality that worries me. Many people nowadays are aware of the spying going and instead of actually resisting it they have just accepted it is part of their daily life now and say dumb shit like "I have nothing to hide" or "just pretend you're in a movie".
翠星石 likes this. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:24:32 JST
SuperDicq
@jae@fsebugoutzone.org @Suiseiseki@freesoftwareextremist.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @Cyrillic@lab.nyanide.com @eliseo01@fe.disroot.org Instead of being a depressed hopeless loser who has given up on everything I prefer to actually strive to fix these issues instead?
I would much rather live in a country with a government and institutions that can actually be trusted. It's not impossible to reform.翠星石 likes this. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:30:38 JST
SuperDicq
@jae@fsebugoutzone.org @Suiseiseki@freesoftwareextremist.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @Cyrillic@lab.nyanide.com @eliseo01@fe.disroot.org I don't live in the US so I can't fix their issues, but at least in my own country I am a member of the Pirate Party. I've talked with party representatives. I also join campaigns of nonprofits that are of my interest. I also work on various free software and free culture projects.
What do you do except pretend you are in a movie? -
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 23:30:40 JST
jae
@SuperDicq @Suiseiseki @phnt @silhouette @Cyrillic @eliseo01
how will you strive to fix the issues? do you have an "in" at .gov? tell me more please. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Monday, 31-Mar-2025 23:43:16 JST
SuperDicq
@jae@fsebugoutzone.org @Suiseiseki@freesoftwareextremist.com @phnt@fluffytail.org @silhouette@dumbfuckingweb.site @Cyrillic@lab.nyanide.com @eliseo01@fe.disroot.org I mean it's cool that you contribute to projects such as Tor. Definitely need those for protecting our privacy online.
I'm not trying to start a dick measuring contest but I do want to point out that you sounded like one of those "nothing to hide" normies from what you said earlier. But those people don't tend to work on crypto projects. -
Embed this notice
jae (jae@fsebugoutzone.org)'s status on Monday, 31-Mar-2025 23:43:18 JST
jae
@SuperDicq @Suiseiseki @phnt @silhouette @Cyrillic @eliseo01
> I don't live in the US so I can't fix their issues,
i live here, but am from another country. there's problems everywhere
> but at least in my own country I am a member of the Pirate Party.
argh matey! :jollyroger: the states has a chapter too.
> I've talked with party representatives. I also join campaigns of nonprofits that are of my interest. I also work on various free software and free culture projects.
do you think it will help with the surveillance stuff? i hope so.
> What do you do except pretend you are in a movie?
you mean besides dealing with smug europeans on their soapbox?
i work, i make food, i write, i watch movies, i care for my pets, i stack money, build cryptographic communication systems, work on tor project tasks, and laugh a lot.
are we to the point where you pull out your pirate dick to start measuring?
All GNU social JP content and data are available under the