Furry equipment FTW

https://fursonafy.com/fursuit-cooling-vests-everything-you-need-to-know/

This is the way. 🤭

The second install should be easier since is done just after a test one.

Add a second node using the new drive, move all vm to the new node, decommission old node, rebuild the old node with the new drive.

You can get away with a disk clone but in my opinion a vm move is the proper way to go.

Adding a new node you start with a clean install, any quirk you have on the old hw will be finally washed away (or will bite you back and be properly documented), you have a quick way back should anything go sideways (the clone too provides a quick way back, but i like this way much more ^^), you get some hands on multi node experience that will be useful for ha setup.

Normal background noise. ssh is a well known protocol/port and scanning is automated.

my home router is the stock one from my isp and have no vpn capabilities.

I put a port forward on the router and then configured everything on the internal node; in my case it is an opnsense vm running on proxmox.

I wouch for the VPN route… VPN servers are built to be exposed, are hardened/engineered to resist the harshness of the net and are somewhat safe even with default settings.

Should you publish on the wild a few web apps, you would have to harden, monitor and manage a bunch of environments and/or frameworks with a load of quirks each.

A VPN is easier to maintain and safer for your data with a lower effort.

In proxmox you create a vlan on the physical interface and not on a bridge.

Once the physical port has tagged traffic for all vlan but LAN, leave vmbr0 alone, create the new DMZ vlan in proxmox networking and a new vmbr on that vlan, that’s it.

If your vps is a firewall, you could use it as an exit point for different private networks: ip1 to mask the traffic for a guest subnet that you don’t trust and if the ip gets blacklisted there are no issues for lan traffic behind ip2 while ip3 is reserved for server traffic with specific rulesets on supplier’s systems for updates/backup/whatnot. Should you have more than one mail server because of reasons, if one is blacklisted the other could remain clean (in this situation you usually put them on different subnets but whatever).

Mailu is a mail server so it is suitable for the task.

You need a mail server somewhere, a mail client cannot listen for incoming messages. A possible workaround: you could activate your own mail server accessible only inside tailscale and use it to send and receive your local alerts.

Because it is bullshit…

They have been forced to release a ‘try2’ after less than a year from the first one because v1 was at capacity: there was no more room to add more blocked ip/domains.

And is today’s news that a google subdomain has been blocked.

In try 1 the workflow was:

• they block
• if you think the block is an error, you must appeal within 5 days
• after 5 days the block is final and there is no way to undo it

You may notice that there is no ‘send a warning to the blocked party’.

As often happens, people with the money want a solution to their problem paid for by someone else: unfortunately for them, in this case the only solution with a minimal chance of success is a ‘lock’ on their systems (managed, maintained and paid for by them).

…or someone in the soccer food chain could reduce their profits and propose an affordable subscription…

Oh! Maybe you’re not from Italy and you miss this key piece of information! All this massively useless system has been proposed and happily provided for free (how nice) to the country by the major italian soccer league to defend their right to upsell the streaming rights. When you read ‘illegal sport streaming’ you should get ‘illegal soccer match streaming’ instead.