Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content

Off-topic

Anything else not related to Cloudron

319 Topics 2.3k Posts
  • BSI ~~investigates~~ reviews open source software Matrix and Mastodon

    4
    2 Votes
    4 Posts
    913 Views
    necrevistonnezrN
    They are license-agnostic, I'd say. They focus on security. The press release in full: As part of the project on “Code Analysis of Open Source Software” (CAOS 2.0), the German Federal Office for Information Security (BSI) has examined the security features of the Matrix communication software and the Mastodon social media micro-blogging software. In most cases, cyber attacks can be traced back to errors in the program code of the affected applications. The CAOS project helps to identify and eliminate common vulnerabilities and risks. The BSI worked with mgm security partners GmbH to check the source code of the Matrix communication software and the Mastodon social media micro blogging software for possible defects. The BSI immediately notified the affected developers of critical vulnerabilities. They analyzed the vulnerabilities and have already responded. Further deficiencies were addressed as part of a responsible disclosure procedure. The results that have now been published are a combination of source code review, dynamic analysis, and interface analysis in the areas of network interfaces, protocols, and standards. In cooperation with mgm security partners GmbH, the BSI launched the “Code Analysis of Open Source Software” (CAOS) project in 2021. The project's task is to analyze vulnerabilities with the aim of increasing the security of open source software. The project is intended to support developers in creating secure software applications and to increase trust in open source software. The focus is on applications that are increasingly used by public authorities or private users. This new publication is the results of the follow-up project “Code Analysis of Open Source Software” (CAOS 2.0). Further code analyses are planned to increase the security of open source software in the future. The project on “Code Analysis of Open Source Software” will be continued under the name CAOS 3.0. The results will also be published on the BSI website after a responsible disclosure procedure. This procedure allows developers a reasonable period of time to fix security vulnerabilities before they are published.*
  • Asterism: A symbol for the ⁂ fediverse

    3
    3 Votes
    3 Posts
    472 Views
    scookeS
    "We also don’t believe that a large corporation that is joining in as late should be the one defining the iconography for the fediverse." `Right on! I'm going to use this in my own instance.
  • FAST FTP server: Minio vs Syncthing vs Nextcloud?

    6
    0 Votes
    6 Posts
    1k Views
    humptydumptyH
    I’m going with both suggestions by setting up rpi nas and stashing it somewhere out of sight. I can use syncthing to sync the media in case SMB share doesn’t work. It shouldn’t affect my internet speeds if it’s on the same network I think. I changed the format to h265 instead of h264 and played with the bitrate a bit. I’m still trying to find the image-quality-to-file-size sweet spot. I was thinking of using LUKS to encrypt the CR server, but I read that you would have to manually type the key each time the machine is restarted which wouldn’t be ideal since it’s at work and I usually run the manual reboots at night. I moved all the apps with sensitive info to another Cloudron just to be safe. The windows machine with blueiris has bitlocker turned on so I’m set on that front. I also got a UPS from Costco in case electricity is out and I have a non-BI backup security camera running as an extra precaution.
  • Introducing Bunny for Platforms: Simplifying domain management at scale

    1
    1 Votes
    1 Posts
    140 Views
    No one has replied
  • 0 Votes
    2 Posts
    464 Views
    J
    @amoslipara this is a Cloudron forum . Not a Minecraft forum or a Linux help forum. Did you intend to post it here?
  • What's The Best Backup Solution Provider For Cloudron?

    5
    0 Votes
    5 Posts
    546 Views
    jdaviescoatesJ
    @humptydumpty said in What's The Best Backup Solution Provider For Cloudron?: @jdaviescoates it’s nice not to have all your eggs in the same basket. I didn’t consider that you didn’t have to have the vps with hetzner to use the storage box. I do actually have a dedicated server with hetzner too, but it is at least at a different location. Still, looking forward to being able to have multiple backup locations so I can spread those eggs around! The storage box needs remounting after a CR update, right? That does seem to happen, yes. At least with the CIFS mount that I think I'm still using.
  • BackBlaze IPv6 Implementation Planned

    1
    1 Votes
    1 Posts
    238 Views
    No one has replied
  • Tools for Massive Knowledge Base + Mind Mapping

    16
    1 Votes
    16 Posts
    3k Views
    jdaviescoatesJ
    For just the Mind Mapping aspect, this WiseMapping looks pretty good: https://forum.cloudron.io/topic/12024/wisemapping AppFlowly looks promising for a Knowledge Base: https://forum.cloudron.io/topic/6088/appflowy
  • Phish-Friendly Domain Registry “.top” Put on Notice

    2
    0 Votes
    2 Posts
    334 Views
    humptydumptyH
    Maybe I'm not seeing the big picture here, but we should let them continue using those free domains for spam, that way we can simply blacklist the TLD entirely. That's 60% less phishing emails right there.
  • Is dnsbl.spfbl.net legit?

    5
    0 Votes
    5 Posts
    919 Views
    humptydumptyH
    Yes, that was another can of worms (https://forum.cloudron.io/topic/12112/email-smtp-connection-closed/16?_=1721229448552). They thought the Hetzner IP (US server) was from iran and had it blocked causing the SMTP issue. I had to reassign new IP to the server and SMTP is working now. On my third attempt, I got one that's not blacklisted anywhere (yet). edit: tying up loose ends by adding link
  • RANT: edDSA/putty/hetzner

    5
    0 Votes
    5 Posts
    875 Views
    matix131997M
    @humptydumpty You have to remember that 99% of providers have the login ‘root’, according to me the only provider I tested was OVH they have ‘ubuntu’. As for SSH security, I recommend to disable the password login, only with the key. Another option is to restrict in the Firewall in the Hetzner panel port 22 to your home internet IP address
  • Hetzner vs. Netcup network speeds for dedicated vCPU / root-servers

    5
    0 Votes
    5 Posts
    3k Views
    humptydumptyH
    I'm signed up. Not banned yet
  • Privacy: Portmaster (SPN) - anyone used it?

    13
    2 Votes
    13 Posts
    5k Views
    humptydumptyH
    @aessen I'm interested in giving SPN/Portmaster another go. Did you end up making that video?
  • Do You Use Antivirus Software or Firewall To Harden Cloudron?

    2
    0 Votes
    2 Posts
    437 Views
    necrevistonnezrN
    I update IPdeny lists (in order to block certain countries) with @imc67 script, see https://forum.cloudron.io/topic/3795/firewall-spamassassin-automatic-list-update?page=3 It's not state-of-the-art security, but the spam and mail server abuse attempts have dropped significantly.
  • Does your DNS provider offer an ALIAS record?

    13
    0 Votes
    13 Posts
    2k Views
    girishG
    @dsp76 https://blog.dnsimple.com/2014/01/why-alias-record/ is where I learnt about it first
  • A good time to know which WordPress plugins you are using

    1
    3 Votes
    1 Posts
    96 Views
    No one has replied
  • Cost effective X advert campaign and tools?

    twitter advertising tools
    1
    0 Votes
    1 Posts
    201 Views
    No one has replied
  • open source audible alternatives?

    1
    0 Votes
    1 Posts
    231 Views
    No one has replied
  • CAPTCHA

    captcha privacy anonymity
    4
    3 Votes
    4 Posts
    732 Views
    L
    Black Mirror: https://x.com/elonmusk/status/1792690964672450971
  • Frontends / Proxies for popular websites

    3
    2 Votes
    3 Posts
    535 Views
    L
    @girish He likes running services like this so people can maintain anonymity when visiting popular online services. It is a calling of his. He stays abreast of what Free Software alternatives are available for sites like Youtube and then runs them on his (quite beefy) servers.