Solar Bear

  • 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle
  • Solar Bear@slrpnk.nettoSelfhosted@lemmy.worldHelp me harden my home server
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    12 days ago

    Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

    The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

    As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.





  • Anarchism is less a system of functions to be implemented, and more of a governing philosophy on how we build other systems. That philosophy focuses heavily on the expansion of democracy and the elimination of hierarchy wherever possible in order to create the most total freedom in the system. It is not inherently opposed to the concepts of governance or laws as many believe. It usually means focusing on smaller governing units, preferring local governance wherever possible, to give people the most direct control over their own lives. Self-sufficient communities are a major goal here.

    The meaning of freedom to an anarchist is wholistic; not just freedom to, but also freedom from. Freedom to pursue your life on your terms, freedom from any obligation or inhibition that would prevent or detract from that goal. This includes, for example, unconditional freedom for all people from starvation, homelessness, or the inability to access medical care. It is an intentionally utopian ideal, that we should strive for something that may not even be possible, because that is how we’ll create the best possible world.

    Once upon a time, anarchism was effectively synonymous with libertarianism. That word was bastardized in America to the point that it is unrecognizable now.