smiletolerantly @ smiletolerantly @awful.systems

Posts

7

Comments

737

Joined

1 yr. ago

TBH, it sounds like you have nothing to worry about then! Open ports aren't really an issue in-and-on itself, they are problematic because the software listening on them might be vulnerable, and the (standard-) ports can provide knowledge about the nature pf the application, making it easier to target specific software with an exploit.

Since a bot has no way of finding out what services you are running, they could only attack caddy - which I'd put down as a negligible danger.

My ISP blocks incoming data to common ports unless you get a business account.

Oof, sorry, that sucks. I think you could still go the route I described though: For your domain example.com and example service myservice, listen on port :12345 and drop everything that isn't requesting myservice.example.com:12345. Then forward the matching requests to your service's actual port, e.g. 23456, which is closed to the internet.

Edit: and just to clarify, for service otherservice, you do not need to open a second port; stick with the one, but in addition to myservice.example.com:12345, also accept requests for otherservice.example.com:12345, but proxy that to the (again, closed-to-the-internet) port :34567.

The advantage here is that bots cannot guess from your ports what software you are running, and since caddy (or any of the mature reverse proxies) can be expected to be reasonably secure, I would not worry about bots being able to exploit the reverse proxy's port. Bots also no longer have a direct line of communication to your services. In short, the routine of "let's scan ports; ah, port x is open indicating use of service y; try automated exploit z" gets prevented.

I am scratching my head here: why open up ports at all? It it just to avoid having to pay for a domain? The usual way to go about this is to only proxy 443 traffic to the intended host/vm/port based on the (sub) domain, and just drop everything else, including requests on 443 that do not match your subdomains.

Granted, there are some services actually requiring open ports, but the majority don't (and you mention a webserver, where we're definitely back to: why open anything beyond 443?).

Client side, under advanced:

❤️

Link?

That's a setting

ALright, thanks for the recommendation :) And yeah, "weird" and "metal" are good descriptions. Additionally, the backstory we got in S1 was definitely "fire".

I liked the first 80% of the first season, and stopped watching halfway into S02E01. Is it worth continuing? Do we get any answers? Are they satisfying?

Ja ich weiß wo ich im Leben nicht mehr hinreise

Leider findest du auch bei uns genug, die Weidel & Co alles abkaufen.

Thanks, I appreciate the concern. Luckily, the entire core dev team is very critical/cynical about AI, it's not just me, everyone I directly work with also wants to build the product for its intended purposes, not for AI-use. I think that somewhat lessens the pressure to go with the narrative.

Plus, I can't see that happening while participating in discussions on this lemmy instance :D

In any case, thank you for the sound advice, Mawhrin-Skel Flere-Imsaho!

Realistically, the bubble bursting just means going back to pre-2025 target markets. But who knows.

Alright, thanks for the info, that's good to know. Trying to make the jump becomes more enticing every day.

Yeah... (Un)fortunately, everything not AI-related is pretty great in regards to the company, so I've decided to stick with it and hopefully still be there after the bubble bursts, unless they try to reassign me to the AI-project, then I'm gone.

I mean... yeah, you would hope that, wouldn't you? And to be fair, they were selling the product beforehand as well. It's just apparently a lot easier to sell the AI angle right now.

Understandable. Carry on.

This scream into the void has been on my mind for a while: Apparently I work for an AI company now.

Kinda.

When I had the interviews with my now-employer at the beginning of the year, they were an open-source cybersecurity startup. Everything sounded great, we got along, signed the contract. I took a long vacation before starting the position, and when I got back, I was... amused? bewildered? to find that a), we are no longer open source; and b), we have pivoted, hard, towards AI.

Luckily, I still get to work 100% of the time on the core (cybersecurity) product (which is actually a really good and useful thing, sorry, not going to be more specific), it's just that part of the dev team, as well as all of marketing and sales, now work on building and selling an AI product built on top of that.

At least it's not a wrapper around ChatGPT, and does offer something kinda new and actually beneficial, but still, it's an LLM product.

Now, for the actual scream-into-the-void: Once a month, in a company-wide meeting, I have to observe how people praise LLMs to the the moon, attribute nonsense or downright bugs to something akin to proto-sentience, and give absurd estimates of profitability based on the idea that AI will totally be used everywhere and by everyone, very soon now, you'll see. What finally prompted (pun intended) me to post this is the CEO yesterday unironically referencing AI 2027's "predictions".

Can't wait for the bubble to burst. I'm really curious to see if I'll keep my job through that. At the end of the day, the stuff I work on luckily has nothing to do with AI, and basically every other application of the product makes more sense; but now the entire company has shifted gears towards AI...

Thanks for sharing! Sounds about as good/bad as I was expecting. How's the browser experience? Also, are there any features/tweaks you are aware of that you could not get through Nix, that the more "commercial" Linux device manufacturers have developed for their devices?

Holy crap! A NixOS-on-phone user in the wild! You are rocking my dream setup. How's your experience been with it? Is it remotely daily drivable for phone things?