Payment card transactions can be disputed or reversed. Cryptocurrency transactions cannot be easily reversed. Reversal is an important capability because sometimes customers or merchants lie, or they can have problems fulfilling their obligations.

When the buyer and seller are in the same country, or are in countries with legal and criminal justice systems which cooperate, transaction risk is lower so fees can be lower.

Not really, it’s been pretty effortless. Every couple months I have to make sure my renewed LetsEncrypt certs really got imported, but I don’t think I’ve had to intervene manually for anything in a long time.

I do, and I agree about their utility. My users and aliases are in OpenLDAP but it’s pretty easy to add new ones.

Separate accounts are preferable if you’re actually going to be responding to messages. I’ve had some embarrassing encounters where I’ve given an alias to a business that I didn’t realize was going to actually use it for real email conversations with a human. By default roundcube web mail lets you hit reply anyway and the reply goes out with your real address, which can lead to confusion.

I host my own for mspencer dot net, used this 15-ish step walkthrough from linuxbabe dot com. Only maybe three instances of spam in two years, gmail and outlook receive my messages just fine, etc. (Successful spammers were using legitimate services, and those services took action when notified. Greylist delays emails by a few minutes but it’s extremely effective against most spammers because they never come back to retry messages after a few minutes, while legitimate senders will.) I don’t know if I would accept blanket advice against self hosting.

Fundamentally if your mail server can see the addressee, it can see the content. SMTPS encrypts both in the same channel. So at the point where you accept messages and store them in a mailbox, the messages have to be readable.

Encrypting them at rest isn’t something I currently do, but if you’re going to later serve those messages to an email client that expects to receive clear text, your server needs both the keys and the messages. They can be stored in different places.

Most of your needs could be met with full disk encryption on the box hosting Dovecot. If you’re worried about being compelled to decrypt, there’s always the deck of cards trick: The pass phrase for full disk encryption consists of a memorized portion plus the letters and numbers of the top N cards in this deck of cards you keep by the server. If someone were to shuffle that deck of cards, and the server were powered down, the encrypted volume would be impossible to recover.

I’m eager to learn what other Dovecot tricks people can recommend to improve security.

Hmm, you have uncovered a problem with both of our ideas. Steam’s leverage is reduced after they have deposited sales proceeds, and is gone after the publisher isn’t selling games on the platform any longer.

(I’m griping about Rockstar specifically but my point is still flawed in the general case.)

Deceased users’ estates still haven’t agreed to the new terms, have they?

Now punish publishers who try to change the terms of sale after sale. “Want to play the single player game you bought a decade ago? Agree to this new arbitration clause.”

deleted by creator

Are you going to be hosting things for public use? Does it feel like you’re trying to figure out how to emulate what a big company does when hosting services? If so, I’ve been struggling with the same thing. I was recently pointed at NIST 800-207 describing a Zero Trust Architecture. It’s around 50 pages and from August 2020.

Stuff like that, your security architecture, helps describe how you set everything up and what practices you make yourself follow.

Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.

In a general sense, you are discussing a way to control other people and organizations, and to make them stop talking about you. (Communicating and storing your information) This isn’t always possible or practical.

If you pay a merchant with your payment card, that merchant is allowed to know your payment card number. If you call a toll free number, the recipient of your call is allowed to know your phone number.

If they decide to share what they learn about you, and they do so legally, there’s not a whole lot you can do to stop them. I’m not saying this to antagonize or hurt you. I invite you to think differently about what you can control and what is worth worrying about.

Remove these blank lines.

I’m not seeing unit tests for this.

Unnecessary comment.

BLAM

Ow! Also, this could’ve been a smaller calibur.

s/celebs/weebs/

Fixed :-)

I’ve been ranting about this a lot lately, but as the owner of mspencer.net (completely useless personal domain, but is 199 days older than wikipedia.org for what it’s worth)…

There is sort of a way to do that, but it’s still labor intensive so not a lot of people do it. Movements to investigate are homelab and selfhosted. Homelab equipment is old (extra power-hungry for the capability you get) or expensive. Self hosting requires a bunch of work to stand things up the way you want it.

Biggest barriers to self hosting - or hosting through your nearest nerdy relative - are the following:

Free ad-supported offerings (with the privacy and terms and conditions impacts you describe) are better and easier, so they out compete DIY options. If a nerdy family member offers to host forums and chat for your community club or whatever, the common response isn’t gratitude, it’s “That’s stupid, I’ll just use Facebook.” Without that need and attention, volunteer projects get way fewer eyeballs and volunteers are way less motivated.

Security is difficult to figure out. Project volunteers have enough on their plate just helping users get their stuff working at all. Helping novice users secure their installations is so much extra work.

Many volunteers feel taken advantage of if they produce something that could help companies make money better, when they don’t share any of the money they make through donations or support arrangements. Similarly, many open source projects get taken over by for-profit companies who diminish efforts to make their open source offerings easier to use for free. (They want companies to buy support contracts, even if it means frustrating use by private individuals without kilobucks to spare.)

Looking closer at the image, I’m going with “in this house we use single sideband.” (But, as a Plex user, I love yours too.)

That does make a lot of sense.

I think I’m feeling embarrassed about not being a perfect ops person, while I was going to school for computer science. Like, part of me wants to create this unrealistic private cloud thing, like I’m going to pretend “I’m still around, where have you been? See your old password still works, and look at all the awesome stuff I can do now!”. I already have my 20+ year old passwd file imported into OpenLDAP / slapd and email is using that already.

It’s not realistic. I feel fondness for the internet of 20-25 years ago, but it’s not coming back. If people can log in with 20 year old passwords and upload web content, we both know what’s really going to happen.

I just feel like such a failure for letting it rot away. Really, any place that accepts submissions requires a live audience and staff to keep it moderated, and accepting new submissions is the only reason to even run original code. What you’re describing is probably the only sane way to do this.

Edit: although I do still feel that the world needs that sort of private cloud in a box. Sure Facebook has taken all the wind out of the sails of many private web hosting efforts - the “family nerd” no longer gets love and gratitude for offering to host forums and chat, they get “that’s stupid, I’ll just use Facebook” - but we still need the capability.

And an open security architecture to clone would help cover the daylight between “here’s a web app in a docker container” and an actual secure hosted instance of it. It would require more inconvenience than necessary for the substantial security benefits it would offer. (A better designed, more customized solution would help that, but one step at a time.) But that would give the average homelab user protection against future attacks that today would feel like wild “whoa who are you protecting against, the NSA?” paranoia.

Last time I went snooping:

15 installs of phpbb, which would require work to put back online as their communities are of course gone. Remove spam, undo defacement, etc.

7 installs of Dormando’s Oekaki BBS Clone

5 installs of WonderCatStudio BBS

4 installs of OekakiPotato / RanmaGuy etc.

and several users who just used php to ‘include’ headers and table of contents page parts.

(Yes I was quite the weeb. Still am, but I was one too. :-) )

I’m part of the problem, a tiny bit. For altruistic reasons - ok more like “I’m kinda weird, maybe this will make people on IRC like me more” reasons - I ran mspencer.net and hosted web pages for people for free. Ended up with web content for around 100 people, and they weren’t all just using it as a drop box. (Older than wikipedia.org by 199 days, woo!)

Hosted on ancient hardware, nothing even remotely approaching a modern security architecture, I eventually left it to run un-maintained until the IDE HDD died. More recently I got the data off of it. (Heads unstuck themselves while in a cardboard box for a decade? Dunno.) But I don’t know how to get everything back online in a safe way.

I’m a proper software engineer now, I can kinda see how work handles securely hosting web services. Now just throwing everything together on one box feels too lazy and insecure. But I can’t figure out a reasonable security architecture to use. I thought I had one, but I failed to account for VM jackpotting attacks. And it feels like it takes me a month to do what a competent ops person can do in a day.

But that’s a discussion for a different comment section.

Thank you for your reply, but to be clear, I’m not looking for individual details to be spelled out in comments. What you said is absolutely correct, thoughtful, and very helpful. But emotions are running a little high and I’m worried I’ll accidentally lash out at someone for helping. Apologies in advance.

But do you have any links? Beyond just the general subjects of security architecture, secure design, threat modeling, and attack surface identification, I’d love to see this hypothetical “generic VM and web application housing provider in a box” come with a reasonably secure default architecture. Not what you’re running, but how you’re running it.

Like, imagine decades in the future, internet historians uncover documentation and backups from a successful generic hosting company. They don’t necessarily care what their customers are hosting, their job is to make sure a breach in one customer’s stuff doesn’t impact any other customer. The documentation describes what policies and practices they used for networking, storage, compute, etc. They paid some expensive employees to come up with this and maintain it, it was their competitive advantage, so they guarded it jealously.

I’d want to see that, but (a) a public, community project and (b) now, while it’s still useful and relevant to emulate it in one’s own homelab.

If I can get some of that sweet, sweet dopamine from others liking the idea and wishing for my success, maybe I can build my own first version of it, publish my flawed version, and it can get feedback.

I’ve been struggling to wrap my head around a good security architecture for my mspencer.net replacement crap. Could I bug you for links?

I figured out a while ago to keep VM host management on a management VLAN, and I put each service VM on its own VLAN with heavy, service-specific firewalling and a private OS update repo mirror - but after hearing about ESXi jackpotting vulns and Broadcom shenanigans, I’ve gotten really disheartened. I’d love some safe defaults.