There are lots of “very correct” ways to make your server “very secure.” Most of them rely on paid services, complicated agent-manager topologies, and cool buzzwords like “zero trust”. However, as they say, perfection is the enemy of progress. Many are discouraged by this absolutist approach to server safety, and forget the very basics. Obviously, the expensive and complex solutions exist for a reason, but at the same time a little goes a long way.
The latest announcements for Windows 11 have revealed that the next version of the Windows operating system will have very stringent hardware requirements. Some of them are, in my opinion, quite reasonable. For example, they’re finally dropping support for 32 bit X86 and legacy BIOS boot. These make sense, because almost every PC manufactured since 2011 has supported X64 and UEFI. It also sheds a substantial amount of technical debt and cruft, and simplifies the system slightly.
I have wanted to run Kubernetes at home for some time, but the main obstacle has been a reliable solution for providing load balancing for ingress or services, and the lack of a reasonable way to manage NAT transparently. While publicly routable IPv4 addresses are seemingly limitless* in the cloud, typically we only get one at home. Similarly, there isn’t a straightforward way to build cloud-ey load balancers at home. While Google and Amazon can conjure up magic TCP load balancers on their complex overlay network platform, we don’t really have that luxury outside of the cloud.
This is the story of the most awful SSL certificate I have ever made. This was done entirely for my own amusement, and for the minute possibility that I could make somebody I don’t like miserable. Now, why on earth would I want to do this? Well, I don’t particularly respect scanner people. Their scanners are annoying, their tools always suck, and they create tonnes of noise in my logs that I don’t like.
Across the street from my apartment is a house which has been in a perpetual state of renovation for nearly six months. This past week, a for sale sign has popped out of the ground just in time for the spring rush. It turns out, the man who bought the house did so about a year ago with the sole purpose of renovating and flipping it to make a quick buck.