tigerthelion's recent activity

  1. Comment on Tips for Docker security on a NAS? in ~tech

    tigerthelion
    Link Parent
    Completely reasonable. If I am ever concerned about a particular container I star the repo and get notified when a release is created. Usually, the release has changelogs and sometimes I browse...

    but I must confess that I don't really see myself doing that when updating containers.

    Completely reasonable. If I am ever concerned about a particular container I star the repo and get notified when a release is created. Usually, the release has changelogs and sometimes I browse the commits (am a software dev as well). Normally I am not at all concerned about popular containers so this is very rare.

    1 vote
  2. Comment on Tips for Docker security on a NAS? in ~tech

    tigerthelion
    Link Parent
    Just adding to what @krellor said. Your concerns about containers 'calling home' or 'sniffing around' are in general valid, but if you stick to widely popular containers its probably not something...

    Just adding to what @krellor said. Your concerns about containers 'calling home' or 'sniffing around' are in general valid, but if you stick to widely popular containers its probably not something to be concerned about. If you don't have the ability to validate the code, you can at least go to the git repo, check the issues board, and look at the number of downloads there too. I'd be far more focused on inbound intrusion and from your post, it seems like you have done well to mitigate that.

    I am not familiar with the Synology DNS module, but perhaps it has a logging mechanism? If not, you could install something like PiHole which does log all DNS queries, their source, and their destination. You could also block those types of requests using PiHole's filter functions. Probably not perfect as it only captures traffic that needs to resolve an IP from a domain name, but it would give you a general view of what's going on. Tools like Wireshark can be useful as well, but I think that's more about packet inspection.

    2 votes
  3. Comment on Hosting a company website on our own? in ~tech

    tigerthelion
    Link
    I would like to echo what others are saying in that your concerns are valid. Maintaining a fast, highly available, global website is a much larger challenge than using a managed service. In your...

    I would like to echo what others are saying in that your concerns are valid.

    Maintaining a fast, highly available, global website is a much larger challenge than using a managed service.

    In your case, having mentioned a global audience, you might also need to consider replicating to CDNs so that people far away from the host will experience quick load-times. This can be further complicated if visitors need to interact with APIs (Say, if there's a login/profile module on the site, or if you provide dynamic data).

    You also say people are on the site 24/7 which I interpret as 'high traffic'. In those cases, typically you would put your web server behind a load balancer which (depending on the service) can spin up more instances of the web server if traffic starts to spike.

    All said - there are managed options like netlify and vercel which iirc do a lot of the above. I have no experience with managed wordpress but I assume the features would depend on the hosting provider.

    Trying to answer some of your specific q's:

    What happens when the site goes down for some reason? Is there a failover?

    • it depends, if you are using a CDN it's tough to have a site 'go down' because the pages are all static. If you are using a load balancer, and the web server instance just becomes unhealthy for some reason, many times the load balancer can detect that and spin up a new instance. Otherwise, it could be a coding/config issue you need to troubleshoot to restore functionality.

    How do we do backups and rollbacks?

    • Assuming you are going CMS and self-coded website. The CMS should have some kind of version control built in, and for most websites, its almost required to have them in a Git repository in order to facilitate deployment. Otherwise, I have always lived by the tri-pod backup system where important data is stored in three physically separable places.

    How about security issues? How do I harden the site and system? What happens if we do get hacked?

    • Providers usually allow you to put an application firewall in front of your endpoints which, if configured correctly, can mitigate some common threats. You can also use a third party service like Intruder or Crowdsec to monitor vulnerabilities. A base-level set-up is to only open 80/443 inbound (web traffic) to all, and either VPN into the hosting service to use SSH (likely how you would deploy) or, if not possible, lock down port 22 to a trusted set of IPs. Make sure all of your passwords are strong, and you have MFA enabled where possible. Keep your server's OS version up to date, and try to update the application's libraries when possible (i.e. keeping node or wordpress version current-ish). These tips are by no means exhaustive.

    It all seems a bit scary at first, but there are tons of tools/docs out there to assist and if there is a good enough business reason to roll your own it does afford a huge level of flexibility.

    2 votes
  4. Comment on Recommend lesser known YouTube channels that make well designed videos in ~tech

    tigerthelion
    Link
    I am going to take liberty in the fact you posed 75K as a question and propose Explosions&Fire (350K~) and the secondary channel Extractions&Ire (175K~). Two chemistry YouTube channels that I...

    I am going to take liberty in the fact you posed 75K as a question and propose Explosions&Fire (350K~) and the secondary channel Extractions&Ire (175K~). Two chemistry YouTube channels that I think have a wide appeal because the host is so genuine. To me, it kind of feels like watching early YouTube.

    Apparently most of what I had considered small YouTube channels in my subs all have 300K+.

  5. Comment on What are your latest gaming achievements? in ~games

    tigerthelion
    Link Parent
    Nicely done! I recently got the “minimalist” achievement (best the game with a 5 card deck or less) which was a huge challenge for me. I would like to start chasing ascension when I pick the game...

    Nicely done! I recently got the “minimalist” achievement (best the game with a 5 card deck or less) which was a huge challenge for me. I would like to start chasing ascension when I pick the game back up.

    Also: nice to see a contingent of StS enthusiasts on here. I think it’s probably a top 5 game for me.

    1 vote
  6. Comment on Introductions | June 2023, part 2 in ~talk

    tigerthelion
    Link
    Hey Tildes community (Tilders?), I suppose this is my "Hello World!" comment. I am a software dev and avid gamer from Canada. Like so many of you commenting here, I too have discovered Tildes...

    Hey Tildes community (Tilders?),

    I suppose this is my "Hello World!" comment.

    I am a software dev and avid gamer from Canada.

    Like so many of you commenting here, I too have discovered Tildes because of Reddit. I had been looking to diversify my reading habits for awhile now, and the latest issues involving API changes got me motivated again.

    I am happy to have a social, aggregator style site I can come to and get some perspective on things. Though I will likely visit here daily, I also want to spend more effort seeking out stories and articles that interest me on my own. There was a great post about the Ennui Engine on here recently that made me think about how I was ingesting content and I want to try to fight the path of least resistance.

    In my short time lurking here I am impressed with the quality of posts and comments. I am thankful to have a voice in this community and look forward to hanging out with you.

    4 votes