security

One of the issues I run into when running a server, at home or anywhere else, is the crazy amount of random attempts at SSH logins. My SSH configuration is strict enough that most of these attempts just die on the key exchange, they never even get past the handshake. Then there’s fail2ban ensuring you get temporarily blocked if you’re obviously trying to brute force anything. Looking at the auth.log a lot of these attempts stem from Russia, China, various other parts of Asia, Africa and South America.

FOSDEM is a wonderful event. But as with any event with geeks people will try to sniff your traffic, mess with GSM, grab your credentials and what not. The best way to stay safe? Don’t bring electronics with you or have them in flight mode (laptop included). No Bluetooth, no WiFi, no GSM/3G/tethering, nothing. If that doesn’t sound all that practical there’s a few things you can do. Spin up a Streisand server so you can VPN all the things.

Update: I’ve long since given up on PGP. It’s just not worth it. Ignore this post. Over the years I’ve tried to use PGP multiple times. However, I’ve always failed miserably at managing keys and understanding the lifecycle involved. This is evident by searching the keyservers for my name, it’ll turn up a few rather idiotic and dubiously keys. None of them should be used except for one, 0x18D40820FA0EE03C. These failures with PGP are in part my fault for not correctly understanding what I was doing and part because of the horrendous UX of the gpg tools and the documentation that comes with it.