Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))

[Matthew Graybosch]

On Sat, 13 Jun 2020 21:22:15 -0400
Sean Conner <sean at conman.org> wrote:

> As someone who has worked for various ISPs and webhosting companies
> for most of my career, I think this slamming of IPSs is unwaranted.

You're probably right.

> 1. Open servers are *attacked* at an alarming rate. At home, I run an
> sshd instance tha is open to the Internet [2].  I am currently
> blocking 2,520 hosts that have attempted to log in via ssh.  That
> count is only over the past 30 days (technically, 30 days, 10 hours,
> 30 minutes, as that's the average month length over the year).  Not
> doing so means my machine will be constantly under login attempts.

I'm finding this out the hard way. Fortunately I thought to disable
root logins in /etc/ssh/sshd_config when I first set up my VPS, but I'm
also reading up on fail2ban. Thinking of using this HOWTO since it
emphasizes not tampering with distributed config files.

https://phrye.com/tools/fail2ban-on-freebsd/

> And then there's the *wierd* (and quite stressful) situations
> involving black-hat hackers [5].

You know what? I think I recognize your email because I've read about
your experience with the black-hat.

I'm reading this email and thinking, "Dear creeping gods, what have I
gotten myself into?"

> 2. If people could run a business server on their home connection,
> they would. ... Never mind the power is out, why did my
> server loose connection?

I've been this clueless. Fortunate my phone wasn't working so I
couldn't inflict it on some poor tech support worker.

>   Or in self defense, the ISP cuts the connection because the home
> server is running a port scanner, participating in a botnet, or
> sending out spam emails because of an unpatched exploit in some
> server being run at home.


You're right, this is legit.
 
> 3. Do people realize they'll need to basically firewall off their
> Windows boxes?

I firewalled the hell out of my wife's Windows machine just to block
the damn telemetry. It's insane.

> 4. It was email that poisoned home-run servers intially.

I remember this now. I know there was a reason I was reluctant to even
try setting up external email on tanelorn.city. I thought I was just
being irrational.

> That is true too, but I suspect even *if* you could easily run a
> server at home, 99% would not even bother (or know what it is).

Fair point.
 
> Never underestimate the lack of giving a damn the general
> population have. I'm sure there are aspects of your life that you
> lack a damn about that other people think you should give more than a
> damn.

You're right. It's just that I see barriers and had forgotten that some
of the barriers exist for a reason.

> I think it's a conversation worth having, as it relates to how
> Gemini expands with new content.

Thanks for taking the time to reply. There's a lot here that I either
didn't know or had forgotten.

-- 
Matthew Graybosch		gemini://starbreaker.org
#include <disclaimer.h>		gemini://demifiend.org
https://matthewgraybosch.com	gemini://tanelorn.city
"Out of order?! Even in the future nothing works."