undefined | Better HN

0 pointsgruez3y ago0 comments

> I believe that people do just sync got repos between machines. 5$ VPSes, Raspberry Pi's, laptops from 2009. Why not?

it's a pain because of NAT/port forwarding, not to mention the chore of making sure every device is up to date. You can get around the NAT/port forwarding issue by having a $5 VPS, but then you're essentially storing your password database on dropbox.

>Also, what is there to compromise on a machine that basically runs just sshd with password authentication disabled?

1. Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

2. While I agree that a server with only sshd and auto-updates enabled would be pretty hard to compromise (foregoing the above), I doubt that's the typical setup. Most people probably have a "general purpose" VPS that they use to host all sorts of stuff, which means there's lots blindly typing in "npm install ..." or even "curl ... | sh" going on.

0 comments

resoluteteeth3y ago

> it's a pain because of NAT/port forwarding

Tailscale or zerotier. It's a solved problem. You don't need to use a vps at all.

jkepler3y ago

Or Syncthing

msravi3y ago

> Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

Nope. My account on my vps is protected with a strong ssh key and password-logins disabled. Also fail2ban is set up to forever disallow ips that try failed logins. So not the same at all.

> lots blindly typing in "npm install ..." or even "curl ... | sh" going on.

Nope

gruezOP3y ago

> > Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

>Nope. My account on my vps is protected with a strong ssh key and password-logins disabled. Also fail2ban is set up to forever disallow ips that try failed logins. So not the same at all.

By "account", I don't mean the account in /etc/passwd on your VPS, I mean the account with your hosting provider. That can be hacked/phished just like a dropbox account, not to mention the provider themselves getting hacked or social engineered.

msravi3y ago

The vps can be encrypted by a customer supplied key. In google compute, for example: https://cloud.google.com/compute/docs/disks/customer-supplie...

j / k navigate · click thread line to collapse

0 pointsgruez3y ago0 comments

> I believe that people do just sync got repos between machines. 5$ VPSes, Raspberry Pi's, laptops from 2009. Why not?

>Also, what is there to compromise on a machine that basically runs just sshd with password authentication disabled?

1. Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

0 comments

resoluteteeth3y ago

> it's a pain because of NAT/port forwarding

Tailscale or zerotier. It's a solved problem. You don't need to use a vps at all.

jkepler3y ago

Or Syncthing

msravi3y ago

> Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

Nope. My account on my vps is protected with a strong ssh key and password-logins disabled. Also fail2ban is set up to forever disallow ips that try failed logins. So not the same at all.

> lots blindly typing in "npm install ..." or even "curl ... | sh" going on.

Nope

gruezOP3y ago

> > Same way that dropbox can be compromised: your account gets hacked or the provider gets hacked.

>Nope. My account on my vps is protected with a strong ssh key and password-logins disabled. Also fail2ban is set up to forever disallow ips that try failed logins. So not the same at all.

msravi3y ago

The vps can be encrypted by a customer supplied key. In google compute, for example: https://cloud.google.com/compute/docs/disks/customer-supplie...

j / k navigate · click thread line to collapse