 Welcome to the Homelab show episode 95 privacy security, and we're gonna mention fresh RSS to talk a little bit about that as well How you doing Jay? I'm doing well. How are you? Great, and I did laugh. I see some of the comments. Sometimes we start a couple minutes late We double check the show notes. This is a quality check We we prefer to go over some of these things just before so we're always on the same page So we can present this show with accuracy that matters to us a lot Absolutely yep And the first thing we want to do is thank you sponsor the show and that's gonna be Linode and Linode can probably help with some of this stuff too Especially some of things we're gonna be talking about today You may want to host things on Linode because you don't want necessarily your public IP address being tied to these things because you know D-dossing and things happen. I just spin up a server Linode and many of the applications we talk about or you can use the Linode store can be loaded up right on to one of their servers get you testing get you going with any of this stuff I'm gonna be talking about fresh RSS today, and that's another one That's easy enough to host in the cloud because it's actually multi-tenant news reader RSS reader, which is really cool And Linode is a great place to host all these things We're also going to be talking about tail scale later And if you want to get your tail scale nodes connected to a Linode that will work too So it's a great place to host all those things you want public-facing We thank them for being a sponsor of the show. Oh, and they are now called Akamai So it's actually the same company. They've been absorbed into the Akamai cloud. So we're working on saying it They said they will forgive us for saying calling it because They're they they have all the little people keep calling it Linode Akamai Akamai Linode And the naming is gonna take some time to get used to but don't worry We have an offer code down below to get you started with them when we thank them for being a sponsor of the show All right, let's see Software actually I we I don't think I have any feedback I didn't see anything in the notes because we will try to show start the show with feedback each time here Yeah, I didn't see anything yet, but uh, yeah, there might have been something to snuck in there But we'll get to what we'll definitely answer Yep feedback at the home lab that show because the last question I have is the butter fs question We answered last week So if you want to if you want to join in the feedback absolutely feedback at the home lab that show just send us an email So that's pretty awesome For people that you know are looking for an easy way to do it because people said they didn't like filling forms out And they just wanted email so email it is yep, yep, and I Think I have a feeling that this particular episode will generate quite a bit of feedback Just just the feeling that I have I hope it's right. So yeah And I see someone did ask does the RSS reader need to be hosted in the cloud? No, it doesn't have to be but that can be a place you could host it So required no press RSS is what I want to talk about briefly is some software I will be doing a more in-depth video on this but What we've really run into is we have to keep up with the news and you can just listen to us because me and Jay, you know talk about the news from time to time But that's a limited source here How do me and Jay keep up with some of the news and some of the things that we bring up on this on our channels or in this particular show and RSS feeds are amazing. The reality is news has become, you know, extremely motivated to keep you distracted They don't do this for any conspiracy reasons. It's really simple ads ads are how they fund the news so if we make lots of Blinky ads and we get you clicking on cat pictures and we get you clicking on ads with cat pictures We can keep this site going Fresh RSS is kind of a breath of fresh air because you can focus on what matters to you and I'm easily distracted So it helps me Dramatically because I am definitely someone who will fall victim to clicking on it, but it says with this one simple trick I just want to click it. I'm really bad So the fresh RSS you can throw all your RSS feeds in there We I'm gonna as I said do is more in-depth video on it But it allows you to pull an atom feeds OPML do web scraping matter of fact One of the really cool features you can do is subscribe to YouTube channels on there So the YouTube algorithm which by the way if you could like and subscribe and all that stuff like me and Jay We ask you to you could also never miss a feed from your favorite creators by throwing them into fresh RSS it's got It's a little less complicated in some of the other ones I've used because sometimes you have to figure out like you have to go From like the channel name to their channel ID to the RSS feed to pull for it Fresh RSS kind of automates that you just drop the channel name in there And it goes oh you drop the YouTube channel name in there and it it'll actually take that channel name where finally they've got like handles so You know YouTube slash at Lawrence systems will bring up mine. It'll convert that to my channel ID It'll convert that to the RSS feed and boom all the videos show up inside of there You don't have to click any bell icons or any of that stuff, but you can we do appreciate it when you do Yep, absolutely, and then when you've told me about that RSS thing that sold me on it immediately because it's always been a pain With the solution that I use that I added a bunch of people to it And then I just tried to make it good that one time because I dreaded going back in there and trying to add That again because it doesn't make it easy so I think that's extra incentive for me to test out fresh RSS and then I'll be a I Guess the student in whatever episode that ends up being Yeah, we're detail. Yeah, so let's take the video down and walk people through how to set it It's really easy. They do have a docker image for it You can host it in really the instructions are pretty simple It doesn't take a lot to host it but you want at least enough storage and it doesn't take that much But it depends on how obsessive you are I'm a little on the obsessive side when it comes to Aggregating data and so I have it keeping the last several thousand articles of all the sites I've fed in there One of the last things I'll talk about with fresh RSS is it is awesome for doing things like pulling in reddit reddit is a Very useful resource, but also can be a distracting one at times. I have got my reddit Quite curated to the things I want I even have a series of public-facing Multiredits and you can pull all those into fresh RSS and when I do my video on this and there's already a link in my forums If you look up Tom's fresh RSS in my forums I have all the public-facing Multiredits and everything so if any of you want to grab a copy of the new sites my opml file I've dumped all that in there. I said my video go more in-depth on how to set it up But most of it's pretty obvious because you can pull these things like RSS is right out of reddit and most new sites have RSS feeds as well So all the major security ones I follow from the Sophos naked security blog Cisco Talos Krebs on security All I follow just a whole lot of those and they're so easy to put in there and Understand all the articles and the bleeping computers of the world The only thing that I'll admit it doesn't have the best features of and this came up on my live stream Where people saying well doesn't have regex type features to filter those feeds out further not so well Yeah, it might be something I something you can obviously add on or you could even pipe the data through where you grab the RSS feed Then pipe it back out To fresh RSS like you could do your own filtering if you needed to I've really found it necessary because if you take a site like bleeping computer or any of the popular tech news sites They usually have filters for example you can say I like tech crunch But I don't care about this feed so you could then pull in individual feeds like on a topic Most of them already do it for you in that way because that way you're like oh I don't care what happens under these categories like if it was about Tech financing, maybe that's a category. You're not interested, but you care about you know security breaches So you want to cover that they usually have separate RSS feeds on most these sites if you Google like the details for any of them you almost always land on the page like oh, there's a RSS feed for these specific topics. I have the register in there because one I love their snarky humor a lot of fun And they have different feeds if you don't want everything that the Register because they have opinion pieces in there too if you don't want those in there you can pull just the artist's feed you want So it's definitely one really worth Doing now I seen someone comment the several thousand articles the reason I keep the archive of articles because it was someone were to ask me a question and Even or I want to know for historical reasons I may cite something and if you ever wonder how Tom has such an index of news things He loads into his news pages. I will say hey this happened back in 2022 or April of 2022 how did I know that you can go back and filter things in fresh RSS like I want to look at chromium as a topic So I'll search for the word chromium across all the news articles And it will then have all the hits and then I can just pull those news articles This is actually with the advantage of keeping them all organized and fresh RSS Because then you can go backwards really easily and see is this something that happened before The Western digital discussion that we'll bring up a little bit today Did this happen before when was when were they on the news last and if you keep an archive of it It's faster than trying to search Google for an old news story because it's going to try Google's you know Not for fault of their own, but it's just the way it works They're going to try and serve you what they think is the most relevant versus when you archive news articles I can get exactly what I wanted out of them It's just a great way to keep up with a lot of these things and you know Being multi-tenant where you can have different users one of my suggestions would be you have a user like myself who really focused on the tech content But maybe your hobby is guitars or race cars or motorcycles You could actually just create a different user so you can have your personal user login and all your fresh RSS So you can stay focused on the thing you want to focus log out and focus then on your hobby If you want and not have to look at tech news and breaches for a little while So that's my shout out for fresh RSS look for a video coming soon, but it's free. It's open source You can host it. It's got a doctor image. It's even in true charts if you want to run it on your NAS But it's just easy so Yep, I See okay, some people will say a next cloud news app is another one to use Yeah, and mention consolidating You know sometimes it does get to a point where you're just managing too many things and then it's like does that need to Be its own VM. Can it be a container? Can it be hosted with something else? You know if you have a feature in something you're already using And it works for you. There's no reason to you know the way from that because it's what works But you know, that's why homelab is great because you could just decide how you want to navigate this Consolidate what you want and separate what you don't Yep. Now we do have a homelab tip for you and this is comes out of a discussion me and Jay had yesterday and We talked quite a bit about this, but it's one of those things of Understanding your storage for your containers or your Kubernetes setup My preference is to in if you're running it on true NAS I mentioned in my last video on the latest true NAS update that you should be using host path because it makes it so much easier Resource so you understand where your data is but to expand out further Jade pointed out instead of using your Like a PVC or any type of other storage He's using like NFS with some of his that way all of his data is always stored on his NAS And well his Kubernetes cluster can spin up and just point at those data sources Yep, and I could also just revert something back So if I do something stupid and break something then I can just delete the container completely the go into true NAS restore the config file then You know launch the container again, and then it gets its data from that time period and I have full control over that There's pros and cons with every method, but with my method It's just it just works so well for me that I just can't imagine doing it any other way But then again, there's always a better way But I feel like there's just something to be said about having true NAS be your central source of data Including your config files for your containers So you have everything under that one umbrella and you know that that's an example of consolidating things So you don't have to have a separate Volume or anything like that you just use the data store that you have already and then you know with the snapshot capabilities as EFS Married with the containers. That's a great combo Yeah, and it it came down to a big discussion because when there was the latest update to True NAS they to nascale specifically true charts broke and people were making a really big deal going Oh, because two charts answer was just reinstall the applications and people but no all the configuration for it and stuff like that And I'm like why is that a problem fresh RSS broke fresh RSS was part of something I pulled from true charts and kind of circles back all the way here it broke So I deleted it. I was like, uh, didn't update anymore I give some stupid error delete and then I point it back at the same host path and it Exactly where I left off every article all your database every setting It was done. So I really encourage people to make sure they understand where their data is being stored really think consciously of it And that like Jason using true NAS for a NFS share So you point it right back at that same path makes life so much easier Yeah, I feel like in no offense to anyone, but I do feel like at a certain point if you're Reliant on your data being in your container or you know, you don't know how to You know get the data out of it like you were saying I also feel like it's you know containers You're just missing the point of containers in my opinion because the whole point is that you separate the data and the container It and you know one and each one is independent the data can exist without the container The container can exist without the data the data is there the container will use it That just makes more sense at that point if you're that concerned about storage being local to the object I would say use a virtual machine because at that point that's exactly what you're creating or turning a container into but then again, I also feel like you know User space should never be broken a certain person said that I think you guys will know who said that famously but But but it's true You know, I think it is a shared responsibility, but when it comes to your data, that is your Responsibility and we're gonna talk more about your responsibility with data coming up pretty quick But my suggestion is you know give that a shot map a NFS share to your containers I like to have a dedicated folder underneath for each container So every containers data separate from other containers That that's just a good way to do it and then you have a stateful configuration that you can restore as needed Yeah, and that helps make it less pain-free. I've you know, one of my other tips is when you set something up Break it delete that container see how hard it is to set up again and make sure you have that process down Because that should be something that is pain-free to do is just rebuilding them Like oh calls rebuild all my container apps and reattach them to their data and life is good because it's unfortunate when people contact us we see posts in our forums or people contact us for consulting and They've lost all the data because they rebuilt unify is notorious for this There's no official docker for the unify controller Which means the unofficial documents that get people going on it often They don't think about the data and mount points on there. So when they rebuild the new web They're like, oh, I threw away the old container and all the configuration was in there So but one thing to mention though is that there is a unified container In at Linux server dot IO. Yes Yeah, I think they're maintaining an hour thing. Yeah, yeah And I'm not saying that any of their containers are official But they put so much work into these and they also work for arm, which is just so great Especially for us because we don't know what you're running x86 arm. It doesn't matter Just pull the container and it figures it out So yeah, and fresh RSS that comes from Linux server IO as well that they're the maintainers because fresh RSS doesn't maintain a container Themselves they just give you general install instructions on GitHub of how to set it up But yeah, Linux server IO They're great people over there. They're doing they're doing some really solid work. Oh, they're trustworthy Yeah, the Ben Ben friends of the show for a long time now. Yep, absolutely Alright next is going to be privacy and security. Where do we want to start on this topic? This is a big one But we want to give you some tips about your securing things in your home lab and at the same time It's kind of I know there's separate things, but there's a there's a slight convergence where one can bleed into the other That's why we threw them both as the same topic Yep, and I'm I'm gonna start with a story on what can go wrong with the with the cloud and in all these things because I think That's a good place to start But I will admit I don't know how relevant this story is to the audience because I'm you know when it comes to western digital's Cloud service, which is the topic. I'm about to get into I Feel like the majority of the audience is probably running their own, you know next cloud server or something like that That being said I have no idea what everyone's running So I'm just going to talk about the story and I'll summarize it a bit just to make sure everyone's aware of it But I also think anyone who's using it was aware of this immediately, but apparently According to tech crunch it was which is one of the many articles I've been looking at and it's the one I have in front of me right now because I can't remember dates as of March 26 there was a breach at Western Digital and This caused all of their products that are cloud enabled which I found out just how many Products they have that are cloud related. I knew about their my cloud drive, but there's flash drives that are cloud enabled There's like like a flash drive that could swap things in and out of the cloud to extend the storage There's a wireless charger that was breached believe it or not because it's a cloud enabled wireless charger I had to look at this and find out. Why does my charger need to be cloud enabled? I think that's probably the last thing I want to be cloud enabled But what I found out is it's one of those things where it backs up your phone or something when it's on the charger but that's not working right now because What the last article I read said they're still having problems I don't know what's fixed and what's not because I don't use their service their website was up when I looked today this morning But they got in there deep People's they're claiming that they have a large amount of data and they're threatening Western Digital to make something public including a Potential or allegedly Western Digital violating their security Registration because the hacker got in and was able to do things you again allegedly shouldn't be able to do with said security But I don't know how much of that is true what they have what they don't and it's just a big mess right now So unfortunately Again, it's a mess. There's some workarounds and there's a local Access feature that Western Digital is telling people how to use to get their data back But I don't know about you, but if a cloud service is breached I'm not trying to pull anything down anymore, right because I don't know if I'm pulling down a payload or what's going on that's just not the first thing I would try to do but There's no way the easy way to say this it is what it is. It's a problem right now And this is not the first time So we'll see how it develops, but I just wanted to mention that for those that you know Might not be aware of it So that's one of the things that can go wrong when it comes to security and privacy and it's on their side But then again, if you're trusting your data to someone who has this problem Yeah This broke people's ability to get to their NAS Because a lot of the way the devices work is they reach out to the cloud now even though it's a local device They're doing some of their you know Reverse proxy magic to bring you back to it. So your connection in some way Indirectly goes through Western Digital and people lost access to it I see a lot of people complaining about this and this is why I'm always trying to avoid things that have a dependency That forces you to use their cloud now since we did our last privacy one Ufi cameras have certainly become front and center and attention for companies that were Completely telling you they weren't even storing things anywhere other than the camera But that turned out not to be true at all And once again, this is why when we talk about IOT networks and cameras I've talked about surveillance cameras on my channel many times and I say I don't give them internet access and I would have known right away if I were to test one of those Ufi's I think it was the Ufi doorbell was the device that really got the most attention But I would know immediately when I broke the internet so to speak and I disabled internet for it I would know we're whether or not it could work and my cameras. I have now the Amcrest ones I know they would love to have internet. They seem to ask internet questions They're not allowed to go anywhere. So they just go into the bit bucket on my PS sense going denied So it's a lot to consider when you're doing these is what what data what what can people learn about you? From some of these devices that are being leaked Yeah, it's just a big situation I mean now the my cloud feature if you have my cloud is now their cloud That's what we should call it until it's my cloud again Because that's the product name, but yeah, there's that that's the thing is when it comes to making things Externally available and this is you know, probably a topic we can start with to segue into the main topic is When it comes to externally available resources My first opinion is if you can help it never make anything publicly available But I understand there's some things that you do need publicly available for this reason or that reason and Probably the number one thing someone will come back with this plex because you know You probably want to watch that hotel room when you're traveling or something like that. We know how that works so there's gonna be some things so When I first started I made something publicly available when I learned how to do this early in my career And I thought wow, that's so amazing. I figured out how to make something accessible I turned it off afterwards because I read about why you don't want to do that But I know how exciting it is to you know, especially when you're just starting out And you're like man, I just made this publicly available because when you don't know networking very well that kind of sounds like voodoo black magic or something How do you do that? But once you get seasoned like Tom and I then you know, you kind of look at this with a magnifying glass closing all the ports online Close everything right, but again, there's gonna be some things that you know For whatever reason you need to make publicly available and that leads me to the first Recommendation and as a quick aside, we did a privacy video. What was it 20 30 episodes ago? So this is kind of like a refresh. So some of these sites I don't remember which ones I did or didn't go over in that episode But it doesn't matter because I want to go over to again just for anyone who's new since then So the first thing is shields up and I think this is going to be the first thing to start with that makes the most sense because Using shields up you could find out what ports are able to be hit from the internet So you go to grc.com Slash shields up. It's by Steve Gibson. Who's you know famous for security now That's that's part one of his many tools. Yeah as a few of them And I'm not going to tell you that this is an exhaustive security test to where if you pass this you're Completely good. If you pass this you're in a very good You're in good shape, but I don't believe in anything, you know being perfect But it I think this is a very easy and quick thing to start with especially if you are about to Make something externally available before you do that find out what's Available right now and it could be surprising if you have a cloud-enabled router or something like that I have no idea you might run a tool like this and find out that there's more open and you didn't even open anything so the first step is always to You know secure what you have and lock it down before you open anything else up At least have a baseline of understanding what is open now if there's anything that's open from your router Vendor being silly with their default settings or something. This might help you find out Especially if poor answers on this service, then you should probably take a look at that and find out. I Like it too. He also Related to the shields up it's got the universal UP and P internet test to see if your system is exposing the UP and P ports which you may not know and this is what a complaint people have of why I recommend almost any router other than your Generic off the shelf some of the things you can buy at the big box stores is because they're notorious for having buggy firmware Some of them in the past they would just expose UP and P and it was just poor programming and instead of it being bound and Locked into only internal requests. They would expose external requests and what this means is someone could send the UP and P command to tell it to open up something on the inside and from the outside and it would listen to you to do that and you know There was a notice about it. There was lots of patches But people don't patch these consumer routers to get plugged in and as long as they're working Generally speaking no one does it now. We know that's not our audience. We know our audience is more advanced than that But nonetheless, these are tools you can use to kind of, you know Push the envelope a little bit and push people along to hey, these are the reasons why you need better security. So There's a couple other sites I want to throw out there and These are going to be for specific needs one of them I know I did not go over for sure because I only just recently found out about it I can't remember who pointed me to this I think it was someone on Twitter if I'm not mistaken when I was asking Questions about the opera web browser not something I was technically thinking about Using I was just wondering if there's any surprise like, you know, if something changed and it's you know Changed in some good way and nothing against opera, but if you go to privacy tests dot org what you're going to find there is a list of web browsers and Some security features and various things that were tested on that browser and you can see how many checkboxes your browser of choice is able to get and What I find surprising about this is that they test like pretty frequently like I'm looking at the page right now and it was updated five days ago So that's pretty recent. So with this tool you could find out where your browser kind of sets in with this and Another thing that I feel like is very surprising like operas of status is not surprising I'm not going to get into the controversy side of things But you know, they're bought by another company and some people have questions about how security Consciousness they are but what I found really surprising about opera is Vivaldi is Nearly identical to opera when it comes to the checkboxes on this site now At first that doesn't seem all that surprising because Vivaldi has come from opera There's a bit of a divergence and in branching out Kind of like, you know, not not dissimilar from open office and next cloud although it's a browser But I would think would have thought anyway that Vivaldi would have, you know more checkboxes They're virtually identical. They're using the same browser engine. So that's probably why but at the same time That was still a little surprising, but then you could see how, you know, if you have a Mac You can see how Safari is compared to Firefox Microsoft Edge, there's the number of other browsers on there So I think this is a website that you should probably have bookmarked because you can keep up to date on Where these browsers stand when it comes to privacy? Yeah, this is pretty slick. I had not seen it say before. So that's definitely a good tip Yeah, I just found out about it probably a month ago. I think I'm just guessing Something like that Very similar to that and I'm actually kind of wondering if they're from the same place And I apparently I didn't save the link for myself. So I want to have to manually type it like it's 1899 Now this security thing I will warn people on I We talked about privacy with privacy tests with browsers The security thing is because we're right off the heels of yet another problem with chromium I didn't say chrome. I said chromium and all these browsers Well, many of them being chromium based before you wander off the path of chrome in search of something Make sure that something you're choosing is keeping up to date with the latest CVE's Google maintains and updates the code to the chromium project and everyone else kind of pulls downstream from that But as long as everyone's keeping up to date on there It's just one of those little tips I have people consider you make sure your browsers are up to date Your browsers are the biggest and most prominent threat surface today outside of exposing ports where things can really get at it And get into your system because you are running your browser People want to assume you and Linus knows how this goes. I've done a whole video on The Linus breach and talking about how you can seal session browser tokens That is often the goal is to steal those session tokens to become you people It's funny because when I did that video people like it can't be that easy I'm like, yes, I just copy you to the browser token paste it into another browser and I'm that person instantly So that is why these are so important to taking a consideration Absolutely. Yeah, and that's all about browsers and it's going to be Located at privacy test org. That's where that's that's located and the next one that I want to go over is going to be privacy tools.io So again privacy tools.io. This is not specific to browsers. There's all kinds of things here So for example, if you wanted to find out, you know, which office solution should you consider which service for this Which service for that? It gives you an idea about the security and the privacy around different platforms So you can make a more informed choice. It's something that I I think it was security now that turned me onto this quite a while back And I can I'm looking at the site now and it's changed a lot since I Originally started looking at it, but you have things like file encryption tools listed here So if you wanted to find out more about that even disk cleaners those disk clean utilities are on here So, you know, which I haven't used in a long time because I just you know, I'm a Linux person I just use a fine command and you know pipe it out to exec RM dash whatever That's saying that's a safe command. You know, if you're not careful But there's there's a YouTube alternatives. If that's your thing, there's some information about social networks You can just basically go through here and find out what their view is on these different Services applications and find out if this is something that you want to use if you're thinking about trying something new And one of the things I like to tell people is these are just machines. These are just tools These are not something that should be personified because I hear people say Facebook is evil and I'm like, no, no, no I preach awareness. You should know what they're doing is data. You should have Awareness of your data and how they use it. I think of that, but they're still just a thing. They're not a person They don't have intention We may know that Mark Zuckerberg wants to monetize it You could just assume that for any companies and you just have to be conscious what data you're putting on any of these sites That's my biggest thing I tell people is just make a conscious effort to understand what you're sharing If you're putting them in NT any of these sites and once you start doing that as long as you're aware You're good and this is something it's actually interesting. I'm gonna say my my son who's 16 He seems more aware than I would expect kids to be and I think just the new generation just goes No, we already know these companies suck. They're gonna do something bad with our data So we're careful about what we put on there They're starting to think more about it than I probably would have when I was his age Had given this vast amount of resources to post things doesn't mean there's not someone doing something stupid Posting too much on there, but having awareness of it is where you really want to be it's going Okay, I know if I post this this is what they're going to do with my data and also another thing to know too is Even if they're doing everything right like if they're saying that they don't do these things and they're not doing those things and you know It looks safe and you might be thinking also a big company and it checks the boxes One of the other way to think about this though is even if they're not doing something You know evil with your data if they have a security issue inside the company and your data is there Then regardless of what they're saying You know something could change tomorrow We could find out about a breach and if your data is there then your data is part of the breach So you also have to ask yourself, you know, is the company trustworthy? When it comes to security do they have a history of being in the news for all the wrong reasons when it comes to protecting data? Things like that. That's another thing to keep in mind too because again, you know, it's not always their intentions although intentions are a big part of it sometimes it's you know, it's a matter of a System administrator not applying a patch in time and the next thing you know your information is out there in the wild So just yeah keep that in mind too. Yep. It's always saying about what day do they have? Yep, can't steal with the but they don't have another one I wanted to Send out to our community and listening audience is scan next cloud comm So it's it's obviously next cloud specific you put your next cloud URL there And it'll give you an idea of how secure your Installation is now a pro tip about the service though What you want to do before you use it is look at your next cloud and find out what version you have right now And the reason I'm telling you this is because sometimes the service needs to be refreshed So like when I went there today it told me that everything is good except I'm running an old version But I'm not I checked and I even checked for an update There's no update and then there was a refresh button on the site and when you click on it it can take up to five minutes, but it's going to basically reset the check and then it got the right version and Gave me the information I needed But it'll let you know Some of the low-hanging fruit that you can fix if you have a next cloud account Again, it's not a complete security picture But it's like the minimum things that you should do with your our next cloud installation put in your URL there Make sure that it reports back the right version and then see if it comes back with anything that it recommends that you fix Yeah, so as much as I love next cloud I do remind people that it you're exposing whatever data you're saving in X cloud to the public internet when you have that opened up like that so please make sure that you are making sure latest version and Following the right procedures for that because this is one of those things where you Put all this data next cloud all your personal data You did not intend to share this with whoever found it, but they found it You misconfigured something now they have it when this is a risk that can be very challenging to mitigate because man If you didn't know you were exposed or didn't know you had a weak password on there And someone was accessing it you may not know until they've decided to action on that data or try to blackmail you with it or anything like that Yep, I absolutely agree. So also consider encryption with the next cloud to yeah now encryption I caution everyone it protects data at rest, okay Yeah, so that that's not going to protect your data when it's open and unlocked and you know Someone leaves your they're they're encrypted computer booted up and unlocked to where someone could just walk over and use the keyboard Well, the crypt is not going to help you but at least they you know enable it and make sure you have a good password You store it somewhere safe and all those different things because what you're hopeful What you're hoping is that if someone unfortunately breaks in they're just going to get junk and so something that they can't use But again, you know like Tom said just you know keep up to date and just follow the best practices there and Still keep good backups because even if you do everything right you never know if you Defeat somebody in an online game and they're mad enough, you know I'm like you never know nowadays, right? Something could happen. Just be prepared for it and you know it is what it is absolutely Should we talk about some school a couple tools to expose your services, but then hide yourself a little bit Sure. I Would say there's a couple of them out there So cloud for tunnels is one I've talked about there's several videos about it Cloud for tunnels is cool because you can expose services They add some extra security features if you'd like to turn them on and it will hide your IP address So you're able to create this public URL where you have something you can set the cloud for a tunnel for it Now I'm always mixed feelings when people start calling it a zero trust solution I like to remind people you can call it zero trust But you're trusting cloud flare because they're the transport layer to get the data from where it is on your network to a Basing side so you have to know the trust circle that you are including and that cloud player is included on there Now clever it does have rules. They basically say no plaques. They don't say it no plaques They just say if you exceed this much and primarily use it for hosting video data You're gonna hit some bandwidth limits on their cloud for a tunnel So it's not ideal for plaques but for things like next cloud if you go Hey, I just really want to access to this and I don't have the opportunity to set up a VPN because VPN is always my first recommendation for accessing data Absolutely the the the most secure way to do it whether your VPN is wire guard or your VPN is open VPN the two most popular ones Those are great, but if you're going nope I just need this publicly exposed cloud flare tunnels is probably the next best thing to do that But not to be left out of the game tail scale now I have not tested this just this is a new beta release they announced I think maybe one week ago But I really trust tail scale as far as a company to make a really good software a tail scale is got their new What do they call it funnel? So if you're a cloud flare your tunnel if it's tail scale, it's a funnel and Yeah All right, you know it rhymes so they are They're releasing some software to allow for public exposing of things tail scale already has a really awesome reputation as another Alternative to a VPN. I'll call it. It's using wire guard as a VPN protocol But it's essentially a overlay network system VPN It would not be fully accurate way to describe it But it's the overlay network that uses that I've done videos on it And right away earlier someone was asking about well Is there a fully open source like I can host it myself version of something like tail scale? There's a couple things you can do one if you use a tail scale client because the client's open source But the coordination server is what they use their service for so all the nodes talk to the coordination server But tail scale actually to their credit Not only they make the open source client Available they also without recompiling it let you change where those sources are for the coordination server And then you can use head scale which is interestingly the developers at tail scale have contributed code to the head scale project They've actually fixed some things for those people. So it's kind of weird instead of saying we're gonna quash the competition They actually made the product better and it's an open source version. So head scale is a free open source Not exactly clone but a replacement for the head scale server now One thing it doesn't have is the ability to run phone apps and that's because the developers at head scale They is it's harder because they got they don't have certificates to publish in like the app stores for Android and iPhone So there's not any way to Current there's why I can't say any easy way to do it I think they have a self-compiled version you can side load onto your phone So there there's not a non way to do this There's no easy way to do it But as far as using for Windows and Linux systems tail scales actually a really cool way to Get all that data on there with an overlay network and not have to have any type of things that are there I will mention. It's not one I've used. I know a lot of people ask about it There's another tool out there called net maker and that is another one It's different than tail scale, but net makers also another type of build tool for building VPNs and connections between servers and managing it It's it's pretty neat looking from from an overview, but I haven't used it So I don't know how hard it is to actually implement, but it's another one to You know be able to keep you from having to open up things to keep you secure But still give you access to your data Across several nodes or maybe you work in multiple locations or maybe you consider, you know Leaving the house sometimes it's weird, but sometimes I do that and I want to be able to I want to be able to easily Connect to my resources and things that I have access to because my fresh RSS I host internally and if I want to get to it I want to get to it anywhere Especially when I'm playing on my phone somewhere because I'm bored. I just I don't want to go through actual new sites I can read fresh RSS on my phone by VPNing back to my house. So Because sometimes the line at Qdoba could be really really long and I need something to read while I'm waiting for my burrito So I know we have to have something like that, right? Absolutely, I think what's next on my list here for people this is a question that comes up quite a bit and Tails OS is really cool. So the It's a live Linux distribution that forgets everything. What do they call that? It's I've got the name of the software. It's built on It's like the no-memory version the amnesia Amnesia. Yeah amnesia OS it boots up each time randomizes everything is possible spins up a Tor browser doesn't even let you connect until it has internet and then it wraps it in tour And then it lets you get out there if you are looking for a way to minimize your Exposure of personal details when you're connecting to the internet and if you follow dark net diaries at all You'll hear people talking about this when they talk about opsec if you followed the Snowden things Snowden use this as well by separating your main computer From your normal operating system where you're saving things and stuff like that by booting up something that forces you Each time this new session and when you power it down all session things go away You have to log in each time to each service go open up the web browser Tails is awesome for doing that if you want to be really Hyper-conscious of what you're doing online tails is pretty neat now tour is awesome But and there's some videos you can find there's some good talks at DEF CON if you talk about how people got caught I've got a whole video on tour. I talked about how people got caught using tour It's not the way people think there's always these people throwing it out there that tour itself has been broken And because it's a you know the government some government funding went into it is why it can't be trusted It can be but you have to understand the trust with it and how it works and how exit nodes work how ingress works how the tour protocol itself is secure, but a Nation-state level actor who is actively looking for you if you do things in a repeatable pattern And this is where the nuance comes in there are ways to decipher generalizations as to where your entrance node is Based on a few pings from your exit nodes, but it requires a lot of node information There's been a lot of campaigns that are really interesting that have taken this on It's one of those really complicated topics There's a some research that I may follow up on because I did the previous video and talk about the status of that research now of Understanding who's looking at these exit nodes and what they can and cannot defer They give them very generalized information about you, but overall tour is still a very secure system on there So it's if it's definitely a really cool thing to play with If you want to get into you know understanding how the routing works how the tour browser works and it's a free download It's all open source, so Definitely We mentioned last week won't talk much about it But obviously for running your home stuff privacy oriented and somewhat security oriented is going to be home assistant That's an easy one if you're in control of all bit whether you hosted home assistant on Docker Whether you hosted on some device you have a Raspberry Pi or what just some piece of hardware or even what's there? Is it called yellow is that there's well the one that I have is the home assistant blue There might be a new one, but I don't think mine is sold anymore unless they still have stock last I or when I bought mine they said they were unlimited stock and it wouldn't be making any more But they might have a new device now Yeah, the The home assistant is great for keeping all that so you're not worried about a breach because it would be It wouldn't matter so to speak if your light the company controls your light bulbs if they're all controlled in home assistant I'm like, oh, you know I have I actually have a bunch of Phillips you stuff because I bought an unclean So before you judge me for having expensive lights I Bought them because they were on clearance But if something happened to the Phillips you company that would be tragic But it would not affect me because I don't loop any of my stuff out to the cloud If you build things on like the Zigbee or Z-way protocols or have it connected to your local Wi-Fi It gives you great control of everything and you don't have to worry about what happens to these companies once they're adopted into your network Because you'll maintain control bonus all my IoT stuff that I have control of works without internet I could actually still turn all the things on and off so can Jay Jay's a big fan of all this too. So yeah I just keep finding more and more things to add to it and it's You know, I feel like it's getting easier and easier because at one point It was like more of a question of like what does home home assistance support and now it's more of a question of what Don't they support because there's things in there. I've made an assumption I never would say it, you know make an assumption publicly on the channel, obviously, but in my mind I'm thinking well, that's not gonna be in there. That's a proprietary solution. Oh, it's there, right, okay You know even some of the proprietary solutions. They have some way to the hook into that So it's just a really great system and I feel like home assistant is like this Unicorn of like great interface. Oh, it is. Oh, get me wrong. There's some flaws, but it's so good More often than it's not and my any complaints I have are very very small and inconsequential. It is so well designed and Every time I find out how to do something if I look it up I'm thinking well, that's a logical way to do it that makes sense I just learned the other day you could create your own Boolean variables You know, you have to tie it to an entity you could just create a on-off or a true false and you can Have it as part of your automations to further customize it. So there's just so many great things you can do Yeah, two last ones. I'll mention here is gonna be piehole and you block origin The piehole project is fine. I like it I don't use it actively because I'm partial to using PF blocker and PF sense which can use piehole feeds But both of those are good projects. I don't have anything I just don't do any updated videos on piehole because I really don't use it much anymore But it's still a very actively developed project It can be enlightening because if it has a really nice reporting on it to see what got blocked So that's always interesting, but even easier and of course if you're wandering around and occasionally leaving the house as I do On my laptop and well on my desktop, too I use you block origin big fan of that as a plug-in It tells you things quickly about sites and for some reason I need to unblock a site having it right in the browser as a button Definitely a solid way to go. I guess I don't need this blocker. I want to see what it's blocking We're actually laughing about a marketing company. I was like it blocks 90% of what's on their site for embedded Like every link they sent me would you block origin would give me a warning for so I definitely it's You know really cool being able to use that. It's a these are both free pie holes free you lock origin free so yeah, I use piehole I like it a lot and One of the things I I want to you know, give a quick disclaimer. I Personally my personal opinion not a professional opinion not a technical opinion. This is completely just my opinion I really hate mobile computing. I just don't like phones, you know, just a personal thing I mean, yeah, I think some people can really relate to this because especially if you work in it Then over the years you're conditioned to believe your phone is your interruption device The your servers are down device and it's so easy to Correlate anxiety to the phone Especially telemarketers calling in it's just just annoying anyway, but I have to have a phone because you know, it is what it is So when I'm out and about it's very glaring to me how many more ads I get when I'm off my home network than when I'm on my network and That's one of the reasons why piehole has been implemented because for me when I'm home You have different options on phones when it comes to ad blockers depending on your platform It could be easy or difficult but having something like piehole when you're when your home is great I I feel like piehole I could almost make if there was a safe way to do this a use case to make it publicly available If it's my piehole and then have my phone use it as a DNS server everywhere that I go But the problem is you know, then so too will everyone else and using DNS is so bad It's just DNS poisoning is not something that I want to get into and I'm not saying that could happen with piehole But it is something I thought about having some kind of a secure way just to have my DNS server out and out and about that my phone goes to or whatever it is I'm using and Hopefully I get fewer ads It's just so hard to browse the internet without ads and as someone who gets paid by ad revenue You might be thinking well, he likes all those ads and everyone's like no I don't want anyone to be inconvenienced like that It's disruptive and at any moment you have like five popovers just to read one article. It's it's a hard world out there right now So yeah, I heard it quoted as the original sin of the internet was Building the internet on an ad-based system and like we did with our other media outlets I completely think if we would have Came up with the internet and not had an ad-based system some type of minimal minimal pay system You think about how little a website makes on ads per person It's it's pennies, but if you could figure out a way to get people to pay pennies Awesome because you know we talk about having 50,000 views on a video that me and Jay do if someone could just donate a couple pennies So that and not have to see ads makes a lot of sense. We got to come up with a better model I think that's where some of the innovation lies in the future I'm gonna be I'm gonna be an old man telling my great-grandkids back in my day We had unskippable 30 seconds ads in our media and you're like sit down grandpa solve that years My fear is where does it where does this end and I'm not saying this is going to happen But it's always been a thought in the back of my head Where you know, let's just say you go with the phone provider and you get this very cheap phone because you know You don't have a thousand dollars to spend on something because some of these are very expensive But you you get a phone and it's true It's completely capable, but what if the agreement is you're not allowed to mute the audio when an ad is playing in the heart In the mute button and the volume sliders disabled in exchange for having the phone I'm I'm just saying like These we're like where does this go from here? I mean, it's bad now, but unless we figure out a way to change this I mean, I'm kind of nervous to see what's gonna come next. Yeah I think is where we're gonna see some innovation But nonetheless, I have left links to all the different sites that me and Jay mentioned here all in the show notes I was even adding a couple that I I Didn't know about somehow They're all in there though So if you if you're listening to this check out the show notes We have all the links to the different tools we talked about most the other stuff is pretty easy like I didn't leave in link to The tunnels and the funnels, but those are easy enough to find so tail scale Funnels and cloud player tunnels if you want to check those out as well Yep funnel in the tunnel Put a tunnel in the tunnel or a tunnel in the funnel and then combine them. Don't do that Don't please don't do that. Oh EFF private privacy badger. Yeah, we can mention that too. Yeah EFF is always a great reading resource as well They're write-ups and keeping up with the things going on in the internet that affect your privacy EFF is definitely forefront of that I'm a longtime supporter of that organization. So Yep Awesome. All right. Well, thank you guys for joining us. We had some fun Hit us up at feedback at the homelab show and we'll see you next time. See you soon