Steadfast Self-Hosting, a book by Adam Monsen(selfhostbook.com)

posted 5 months ago

perishthethought@lemm.ee

selfhosted@lemmy.world

25 commentshide report

I’ve not read this yet, just passing it along, as it looks really interesting.

I’m not affiliated in any way with this.

ETA: If anyone has read it / bought a copy, a review would be very appreciated.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

Saik0@lemmy.saik0.com

3 points

5 months ago

Why would the lack of SSL concern you?

Because it means my traffic to that site is in the clear. And while we’re not transacting anything sensitive necessarily. It’s still best practice to limit sniffing.

Automatically swapping to https should be default behavior for every website.

permalink

report

parent

[ - ]

AlexanderESmith@social.alexanderesmith.com

-3 points

5 months ago

There’s no need to encrypt this data. Any entity that is watching you knows how to see the domains you visit, and everything on this site is on the main page, or a click away from it.

An SSL here is nothing more than security theater, or marketing.

permalink

report

parent

[ - ]

Saik0@lemmy.saik0.com

5 points

5 months ago

An SSL here is nothing more than security theater, or marketing.

Or like I already said… is best practice.

permalink

report

parent

[ - ]

AlexanderESmith@social.alexanderesmith.com

-1 points

5 months ago

“Best practice” isn’t a catch-all rebuttal. Best practices are contextual. I’m keen to see your justification for encryption beyond “all sites should encrypt everything always”.

My assertion is that this isn’t necessary in this case. Why do you think that it is necessary to encrypt open-source, freely available, non-controversial site content?

permalink

report

parent

[ - ]

Saik0@lemmy.saik0.com

7 points

5 months ago

The site is already available in HTTPS. Why would you even serve content non-encrypted?

If you need an education on the matter… Here you go. https://www.cloudflare.com/learning/ssl/why-use-https/

“I don’t handle sensitive information on my website so I don’t need HTTPS”

A common reason websites don’t implement security is because they think it’s overkill for their purposes. After all, if you’re not dealing with sensitive data, who cares if someone is snooping? There are a few reasons that this is an overly simplistic view on web security. For example, some Internet service providers will actually inject advertising into HTTP-served websites. These ads may or may not be in line with the content of the website, and can potentially be offensive, aside from the fact that the website provider has no creative input or share of the revenue. These injected ads are no longer feasible once a site is secured.
Modern web browsers now limit functionality for sites that are not secure. Important features that improve the quality of the website now require HTTPS. Geolocation, push notifications and the service workers needed to run progressive web applications (PWAs) all require heightened security. This makes sense; data such as a user’s location is sensitive and can be used for nefarious purposes.

I don’t feel the need to be your teacher. You can easily google why you should always be using HTTPS. There’s numerous reason… all overwhelmingly obvious. Forget the basic “Not every ISP is an angel, and they all will collect as much information as they can get”. But I already said that… “It’s still best practice to limit sniffing.” Not sure why I need to elaborate any more on that. Very much akin to “why close your window blinds”, because nobody likes a peeping tom.

Ultimately for this specific website it’s literally changing a couple lines of code in their apache or nginx instance (or whatever proxy they’re using). It’s called best practice for a reason.

Edit: Hell it’s even a bit more of a guarantee that your site makes it to the consumer unaltered. Would be odd for that site to have it’s packets intercepted and midget porn be added to every page wouldn’t it? Think that would hurt the guys reputation?

permalink

report

parent

Show more comments

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

4.9K
Monthly active users
3.6K
Posts
81K
Comments

Community stats

Community moderators