I'm https://edoceo.com

I used to write a bunch about sys-admin things, then some code things, now some (very disorganized) business things. I try to blog.

My biggest claim to fame is being cited in an RFC about CSV files. Woot!

Maybe, the point is that people, in general, commit/post all kinds of secrets they shouldn't into GitHub. Secrets they own, shared secrets, secrets they found, secrets they don't known, etc.

GitHub and their partners just see a secret and trigger the oops-a-wild-secret-has-appeared action.

Ive had many issues where services can't verify the GV phone number - cause they know it's GV. Does this still happen?

Yup! Tip: lock em in and verify a regular cell phone number and then port it. They can probably make it work for you if it’s like a bank, otherwise yolo.

Used to happen more for me. Very rare now.

*G'day mate

I'm in favor of /.well-known/[ai|llm].txt or even a JSON or (gasp!) XML.

Or even /.well-known/ai/$PLATFORM.ext which would have the instructions.

Could even be "bootstrapped" from /robots.txt

curl is just sugar on sockets ;)

SSH is just sugar on top of telnet and running your own encryption algorithms by hand on paper and typing in the results.

Is a container not enough isolation? I do SSH to the host (alt-port) and then services in containers (mail, http)

Depends on your risk tolerance.

I personally wouldn't trust a machine if a container was exploited on it, you don't know if there were any successful container escapes, kernel exploits, etc. Even if they escaped with user permissions, that can fill your box with boobytraps if they have container-granted capabilities.

I'd just prefer to nuke the VPS entirely and start over than worry if the server and the rest of my services are okay.

Yea I feel that too.

there are some well respected compute providers as well which you can use and for very low amount, you can sort of offload this worry to someone else.

That being said, VM themselves are good enough security box too. I consider running VM's even on your home server with public facing strategies usually allowable

Yeah, I only run very little on VPS, so this is practically free to me. Everything else I host at home behind Wireguard w/ Pangolin.

I understand where you are coming from but no, containers aren't enough isolation.

If you are running some public service, it might have bugs and of course we see some RCE issues as well or there can be some misconfig and containers by default dont provide enough security if an hacker tries to break in. Containers aren't secure in that sense.

Virtual machines are the intended use case for that. But they can be full of friction at time.

If you want something of a middle compromise, I can't recommend incus enough. https://linuxcontainers.org/incus/

It allows you to setup vm's as containers and even provides a web ui and provides the amount of isolation that you can trust (usually) everything on.

I'd say to not take chances with your home server because that server can be inside your firewall and can infect on a worst case scenario other devices but virtualization with things like incus or proxmox (another well respected tool) are the safest and provide isolation that you can trust with. I highly recommend that you should take a look at it if you deploy public serving services.

Repo-manager, SBOM tool for managing dependency (like Artifactory)

I use it almost daily. Thanks!

Seconded. @tomraberbach, today in conversation someone mentioned Paul Buchheit's invention of Gmail as a 20% project. The next time, I'll mention you!

Heh I think the scale is a bit different, but I'm honored :)

It's not a typical day for me, but I sent 0 emails (Gmail is my standard) but edited 2 Docs with Markdown.

Well that's awesome!

Out of curiosity, do you mean the "autocomplete" feature or the import/export/copy/paste feature? (I did both)

Love it!