# Introduction This blog post is about designing firewall rules, not focusing on a specific operating system. The idea came after I made a mistake on my test network where I exposed LAN services to the Internet after setting up a VPN with a static IPv4 on it due to too simplistic firewall rules. While discussing this topic on Mastodon, some...
# Introduction Last month, I decided to leave the OpenBSD team as I have not been using OpenBSD myself for a while. A lot of people asked me why I stopped using OpenBSD, although I have been advocating it for a while. Let me share my thoughts. First, I like OpenBSD, it has values, and it is important that it exists. It just does not fit all...
# Introduction This blog post is about Floccus, a self-hosting web browser bookmarks and tabs syncing software. What is cool with Floccus is that it works on major web browsers (Chromium, Google Chrome, Mozilla Firefox, Opera, Brave, Vivaldi and Microsoft Edge), allowing sharing bookmarks/tabs without depending on the web browser integrated...
# Introduction As I moved my infrastructure to a whole new architecture, I decided to only expose critical accesses to dedicated administration systems (I have just one). That workstation is dedicated to my infrastructure administration, it can only connect to my servers over a VPN and can not reach the Internet. This blog post explains why I am...
# Introduction In this blog post, you will learn how to make secure backups using Restic and a S3 compatible object storage. Backups are incredibly important, you may lose important files that only existed on your computer, you may lose access to some encrypted accounts or drives, when you need backups, you need them to be reliable and secure....
# Introduction Snap package format is interesting, while it used to have a bad reputation, I wanted to make my opinion about it. After reading its design and usage documentation, I find it quite good, and I have a good experience using some programs installed with snap. => https://snapcraft.io/ Snapcraft official website (store / documentation)...
# Introduction nncp (node to node copy) is a software to securely exchange data between peers. Is it command line only, it is written in Go and compiles on Linux and BSD systems (although it is only packaged for FreeBSD in BSDs). The website will do a better job than me to talk about the numerous features, but I will do my best to explain what...
# Introduction I recently took a very hard decision: I moved my emails to Proton Mail. This is certainly a shock for people following this blog for a long time, this was a shock for me as well! This was actually pretty difficult to think this topic objectively, I would like to explain how I came up to this decision. I have been self-hosting my...
# Introduction You may self-host services at home, but you need to think about the potential drawbacks for your privacy. Let's explore what kind of information could be extracted from self-hosting, especially when you use a domain name. # Public information ## Domain WHOIS A domain name must expose some information through WHOIS queries,...
# Introduction If you use Proton VPN with the paid plan, you have access to their port forwarding feature. It allows you to expose a TCP and/or UDP port of your machine on the public IP of your current VPN connection. This can be useful for multiple use cases, let's see how to use it on Linux and OpenBSD. =>...
# Introduction In this blog post, you will learn how to configure your email server to encrypt all incoming emails using user's GPG public keys (when it exists). This will prevent anyone from reading the emails, except if you own the according GPG private key. This is known as "encryption at rest". This setup, while effective, has limitations. ...