Ep 8 Commit2Quit or as much as you can

At the time of this posting Fediverse.blog (where I post the full
show notes) is down. I will edit this on Anchor when I get a
solution.


Housekeeping


It seems that this podcasts goal has already been achieved. It
has inspired 2 people to start self hosting. I got a couple of
notifications on Mastodon that one is researching on how to self
host on bsd and the other actually installed Yunohost! Thats
frickin AWESOME! 


CONGRATS TO BOTH OF YOU! And I sincerely hope it works out for
each your situations. Especially the one doing it on bsd. I want
to know how you end up doing it!


Keep in mind If you aint root, you dont own it.


Own your shit!


Additional Security points from a Yunohost Dev


Alek, one of the main dev/contributor on Yunohost's core and
project managment team sent me some additional points to remember
about security. The emphasis is mine.


>- **One of the key point of security is to limit the attack
surface**. Don't install apps just for fun or give access to the
user "because it's convenient and might be useful later"


>- Don't get too crazy about using the top-notch security
ciphers with 4096bit keys or whatever. It doesn't matter. Usually
the weak link of the security is elsewhere - either human or
technical.


>- Last but not least, there is no such thing as "being
secure".** Security is a process, and is always a tradeoff with
usability**. 


>


>For ex, in the context of Yunohost, we have fail2ban
configured to ban after 5 failed auth attempt. We see that it
triggers a lot of false positive (legitimate users trying to
login and getting banned for misc reasons). 


>


>**But point is, even if you get to some perfect "technical"
security, the human part of security is not to be neglected **


I know that this is'nt something new. Framasoft and other people
have already launched a similar campaign a year or so ago. So I
admit that I am riding the coat tails of some big peeps. But
since I've joined the Fediverse and really embraced it and the
whole "control your data" movement I've noticed that there are an
awful lot of, I dont know what you call them, bot accounts? It
looks like its a bot that is just reposting crap from Twitter
accounts on Mastodon. Somebody is prolly just being lazy and
wrote a script that will copy/paste something to Mastodon. But I
ask why? Why stay on Twitter and bitch about Twitter? Why stay of
Facebook and bitch about Facebook? 


So far I have deleted all Instagram, Twitter, Apple, Amazon and
Microsoft accounts. I have 1 google and 1 facebook remaining.