1 |
On 8/16/20 10:50 PM, Caveman Al Toraboran wrote: |
2 |
> hi. |
3 |
|
4 |
Hi |
5 |
|
6 |
> context: |
7 |
> |
8 |
> 1. tinfoil hat is on. |
9 |
|
10 |
Okay. |
11 |
|
12 |
> 2. i feel disrespected when someone does things to my stuff without |
13 |
> getting my approval. |
14 |
|
15 |
Sure. |
16 |
|
17 |
> 3. vps admin is not trusty and their sys admin may read my emails, |
18 |
> and laugh at me! |
19 |
|
20 |
Do you have any (anecdotal) evidence that this has actually happened? |
21 |
|
22 |
Hanlon's razor comes to mind: |
23 |
|
24 |
Never attribute to malice that which is adequately explained by |
25 |
stupidity. |
26 |
|
27 |
My experience supports Hanlon's razor. |
28 |
|
29 |
This doesn't mean that there aren't malicious admins out there. Many in |
30 |
our industry have fun with the B.O.F.H. and P.F.Y. But I think that's |
31 |
more what we want to do -- if there were no repercussions -- and not |
32 |
what we actually do. *MANY* people talk a big game. I've seen few |
33 |
follow through on the boasting. |
34 |
|
35 |
> 4. whole thing is not worth much money. so not welling to pay more |
36 |
> than the price of a cheap vps. |
37 |
|
38 |
That is your choice. I personally find that my email / DNS / website is |
39 |
worth ~$240 a year. I could probably do it for ~$120 a year if I wanted |
40 |
to drop redundancy. |
41 |
|
42 |
I could theoretically do it for $60 a year if I wanted to lower |
43 |
functionality. |
44 |
|
45 |
> moving to dedicated hardware for me is not worth it. |
46 |
|
47 |
Fair enough and to each their own. |
48 |
|
49 |
I used to have dedicated hardware in my house, and then migrated to VPS |
50 |
based solutions as part of a cross country move without a static IP on |
51 |
the destination end. |
52 |
|
53 |
> my goal is to make it annoying enough that cheap-vps's admins find |
54 |
> it a bad idea for them to allocate their time to mingle with my stuff. |
55 |
|
56 |
I'd like to hear any (anecdotal) evidence of this happening that you have. |
57 |
|
58 |
If there is anything, I'd suspect that it's bulk Deep Packet Inspection |
59 |
monitoring things. I doubt that actual malicious involvement is common. |
60 |
|
61 |
> thoughts on how to maximally satisfy these requirements? |
62 |
|
63 |
Well, seeing as how you're talking about email, the biggest elephant in |
64 |
the room is SMTP's default of unencrypted communications path. It's |
65 |
realtively easy to add support for encryption, but more systems than I'm |
66 |
comfortable with don't avail themselves of the optional encryption for |
67 |
some reason. Sure, it's possible to configure many receiving SMTP |
68 |
servesr to require it from specific sending systems and / or sending |
69 |
domains. But this is effort you have to expend to enact these restrictions. |
70 |
|
71 |
Actual encrypted email; S/MIME, PGP, etc. help in this regard. |
72 |
|
73 |
|
74 |
|
75 |
-- |
76 |
Grant. . . . |
77 |
unix || die |