It's a bit of a counter decentralization force IMO to the last few decades push towards central service providers.ġ. It's really exciting to me how much open source networking power is now available to everyone. It makes all this really easy.Īnyway, hope this helps a bit. Nebula has been super slick though and I've been using it more and more. I'm fortunate enough to have fixed IPs available to me at home and office and have tended to use WG a lot just because it's had more advanced support and performance in constrained environments for me (kernel support in Linux and now BSDs). With Nebula you establish an internal CA (super easy built-in tool for it) and that doesn't (and absolutely shouldn't) live on the lighthouse. Depending on distance between nodes this can be a lot lower latency as well. This generally works even if both are NAT'd, and if not it's transparent fallback and still encrypted between them. There, the fixed IP node (the "Lighthouse") primarily acts to let other nodes know their mutual addresses, and they then attempt to form a direct link with no bouncing through a bastion, it's a real mesh. It's built on the Noise encryption framework as well. Second though, having said all that I think if you worried about the VPS bit (or even if not) you should take a look at the Nebula SDN instead. And in this kind of specific instance the WG is more about controller public facing surface area, the Bitwarden/Vaultwarden traffic in flight is itself encrypted. As far as the VPS, it can indeed access that subnet too, since it's acting as part of the subnet, but you can use normal firewall rules on the far side internally to control what can talk to what and how. If multiple systems are connected to one system with wireguard giving them all access to a given subnet is straight forward. Is "bastion host" what I'd want? Also is there a way to ensure the VPS cannot access the network as well, and just tunnels it essentially?įirst, yes a search phrase like that should get you the right terms, though there isn't anything inherently special about it.
BITWARDEN WEB VAULT HOW TO
> I've been meaning to look into this with wireguard, but I'm having trouble searching for/finding how to do this. Selfhosting absolutely has its challenges and costs but the surface area for exploiting bugs drops a lot when there is no 3rd party or shared environment involved. If your instance is just for yourself then even the server can still be another of your devices. And for something as lightweight as this it should be fine running it at home off of most connections, if you don't have a fixed IP can bounce through even the cheapest VPS instance and still store nothing in the cloud (or run something like Nebula and automate that bit so that it's an encrypted mesh and only a minimal Lighthouse node need be 3rd party). It's reliable, dependable and performant enough to pretty much put everything inside of by default. Now when I run services like that I access them exclusively via WireGuard or Nebula, no exposure to the public internet at all. Traditional finance (credit cards), government identification systems (social security), etc have so much existing infrastructure that innovating in this area is hugely costly and slow, but it's absolutely the direction we need to go.Īs well as what sibling said about it being E2EE and just using a standard API for storage, there are awesome tools these days so you can (and I think should) lock down your instance fairly well.
BITWARDEN WEB VAULT PASSWORD
If you try to use an inherently broken password auth system for completely decentralized digital currency, it will immediately descend into unusable chaos because of the vulnerability. I know a lot of HN doesn't have much use for blockchain, but if there's one thing that blockchain has done for the world it's been to substantially spur the use and development of public-key auth systems, especially on the UX front. We can't get to a password-less world fast enough IMO.
They're unfixably insecure.identifying yourself to someone by giving your secret identifying information to them immediately allows them to impersonate you! We've had the technology to fix this problem for close to 50 years now: public-key cryptography. Passwords, credit card numbers, social security numbers, etc are old outdated technology that can't go away fast enough.
0 kommentar(er)
