Nice, but the bots may not understand the joke.

And not only that but they will tag the domain with ”there is something here”, and maybe some day someone will take a closer look and see if you are all up-to-date or would there maybe be a way in. So better to just drop everything and maybe also ban the IP if they happen to try poke some commonly scanned things (like /wp-admin, /git, port 22 etc.) GoAccess is a pretty nice tool to show you what they are after.

Not at hand no, but I’m sure any of the LLMs can guide you through the setup if googling does not give anything good.

Nothing very special about all this, well maybe the subdir does require some extra spells to reverse proxy config.

Use a reverse proxy (caddy or nginx proxy manager) with a subdomain, like myservice.mydomain.com (maybe even configure a subdir too, so …domain.com/guessthis/). Don’t put anything on the main domain / root dir / the IP address.

If you’re still unsure setup Knockd to whitelist only IP addresses that touch certain one or two random ports first.

So security through obscurity :) But good luck for the bots to figure all that out.

VPN is of course the actually secure option, I’d vote for Tailscale.

Don’t know why exactly are you downvoted but this is exactly what is going on as cars get more ”connected”, following Tesla & BYD lead. Just like with phones at the moment, everything tries to spy on you a little to tap into that sweeet targeted ad revenue, or something else.

For example I bet the insurance companies love to have some driver behaviour data about you, and the big retail likes to know where/what time you are on the move (though they already get it from the dozens of apps on your phone that have access to location data, like Google Maps).

Yeah using a USB stick is arguably not too difficult but still more difficult than state of the art OS upgrades are with the competitors. If there is no real technological hurdle to make the jump from Win to Linux require just a few clicks in a friendly GUI environment, why should we not pursue that?

I disagree. Sure, they are able to stick the drive to machine and use some easy tool (would need to be easier than Rufus) to write some data to it.

But then comes a big hurdle if USB boot is not the default: What is BIOS/UEFI? What key to press to get there? When do I press it? What are these text things? How do I navigate here? What exactly should I change? What is what of these drives listed? How to change the order? How to save? (Have witnessed this struggle a dozen times)

And IF they get through that step, then depending on distro they have very different kind of installation UI, all sorts of options they know nothing about, and they no longer have their browser and guide page open that they had when they started the operation.

We should not merely target the ”average person” but also, to a degree, the dumb masses below them. Look how simple the Windows 10 to Windows 11 installation has been made, there really is no way you can mess it up. If I remember correct, even upgrading from 7 to 10 was just: download ISO, double click to mount it, run setup.exe, click next a few times, and let it reboot and do its thing.

Yup, now you touch one core problem why Linux in desktop cannot get to masses — too much fragmentation. Next to unlimited chain of options and preferences, many of which even lead to severe incompatibility issues.

Ubuntu some decade or two ago looked promising ”one distro to rule them all” but seems to have turned to shit since.

If you look at Windows or macOS, it’s basically just a version or two to choose from, and the most common one suits 90% or more.

The same should happen in Linux world too. If an ”easy install tool” like described above would offer just ~5 most common distros, in their most common variant, it would still be a tremendous step forward.

If someone is knowledgeable enough to have strong distro pref, or knows that they need a certain system component, they most likely are not the target audience anymore as they can handle a manual install too. The target user may not even know there are different distros, and will just pick the ”Linux version” based on a screenshot that looks familiar or interesting.

So IMO; no options other than the absolutely critical ones (like to dual boot or not). There shouldn’t be more than maybe 3 big things the user has to decide themselves, for everything else the Linux community as a whole MUST be able to take a hard look at themselves and decide what are the most viable, compatible and best supported branches, and unite behind those.

Not my text but here’s what Gemini laid out, apparently projects like WubiUEFI do something like this but with caveats.

” Project: “One-Click Linux” Installer Objective: A simple .exe for non-technical users to install a full Linux distribution from Windows 10/11. The process will be fully automated after a single click.

Core Technologies & Components

1. The Windows Application (.exe)

• GUI Framework: .NET (C#) to build a minimal user interface and leverage deep Windows integration.
• Disk Partitioner: Script the built-in Windows diskpart.exe utility to automatically shrink the existing Windows partition and create a new one for Linux. Requires Administrator privileges.
• Installer Preparation: Download a pre-selected Linux distribution (e.g., Linux Mint) and extract its core files.

2. The Bridge from Windows to Linux

• Boot Configuration: Use Windows bcdedit.exe to create a temporary, one-time boot entry that points directly to the Linux installer, bypassing the normal Windows boot.
• Automated Installation: Generate a preseed or kickstart script. This file will provide all the answers to the Linux installer automatically (language, keyboard, and instructions to use the partition created earlier).

3. The Modern Boot Solution (Post-Installation)

• Boot Manager: rEFInd. The automated Linux install will install rEFInd. It is chosen for its superior auto-detection of both Windows and Linux, and its user-friendly graphical interface. It will automatically provide a clean, icon-based menu to choose an OS on startup.
• Boot Method: EFI Stub. The Linux kernel will be launched directly by rEFInd as a bootable EFI application. This is a fast, clean, and modern method that avoids the complexity of older bootloaders. rEFInd will handle discovering the kernel and presenting it as a boot option. ”

Great effort and all but until we can get an .exe to run in windows to install the new system, this will not attract anybody but the 0.01%.

Yes, for us in the know it’s no biggie to get an USB stick, play with Rufus or the kind, fiddle with ”BIOS” but for the average user even the first step is just too much.

Windows can install new Windows and modify EFI stuff, and macOS can install new macOS so why can’t Linux use the same mechanisms? Especially as in the history there used to be some projects that could do this…

Best chance in decades to bring Linux to desktop and it looks like we blew it by being too accustomed to difficulty, not being united behind the effort and whatnot :(

You can type these magic words to your search engine: Microsoft Activation Scripts (MAS)

UTM is the way to go on modern Macs, and even iOS/iPadOS too! Free, built on QEMU and super easy to spin up virtual machines with any architecture.

https://mac.getutm.app/

Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.

I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:

• nothing answers from www.mydomain.com or mydomain.com or ip:port.
• I have subdomains like service.mydomain.com and letsencrypt gives them certs.
• some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
• keep the services updated and using good passwords & non-default usernames.
• Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
• Planned: geofencing some ip ranges, auto-updating from public botnet lists.
• Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.

Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.

You recon the copyright mafia cares much about what’s illegal or not? Google has played ball with them for years and slowly sided with them more and more. It’s all about the ad money and google wanting to keep the big players happy. All things related to ”owning content” in this era of just renting is going to get flagged. Ripping, selfhosting, torrenting, data hoarding…whatever undermines the content monopoly.

”Pretty fast” after they tuned those automations to the current setting. And they will keep turning it that way unfortunately.

Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.

Dont know much about anything but it would not surprise me if it was some Bosch engineers who originaally hinted all those engineers of what could be done with their systems if they just listen some states of other car systems. Afterall, it’s their injection systems etc. almost every diesel manuf used/uses.

This thing happened 2009-> and they got caught around 2015. Justice system is slow.