this post was submitted on 19 Aug 2023
99 points (89.6% liked)

Selfhosted

40137 readers
637 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

On my flight home yesterday a free, but limited, wifi option was available that allowed only for messaging (WhatsApp, Messenger, and I think the Google and Apple ones were specifically mentioned), but not web browsing. I checked and, sure enough, I couldn't get web browsing to work, but WhatsApp and Messenger worked fine. I decided to try my XMPP client and I was pleasantly surprised to that that worked fine as well.

I know it's a limited use case, where XMPP is one of the few unblocked protocols, but are there things I can do with it besides chatting? Could I use it to receive status updates from my server? Is there a way to use it for SSH somehow? I guess some sort of bot running on my server would be required. Seems like there are lots of possibilities, like bots that fetch websites or interact with ActivityPub. Has anyone found or tried anything like that?

cross-posted from: https://pixelfed.crimedad.work/p/crimedad/598286716239948208

Dog on a plane

My wonderful neighbor, Juicy, on our flight home.

#italiangreyhound #dog #gooddog

@aww@lemmy.ml

all 30 comments
sorted by: hot top controversial new old
[–] hansl@lemmy.ml 25 points 1 year ago (1 children)

You can do SSH tunneling over DNS, so everything is possible.

[–] bartolomeo@suppo.fi 8 points 1 year ago (2 children)

Wait how do you do that? Local port forwarding with ssh -L ?

[–] Max_P@lemmy.max-p.me 8 points 1 year ago

The option -D $port creates a SOCKS5 proxy which can be used by most browsers, and will auto tunnel everything.

[–] CAPSLOCKFTW@lemmy.ml 8 points 1 year ago

You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.

[–] Decronym@lemmy.decronym.xyz 20 points 1 year ago* (last edited 1 year ago) (3 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

6 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.

[Thread #69 for this sub, first seen 19th Aug 2023, 17:16] [FAQ] [Full list] [Contact] [Source code]

[–] aldalire@lemmy.dbzer0.com 12 points 1 year ago

Good bot, keep it up

[–] AutumnSpark1226@lemmy.today 19 points 1 year ago (1 children)

In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn't be that hard but interactive commands might need a custom wrapper.

[–] jonne@infosec.pub 16 points 1 year ago (1 children)

RMS uses email to fetch websites instead of using a browser, you could easily do the same with XMPP.

[–] IceMan@lemmy.one 7 points 1 year ago (2 children)
[–] CrimeDad@lemmy.crimedad.work 10 points 1 year ago

He's just a special guy.

[–] jonne@infosec.pub 5 points 1 year ago

The man is eccentric to say the least.

[–] poVoq 11 points 1 year ago

https://github.com/msantos/xmppipe

Would be one example, but there are actually many such projects.

Especially if you are on a really bad or congested connection it actually works better than regular SSH.

Obviously security trade-offs regarding this need to be carefully considered.

[–] SteveTech@programming.dev 9 points 1 year ago (1 children)

Like the other guy said, they're probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.

[–] CrimeDad@lemmy.crimedad.work 4 points 1 year ago (1 children)

If I were to do this would I have to change my actual XMPP port? Or, is it just a matter of adjusting my DNS records somehow? Or something else?

[–] SteveTech@programming.dev 3 points 1 year ago

would I have to change my actual XMPP port? Yes.

You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).

[–] poVoq 8 points 1 year ago (2 children)
[–] 3laws@lemmy.world 4 points 1 year ago

Man, I love the internet!

[–] CrimeDad@lemmy.crimedad.work 3 points 1 year ago

Ah very cool. I just need to figure out how to install it.

[–] drspod@lemmy.ml 6 points 1 year ago (1 children)

What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don't control the certificate stores on the clients.

I'd imagine they're relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.

[–] CrimeDad@lemmy.crimedad.work 4 points 1 year ago

Yeah it was the server I'm running in my house.

[–] Smk@lemmy.ca 6 points 1 year ago

It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.

You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.

You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn't be great.

[–] wildbus8979@sh.itjust.works 4 points 1 year ago

The project is dead now, but have a look at Archipel, it's a whole orchestrator (like Proxmox) based around XMPP

https://github.com/ArchipelProject/Archipel

[–] argentcorvid@midwest.social 4 points 1 year ago

There used to be web, ftp, and gopher relays that would work through email, so I'm sure it's possible.