AstonJ

AstonJ

How do you secure your dev machine/environment

Following on from this post in Do you use LittleSnitch or the equivalent on your OS? I think it might be worth us creating this thread so we can share tips and tricks we might have picked up over the years to help secure our dev machines and home networks - if you have any please share!

Most Liked Responses

Eiji

Eiji

In 99.999999999% cases I prefer prevent instead of defend tactic. I block adds, 3rd part content (including cookies) and usually access sites I already known. I use Gentoo Linux and I decide what’s inside my environment setup part by part. Maybe it’s a bit too manual, but in exchange I don’t have support for everything like cups without a printer and so on. :smiling_imp:

Most of apps and services is open source alternative for BigTech products. I rarely use Google, Twitter/X account only for giveaways, Discord only for a contact with family and Slack also for Elixir contacts. I had a LinkedIn account, but for some reason just checking inbox was a “suspicious activity” and because of that they require my ID scan (which in many countries is illegal btw.), so I showed middle finger and stopped using it.

I do not pay by card online. I prefer cash or “old, good” bank transfer. Simply most type of attacks that require “rush without thinking” does not work on me. On a single key I access a terminal with lots of useful information and actions.

sezaru

sezaru

I use a Yubikey as a 2FA for doing anything with root access in my computer.

Also, for critical files, I create a vault with CryFS (which I can easily manage using the Gnome app called Vaults) and only mount it when I need something from it.

For firewall, I have a small device running PFSense that manage all the internet access to my local network instead of handling that in each computer.

Finally, for data storage and backup I use a NUC as a NAS with all data and I have a wireguard VPN setup on it so i can access it when I’m not at home.

AstonJ

AstonJ

macOS

Apart from the obvious like setting a password etc…

  • Turn on FileVault to encrypt your drive: Privacy & Security > FileVault
  • Turn on your firewall: Network > Firewall (then periodically click on ‘Options’ to check those in the list of incoming connections).
  • Enable end-to-end encryption of iCloud data: iCloud > Advanced Data Protection

Oddly - none of the above is on by default!

  • Install LittleSnitch to allow/disallow connections to the web (there are free alternatives)
  • Set up Time Machine backups (encrypted and usually run two and keep old copies)
  • Check Privacy & Security > Files * Folders to see which folders your apps can access
  • Check Privacy & Security > Full Disk Access
  • Check Privacy & Security > Accessibility to see which apps can ‘control’ your Mac
  • Check Lock Screen > require password after screen saver begins immediately/whatever you require
  • Check General > login items for apps/services that automatically start at login
  • Check your folder permissions (particularly if you have added any to you home folder). Folder > right click > info (should be you > Read & Write and everyone > no access)
  • Privacy & Security > Advanced > log out automatically after inactivity (means a password would be required instead of just Touch ID)

You may also want to look at Apple’s new Lockdown Mode, which they say can offer extreme protection.

Where Next?

Popular in Dev Env & Tools Top

AstonJ
Do we have any frequent travellers or digital nomads here? If so where have you been and do you have any tips to share? (Particularly in...
New
bwlang
I want to buld this docker image but it fails with a timeout at RUN mix local.hex --force Maybe it’s just a maintenance window, but the...
New
g33kidd
Just curious as to what everyone is using in terms of colors. I’m currently using Sublime Text 3 and using the GoldenDragon color scheme....
New
mveytsman
If you use vim, upgrade alchemist.vim to 2.8.0 as soon as possible!! There’s a bug that allows any website to take over your computer. ...
New
Rich_Morin
The Applications tab in Observer displays a diagram of running applications and supervision trees. This is a really impressive capability...
New
AstonJ
Welcome to our thread for Windows users :smiley: Mac users please use this thread Linux users please use this thread For those who dis...
New
dimitarvp
Yeah, feels the same here. :confused: And I made a much bigger investment, the iMac Pro I got was $8000 at the time I bought it (2019). ...
New
aziz
I’m happy to finally present to you the best Sublime Text package for Elixir, templates and more! :partying_face: :confetti_ball: Elixi...
New
AstonJ
Welcome to our thread for Linux users :smiley: Mac users please use this thread Windows users please use this thread For those who dis...
New
AstonJ
I wasn’t aware ZSH has plugins until @Samjowen mentioned one in the Share an Elixir or dev-env tip a day thread! Oh My Zsh comes bundle...
New

Other popular topics Top

skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39297 209
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36128 110
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New

We're in Beta

About us Mission Statement