Dammit, that’s one of my favorite podcasts.
Support had been dwindling and ad revenue is nearly non-existent for Linux podcasts, so I totally understand why. Still, too bad. I guess I’ll bump my donation to Late Night Linux since I can’t really find another self-hosted podcast that’s worth listening to.
I can get notification to ntfy, but I’m not sure if the app is certain to blow my phone up until I notice it, which is my goal. Frankly, if I could trigger the Presidential Alert, I would do that.
The application isn’t 100% likely to stay active in the background it seems. I tried to program one myself but there’s a lot of bullshit going on in background apps in Android that I’m not familiar enough with to trust that I can do any better.
Any suggestions for services that do that? I like the idea, I’d actually get a few different phones to ring if some of the alarms were to get triggered.
This is my summer solar system. I like to winter in the Antares.
There is a guide in the Mail cow docs on integrating Roundcube, that’s the client I use for my stack.
8GB of RAM on a laptop today is f-ing ridiculous.
If Apple didn’t try to make 400% markup on their underpowered trash, it would probably just cost what it costs now. Except the child slave labor part would go away.
Have you even said Thank You?!?
I’m not sold on GLinet’s implementation of OpenWRT. I have 3 of them in production, and all three need regular reboots to stay working. I like the VPN interface they have and the ability to get to the underlying Luci interface, but I’ve found just flashing my own device to have a more stable and deterministic result.
I can’t speak to VLANs in specific, because I haven’t trusted them enough after seeing the rest of it to use it anywhere critical enough that I use VLANs.
I’m trying to figure out how to add it to Mailcow Dockerized and hook the existing containers. If I sort it out, I’ll probably PR it to Mailcow. I think it would a nice addition to start to build out a network that isn’t susceptible to the same spam attacks as regular email (yet).
Ain’t nobody wanna see that.
The porn is sadly lacking, actuallly.
You set up the VPN and it’s always on. There’s no hassle.
Like, good for you, man.
But you should really keep your stuff inside the VPN and not expose things, it opens up a pile of potential risks that you don’t need to have. You can still use a reverse proxy inside the VPN and use your own DNS server that spits out that internal address to your devices for your various applications. If you absolutely, positively must have something exposed directly, put it on it’s own VLAN and with no access to anything you value.
I don’t think a tailscale tunnel helps this anyway, maybe just from standard antispoofing and geoblocks, but it still gets to the application in full eventually, when they can do what they’d do if it was directly exposed. The attack surface might be an entire API, not just your login screen. You have no idea what that first page implements that could be used to gain access. And they could request another page that has an entirely different surface.
If someone has Nextcloud exposed, I’m not stopping at the /login page that comes up by default and hitting it with a rainbow table; I’m requesting remote.php where all the access goodies are. That has a huge surface that bypasses the login screen entirely, might not be rate limited, and maybe there’s something in webdav that’s vulnerable enough that I don’t need a correct token, I just need to confuse remote.php into letting me try to pop it.
You can improve this by putting a basic auth challenge at least in front of the applications webpage. That would drastically reduce the potential endpoints.
Just glancing through that guide:
OPNsense instead of Pfsense, because pfsense is going to rugpull, it’s just a matter of time. I wouldn’t trust the twats that run it farther than I could throw them because they’re pretty silly people. Rossman suggests exactly this in the intro to the router section, he would change if he hadn’t been using it for a decade already. Unfortunately, a lot of this guide is focussed on how to do it via pfsense and if you’re brand new, you’re going to have to figure out how to do it in OPNsense yourself.
Wireguard/Tailscale instead of openvpn. Faster and way easier to set up. Don’t even try to set up a full LAN routed VPN, just use Tailscale for the services you want. And use it for everything and everyone instead of punching holes in the firewall.
He’s definitely right about mailcow; if you’re reading that guide for information, you are not a person that should be self-hosting email.
I have yet to understand why Kwallet does the things it does sometimes. It varies by distro, and sometimes you fix it by putting in your login password, sometimes by putting in no password, sometimes make a new wallet, sometimes wipe the database. It’s pretty frustrating.
If you can’t change the password on the original keychain, I don’t think there’s a way to recover anything stored in it.
Commute gone down?
I listen a lot because I’m either working where I need ear defenders and so I listen on BT headphones, or I’m in a combine/tractor. I’d be bored AF without podcasts.