farcaller

@farcaller@fstab.sh

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Interesting SSH Authentication Mechanism⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.
⁨Comment⁩ on ⁨Do I really need a firewall for my server?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
This is the best answer. Your router protects you from the outside, but a local firewall can protect you from someone prodding your lan from a hacked camera or some other IoT device. By having a firewall locally you just minimize the attack surface further.
⁨Comment⁩ on ⁨Discord plans to roll out third-party ads on its mobile apps, starting with a mobile pilot for Video Quests, video ads that let users earn rewards, in June 2025.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you’d better onboard on matrix.org or else.

People saying self-hosting mastodon is hard never had to touch matrix. It’s not hard, the protocol is literally broken to the point where starting again is not an option.

I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It’s wild how much easier it used to be with xmpp.
⁨Comment⁩ on ⁨Discord going public. Plz help a future refugee.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Matrix is spectacularly cursed to the point of being unusable if you self-host it. The protocol is dumb enough to lock you out of rooms hosted on another server forever if anything goes wrong with the key rotation.
⁨Comment⁩ on ⁨Looking for a logging solution⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Seq is expecting structured logs which yours aren’t. So you want to either convert your app’s logs into a structured format (which is generally hard for a random third-party application) or use a log collector that’s fine with non-structured logs (e.g. Loki+grafana don’t care about the shape is your logs and you can format the output while querying).
⁨Comment⁩ on ⁨What are some self hosted services that you think are essential?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.

That’d be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).

My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).

For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.
⁨Comment⁩ on ⁨Dropbox is laying off 20% of its staff⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
The windows client does, yes. But I’ve found that to be fragile on occasions.
⁨Comment⁩ on ⁨Dropbox is laying off 20% of its staff⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Technically, it does have a windows client. It’s just in various states of being broken.
⁨Comment⁩ on ⁨How annoying is it to connect to VPN/use Tailscale instead of being able to access the service directly?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
For the last 10 days tailscale clocked 1% battery on my phone. I honestly didn’t even consider turning it off for battery savings.
⁨Comment⁩ on ⁨Running Tailscale docker image vs. binding port to Tailscale IP⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
If tailscale inside a container allows you to talk to it via “direct” connection and not a derp proxy, then it will offer you better service isolation (can set the tailscale ACLs for this specific service) without sacrificing performance.

Tailscale pushes for it because it just ties you in more. It allows to to utilize the ACLs better, to see your thing in their service mesh, and every service will count against the free node limit.

In practice, I often do both. E.g. I’ll have my http ingress exposed to tailscale and route a bunch of different services through it at a single tailscale node, where the access control is done by services individually. But I’ll also run a pod-to-pod tailscale between two k8s clusters because tailscale ACL is just convenient.