moonpiedumplings

@moonpiedumplings@programming.dev

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
infosecmap.com

wiki.hackerspaces.org/List_of_Hacker_Spaces

Also check out meetup.com for linux user groups and other events.
⁨Comment⁩ on ⁨Remote KVM recommendations⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Also check out meshcentral. Important thing aboout meshcentral is that it lets you hijack the users screen, show you can show them step by step through things. RDP doesn’t do that, it kicks the other user out.
⁨Comment⁩ on ⁨Finally, an optimal monitor configuration!⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
sprocketfox.io/xssfox/2021/12/02/xrandr/
⁨Comment⁩ on ⁨An actually functional webproxy to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
By the way: en.wikipedia.org/wiki/Shadow_IT
⁨Comment⁩ on ⁨An actually functional webproxy to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
So, my high school used to have a domain/ip whitelist. The trick to get around whitelists is to take advandage of the fact that whole subdomains would be included in the whitelist, which would then also include any ip addresses.

Any duckdns subdomain, or anything hosted on many cloud providers would be unblocked.

So holy unblocker has a one click deploy, which can deploy to PaaS sites which would usually have their entire ip address space and subdomains included in the whitelist.

@myszka@lemmy.ml
⁨Comment⁩ on ⁨Considering self hosting my own git repositories. What are some options?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
You should probably migrate now, forgejo is currently a soft fork that is fully compatible, but in the future they are planning to hard fork and not be compatible. Well, they are in the process of doing so right now.
⁨Comment⁩ on ⁨Xbox "Project Helix" confirmed to run Xbox and PC games - competition for the Steam Machine⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Xbox games are actually windows UWP apps, which is the format distributed by the Microsoft app store. Windows games from the MS app store are UWP as well. Xbox’s are actually Window’s PC’s, and have been this whole time.

But now, xbox is releasing a new device that is not locked down to shit and allows you to use some more of it’s full capabilities, and they act like it’s some hot new feature. I’m so fucking fed up of corporations forcing locked down shit on us and spoonfeeding us unlocked stuff and then expecting us to fucking worship the ground they walk, all because they deigned to “allow” us to use the devices the way they should have been usable from the very beginning.
⁨Comment⁩ on ⁨Search self-host user groups and acxess management⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Second post, but also check out midpoint by evoloum: docs.evolveum.com/iam/

It is a modern web frontend on top of Active Directory.
⁨Comment⁩ on ⁨Search self-host user groups and acxess management⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
1. Use an Identity Provider (IDP)*. Other people have mentioned LDAP, which can play this role.
2. Use groups within the IDP to declare who has what privileges.
3. Apps using the IDP for auth can read the groups and allow/deny permissions based on groups.
*Or Identity and Access Management if you are in the cloud ig.

For open source solutions, I would recommend:
- Authentik (what I use)
- Kanidm (doesn’t have web ui)
- Nubus by Univention
These three solutions all have invites, ldap, and can act as oauth providers. (Oauth is single sign on), which are the features I want. There are also integrated, including it all in the one app.

There is also LLDAP, which is a web ui for ldap, and then you could use a service that connects to that, like authelia or keycloak, to add oauth on top.
⁨Comment⁩ on ⁨An actually functional webproxy to self-host⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
No, Socks5 does not work for this usecase. You don’t get permissions to run it locally via crostini and the settings are locked in the chromebook settings. In addition to this, it is too easy to fingerprint, and some of the more aggressive setups will catch it and block it. For example, my high school would autodetect wireguard and then kick you off of the network for 10 minutes if you attempted to connect.
⁨Comment⁩ on ⁨An actually functional webproxy to self-host⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
These kinds of setups are used to bypass agressive network filtering and content censhorship. All the traffic is http(s). And then the way only a browser is needed means it works on locked down devices like chromebooks.

The browser in docker is something I have used, but it requires more resources to host and can only be used by one person at once if you are using something like linuxserver’s webtop.
⁨Comment⁩ on ⁨An actually functional webproxy to self-host⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Yeah you want the titanium networks projects.

I used to use Metallic.
⁨Comment⁩ on ⁨Working to Decentralize FedCM⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
This requires manually enabling every additional provider.

No, it doesn’t. The docs are confusing on this, but forgejo has two methods to enable oauth/oidc. One is to manually enable them, but there is a second, where people bring their own oauth link.

The docs contain 3 things related to oauth:
- Oauth provider forgejo acts as oauth for someone else
- Ouath client — This is the one where you manually enable providers
- But then there is a third config. Openid. This lets users bring their own openid/oauth link and sign in with that. No manual configuration required on the side of the forgejo server per client.
⁨Comment⁩ on ⁨Working to Decentralize FedCM⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Forgejo has a feature (that people usually disable) where you can bring your own openid connect url and use it to auth. So if I have my own OIDC provider I am self hosting, I can just use that to log in.

Most people only use it for google and microsoft and whatnot but it’s very possible. I don’t realkly see what FedCM offers that OIDC doesn’t or can’t, or why we shouldn’t be adding features to the existing and popular OIDC instead.
⁨Comment⁩ on ⁨GitHub - sergi0g/cup: 🥤Docker container updates made easy⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I use fluxcd with helmrelease’s which auto update the helm release. If the helm chart versions specify container versions, then updating the helm chart updates the containers in the deployments.

But for raw deployments, I found this, but not much else.
⁨Comment⁩ on ⁨Keycloak or alternative?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
In addition to adding more worker instances, you can also increase the amount of threads each worker instance uses to vertically scale. It’s about equivalent to adding a worker instance.
⁨Comment⁩ on ⁨Keycloak or alternative?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Authentik is definitely the best of all I’ve tried. It has the most features, supporting both ldap and oauth, and also has an official helm chart.
⁨Comment⁩ on ⁨How to access home network (eg, VPN) without port forwarding?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Tailscale already does though, I think.

tailscale.com/docs/features/tailscale-funnel

Although it might work differently.
⁨Comment⁩ on ⁨Adding "Log In With Mastodon" to Auth0 - Terence Eden’s Blog⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
This reminds me of the way that forgejo lets you feed it an arbitrary openid url, sp you can log in with any service you want, including your own server.
⁨Comment⁩ on ⁨Twitch: "Hey, come back! This commercial break can't play while you're away."⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Owncast is the self hosted stream thing. It has some rudimentary federation capibilities, but nowhere near the ease discovery of twitch.

I know some streamers that have an owncast, expired_popsicle uses debian Linux and has one. (It’s tech/linux streamers because of course).
⁨Comment⁩ on ⁨It's me again. My Kubernetes devolver has reached the astral plane.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
go run works by compiling the program to a temporary executable and then executing that.

can you guarantee that runs everywhere

It seems to depend on glibc versions, if that’s what you are asking. You can force it to be more static by using a static musl python or via other tools. Of course, a binary for Linux only runs on Linux and the same for Windows and Mac. But yeah.

Also it should be noted that go binaries that use C library dependencies are not truly standalone, often depending on glibc in similar ways. Of course, same as pyinstaller, you can use musl to make it more static.
⁨Comment⁩ on ⁨It's me again. My Kubernetes devolver has reached the astral plane.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You can create static binaries that bundle the python interpreter and dependencies.

You can do it with C. Or Csharp. Or many other programming languages. It’s not a feature unique to Go, it’s just that Go can only create static binaries.
⁨Comment⁩ on ⁨Selfhosted, multiplayer, browser based games⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
oh I have tested this game somewhat, although I’ve never actually played it. It is very impressive.
⁨Comment⁩ on ⁨My thoughts shopping around for a wiki solution⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
What about a static site generator? Plaintext, markdown, but renders to html with headings and whatnot. Version control is because it’s in git.

Read access control is difficult though. You could do some hacks like using encrypting files in the git repo (perhaps with SOPS), and then either using http basic auth to control access to specific pages or something like staticrypt. But these are not ideal solutions.
Selfhosted, multiplayer, browser based games
Submitted ⁨⁨2⁩ ⁨weeks⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨5⁩ ⁨comments⁩
⁨Comment⁩ on ⁨k8s storage (CSI)⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Openebs mayastor

But you could fit ceph on that I think. As long as your network between nodes is fast enough.
⁨Comment⁩ on ⁨Why is self-hosted voice chat so hard?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It’s easy. Mumble. Or the thing you used probably still works.

But you see, people never actually seek a discord alternative. They want a discord alternative that is also federated, AND end to end encrypted, and each one makes things vastly more technically challenging and resource intensive and then you want them together.

A little secret: Matrix is much, much easier to host if you disable encryption and federation. Federation to many rooms is the main performance killer, and “failed to decrypt message” will all disappear if you disable encryption.
⁨Comment⁩ on ⁨Cheap or free periodical externals scans⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
If your software updates between stable releases break, the root cause is the vendor, rather than auto updating. There exist many projects that manage to auto update without causing problems. For example, Debian doesn’t even do features or bugfixes, but only updates apps with security patches for maximum compatibility.

Crowdstrike auto updating also had issues on Linux, even before the big windows bsod incident.

neowin.net/…/crowdstrike-broke-debian-and-rocky-l…

It’s not the fault of the auto update process, but instead the lack of QA at crowdstrike. And it’s the responsibility of the system administrators to vet their software vendors and ensure the models in use don’t cause issues like this. Thousands of orgs were happily using Debian/Rocky/RHEL with autoupdates, because those distros have a model of minimal feature/bugfixes and only security patches, ensuring no fuss security auto updates for around a decade for each stable release that had already had it’s software extensively tested. Stories of those breaking are few and far between.
⁨Comment⁩ on ⁨Cheap or free periodical externals scans⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Second comment, but also investigate wazuh. It can audit systems and report vulnerabilities. It’s not an external scanner, but I have found it to be more effective and less annoying than greenbone/openvas.
⁨Comment⁩ on ⁨Cheap or free periodical externals scans⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Instead of trying to automatically scan your environment, it’s probably better to figure out how to automatically update applications first. CVE’s eventually get patched.