embMaster

@embMaster@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I did that for myself a few years back. But i can’t convince my roommates, let’s not even speak of guests, to install a (my) root certificate. My android phone still complains about “possibly supervised network traffic” since back when i installed my root ca. Maybe there is another solution im not aware of, but i can’t think of any
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I agree, but it’s impossible to convince my less tech savy roommates and friends to let me install a root certificate. “That sounds like i could read all their private messages”, lol. Just let me have my certificate for https in my local net. I don’t need to be “even more” secure. I get that that’s necessary for public services, but surely not for local selfhosting. I don’t even have a port open other than wireguard. And i would not even care “if a roommate hacks/gets access to a guests voice commands for home assistant.” (Not complaining at you but at this trend. I do think my use case is valid)

You are gonna laugh if i tell you how i partly automated this workaround. A script changes the (dyn) dns entries of all subdomains to point to my public server in a datacenter. There, it ssh’s in and requests the certificates with certbot. Then, it restores the dns entries and downloads and installs the certificates in the local net. Still requires manual supervision and sometimes intervention. My domains do not support automated dnssec. I don’t have time to secure my local net enough to feel good about opening ports. If all certificate lifetimes get shorter, i’ll either have to switch my domain provider or give up selfhosting for other people.
⁨Comment⁩ on ⁨Decreasing Certificate Lifetimes to 45 Days⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I have multiple self hosted services at home which are impossible to automate because they are not accessible from the internet without VPN. And some even don’t have internet access. Still me and my roommates are using them through a valid domain that points to the local address enabling https. Some services require https to function at all. After log4j i’ll never again open a “normal” port 80 or 443 to my local net. So thanks i guess. 90 days was annoying already. Great it works out for you
⁨Comment⁩ on ⁨Firefox is adding profiles to separate your browsing sessions⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Yes, and also no. Usually, I’d call something a feature if non tech savvy users can use it easily. If it’s hidden behind the command line, most users probably can’t use it. So, to me and colloquially, I wouldn’t call it a feature. Although I get the argument for it.
⁨Comment⁩ on ⁨Firefox is adding profiles to separate your browsing sessions⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
It wasn’t. It was a hidden feature.
⁨Comment⁩ on ⁨Self hosted chore app⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Superproductivity. Opensource, selfhosting possible, actively developed. Amazing all around. Just a bit overkill for this usecase, but not in a bad way :)
⁨Comment⁩ on ⁨Reddit is using AI to determine users beliefs, values, stances and more based on their activity (posts and comments) summarizing it to Subreddit Mods.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
fuck Fuck
⁨Comment⁩ on ⁨Google won't bring new Nest Thermostats to Europe⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
This is a thermostat (although an analog one). You set a temperature with it. “3” corresponds with about 20°C.
⁨Comment⁩ on ⁨What are some of the most realistic fictional movies ever made?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
The Expanse, one of my favorite Shows ever