kumi
@kumi@feddit.online
- Comment on Rebranding our open-source Selfhosted social project to Bitsocial 4 days ago:
If not for political reasons then why limit first version to Google/GitHub rather than starting with generic OIDC (which should include those two anyway)?
We also took your feedback seriously and we are now implementing proper sign-in options like: Google GitHub (and more coming later)
- Comment on How do I make the Wordpress media library be somewhere else? 1 week ago:
NFS works great for media files and stuff but be careful and know what you are doing before you go put database storage on it.
- Comment on Help getting started with self hosting Jellyfin via NAS? 1 week ago:
One way to go about the network security aspect:
Make a separate LAN(optionally: VLAN) for your internals of hosted services. Separate from the one you use to access internet and use with your main computer. At start this LAN will probably only have two machines:
The server running Jellyfin. Not connected to your main network or internet.
A “bastion host” which has at least two network interfaces: One connected outwards and one inwards. This is not a router and should be separate from your main router. This is the bridge. Here you can run (optional) VPN gateway, SSH server. And also an HTTP reverse proxy to expose Jellyfin to outside world. If you have things on the inside that need to reach out (like package updates) you can have an HTTP forward proxy for that.
When it’s just two machines you can connect them directly with LAN cable, when you have more you add a cheap network switch.
If you don’t have enough hardware to split machines up like this you can do similar things with VMs on one box but that’s a lot of extra complexity for beginners and you probably have enough of new things to familiarize yourself with as it is. Separating physically instead of virtually is a lot simpler to understand and also more secure.
I recommend
firewalldfor system firewall. - Comment on I built LinuxMate to kill post-install chaos (free repo + demo) 1 week ago:
So that’s the mistake I made. Thanks for clarifying.
- Comment on I built LinuxMate to kill post-install chaos (free repo + demo) 1 week ago:
It is indeed with the help of llm. But reasoning is still solid and very curated.
It isn’t your reasoning and calling it that isn’t very honest when promoting it.
- Comment on Lemmy <> Nginx proxy manager nightmares 1 week ago:
Try answering the questions I asked and see if anything comes up!
- Comment on I built LinuxMate to kill post-install chaos (free repo + demo) 1 week ago:
Linux MATE desktop is pretty established and I think has a similar audience. Pretty confusing name choice for beginners.. “Want to install MATE on Linux? Try LinuxMate (no relation)”
- Comment on Lemmy <> Nginx proxy manager nightmares 1 week ago:
What makes you suspect the Nginx config instead of Lemmy? Do you have any failing requests (timeout or statuscode >= 400) in nginx log? What are the failing endpoints?
- Comment on BentoPDF urgent security notice: do not pull or update 1 week ago:
Both can be true.
- Comment on BentoPDF urgent security notice: do not pull or update 1 week ago:
Called it.
https://feddit.online/post/1372107/comment/6758185
No one listen grug til chicken come to roost
- Comment on BentoPDF urgent security notice: do not pull or update 1 week ago:
I guess they now have large enough number of users users that it would be wise to shift some focus to supply-chain security from growth-hacking.
This is growing pains.
- Comment on I made a self-hostable frontend for instagram. 1 week ago:
Best of luck! Keeping up with platform changes is an challenge for projects like this. I think to be successful beyond initial popularity you need an active community that can do this together. It’s draining for just one person - especially once you get big enough that they might actively break things just to mess with your integration. Following maintenance of alternative YouTube clients as well as searx-ng is illustrative.
https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram
- Comment on Self hosting piefed 1 week ago:
Just to rule it out (wouldn’t be the case on default debian):
Is SELinux enabled?
sudo getenforce(if command missing or false, it’s not your problem here)You are not running with podman as compose backend?
sudo systemctl status podmanshouldn’t show an active service unless you use it. - Comment on BentoPDF v1.16.0 1 week ago:
It was certainly not intended as a character assessment and it’s unfortunate you took it that way. I’m talking about how the release notes (and in passing your post) were written and not about you as a person or maintainer.
I do hold release notes of a public project with thousands of users to a different standard than anon lemmy.world comments in a feedback thread. Is that interesting or surprising?
I believe there was actionable feedback given. You are of course free to dismiss it.
- Comment on BentoPDF v1.16.0 1 week ago:
Maybe I don’t understand the use case for bentopdf, and considering how popular it is, that is likely true
Especially in this day and age, be careful with believing something is right (or even popular) just becuse it looks popular. Talking about generalities here and tje cognitive pattern, not to dunk on the project apart from their communications implying that correlation.
- Comment on BentoPDF v1.16.0 1 week ago:
It’s not as much the general style as the particular content on this release. Your previous release notes did not rub me tbe wrong way this did.
- Comment on [deleted] 1 week ago:
FWIW, netstat is considered legacy and deprecated. The in-vogue way to do the same thing is
ss -lpn | grep 8080.netstat like ifconfig still works and is shipped in the
net-toolspackage if you like it but if you’re learning it’s better to build a habit withssandipright away.https://arturogl.com/2023/10/18/linux-new-tools-replacing-netstat/
- Comment on BentoPDF v1.16.0 1 week ago:
Try to ignore the GH stars and other engagement numbers. Or at least try not to put focus on them in your communications. It’s a distraction for you and you are making it a distraction for your audience. GH stars are not a useful signal as they are easily gamed and bought. Maybe yours are all organic, legitimate, and a legitimate cause for personal celebration. But you are just giving false credence to them (and thereby those illegitimately gaming the system) and removing focus from your own app. I don’t think it belongs in release notes.
- Comment on Sharing a single netbird account with multiple people? 1 week ago:
- Comment on Why isn't using a key file the most common way to log into self-hosted servers? 1 week ago:
A CA can be an encrypted volume ona live USB stick. It’s mostly for the CRLs you might want something online.
Unless you do TOFU (which some do and btw how often do you actually verify the github.com ssh fingerprint when connecting from a new host?), you need to add the trust root in some way, just as with any other method discussed. But that’s no more work than doing the same with individual host keys.
- Comment on Why isn't using a key file the most common way to log into self-hosted servers? 1 week ago:
If this is a concern you put a passphrase on that key.
- Comment on Why isn't using a key file the most common way to log into self-hosted servers? 1 week ago:
Not if you use certificates signed by your own internal CA and trust the CA instead of straight up trusting the public keys explicitly.
This way you can generate new (say) SSH keys trusted across a bunch of machines without having to touch those machines directly for every kesince they are signed by your trusted authority. If you configure CRLs properly you can also revoke them centrally.
- Comment on Why isn't using a key file the most common way to log into self-hosted servers? 1 week ago:
mTLS is actually quite common out there. And SSH certificates moreso than public keys.
So clients get issued certificates that they can authenticate with. TLS for HTTPS but both ways. It sounds like this is what you’re askimg about?
- Comment on Anyone using Revolt? 2 weeks ago:
The website and marketing! I think perhaps they are leaning into their own brand and hiding the underlying parts a bit too hard… Now that I look at their GH this might be exactly like what I was searching for before and would recommend someone to try, but it didnt rank at all for my searches.
Thanks for setting the record straight. I will have to look closer at Movim again.
- Comment on Anyone using Revolt? 2 weeks ago:
Did you figure out a solution that works for video/voice between Element X (which most mobile users are on) and Element Messenger (runs on desktop and web)?
I got the impression that they moved to a different protocol with EX and nobody implemented the same for the non-mobile clients so you can’t call between diffefent clients but I would be happy to be proven misinformed.
- Comment on Anyone using Revolt? 2 weeks ago:
I don’t think this is on-topic for the c/selfhosted.sub?
It does allow you to check out and preview what an XMPP solution can look at while you are still shoppng around for what to host.
- Comment on Anyone using Revolt? 2 weeks ago:
Another option is an XMPP-based stack with Converse as webchat with either ejabberd or prosody as XMPP server.
https://snikket.org/service/quickstart/ (uses prosody)
https://docs.ejabberd.im/admin/configuration/modules/#mod_conversejs
https://wiki.debian.org/FreedomBox/Manual/ejabberd#FreedomBox_webclient
- Comment on Hosting multiple services with one IP address. 2 weeks ago:
I’m guilty of a few of these and sorry not sorry but this is not changing.
Often these are written with local dev and testing in mind, and in any case the expectation is that self-hosters will look through them and probably customize them - and in any case be responsble for their own firewalls and proxies - before deploying them to a public-facing server.
Never just run compose files on a machine directly exposed to the internet.
- Comment on Hosting multiple services with one IP address. 2 weeks ago:
One related story: I did have the arguable pleasure to operate a stateful Websockets/HTTP2-heavy horizontally scaled “microservice” API with Rails and even more Ruby. It was originally deployed with Traefik. When it went from “beta” stage to having to handle heavier traffic consistently and reliably, Traefik did not cut it anymore and after a few rounds of evaluation we settled on HAProxy, which was never regretted IIRC.
I think you are just baiting now.
- Comment on Hosting multiple services with one IP address. 2 weeks ago:
More concretely..? What cursed endpoints is this too simple for?