atzanteol
@atzanteol@sh.itjust.works
- Comment on Decreasing Certificate Lifetimes to 45 Days 7 hours ago:
It’s being deiven by the browsers. Shorter certs mean less time for a compromised certificate to be causing trouble.
- Comment on Decreasing Certificate Lifetimes to 45 Days 7 hours ago:
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
Automate your certificate renewals. You should be automating updates for security anyway.
- Comment on Immich Is Now Stable! 4 days ago:
“Bare metal” has traditionally meant without any os either. Your code executes directly on hardware and has direct control over everything. Like a micro controller.
Code in a container executes on the hardware in exactly my the same way as code not running in a container - with the os as an intermediary.
- Comment on Immich Is Now Stable! 5 days ago:
“not running in a container” is not “running on bare metal”. It’s just running outside a container.
- Comment on Recommendations for an all-SSD home server? 1 week ago:
enough, a lot, more demanding.
You need to give some sort of guidance here.
- Comment on Making setups resilient to outages 1 week ago:
How much money are you willing to spend? Resiliency is expensive.
- Comment on Is self-hosting becoming too gatekept by power users? 2 weeks ago:
Self-hosting is trivial and everyone can do it.
So is open heart surgery. Unless you want it to end successfully.
- Comment on Is self-hosting becoming too gatekept by power users? 2 weeks ago:
Have you forgotten that you too started at 0?
Not at all. In fact I remember the day my server was hacked because I’d left a service running that had a vulnerability in it. I remember changing passwords, calling my bank to ensure there had been no fraudulent charges, etc. I remember “war driving” to find vulnerable WiFi networks. I remember changing default passwords on a service setup by a client of mine.
As I said - it’s not gate-keeping it’s experience.
Yes, it sometimes can be difficult and frustrating, but so long as someone, anyone, is willing to try and learn and fail and retry, they can get my help
Teaching is “gate-keeping” apparently. You can’t tell somebody that they need to learn something! You just need to give them a link to a url and say “run this thing as root and your stuff will work - totally not a scam tho”.
- Comment on Is self-hosting becoming too gatekept by power users? 2 weeks ago:
“Has anyone noticed that medical doctors gate-keep people doing open heart surgery?”
Why do you assume self-hosting is and can be trivial? It is NOT for everybody. You should have some base level of technical knowledge. You should expect to need to learn some things. It’s not a badge of honor, it’s experience.
My project focuses on building a tool that makes self-hosting more accessible without sacrificing data ownership
Good luck with that.
- Comment on MPV: The Ultimate Self-Hosted Media Solution You're Probably Sleeping On 3 weeks ago:
I’m happy you’re discovering the Linux CLI, but this is pretty ridiculous. mpv, vlc, mplayer, etc. all serve very different uses from jellyfin.
- Comment on how do you explain selfhosting to the non-techies in your life? 4 weeks ago:
I don’t.
- Comment on How often do you update software on your servers? 4 weeks ago:
Clearly you don’t know.
- Comment on How often do you update software on your servers? 4 weeks ago:
If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.
You’re not updating for features you’re updating for bug and security fixes. That’s why Debian stable doesn’t have many updates. But the ones they do are typically important.
- Comment on How often do you update software on your servers? 4 weeks ago:
That’s… Not how it works… Debian is “stable” not “secure”. You use Debian so that is easier to run updates frequently since they’ll be unlikely to break things.
- Comment on How often do you update software on your servers? 4 weeks ago:
All systems, daily via a single ansible script. That’s apt update, upgrade and reboot if needed (some systems set to only reboot with a separate script so I can handle them separately).
Rarely have any sort of problems.
- Comment on Linkwarden downloaded the whole flipping Internet ... 1 month ago:
Sounds like you bookmarked the while flippin’ Internet.
- Comment on What's the real danger of opening ports? 1 month ago:
This is an awful analogy…
- Comment on [deleted] 2 months ago:
squeezing every last drop of resource form tired old hardware
This is such a myth. 99% of the time your hardware is doing there doing nothing. Even when running “bloated” services.
Nextcloud, for example, uses practically zero cpu and a few tens on mb when sitting around yet people avoid it for “bloat”.
- Comment on 2 months ago:
Clearly it was suitable for their purposes at one time?
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 2 months ago:
Oh for sure - containers are fantastic. Even if you’re just using them as glorified chroot jails they provide a ton of benefit.
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 2 months ago:
Containers run on “bare metal” in exactly the same way other processes on your system do. You can even see them in your process list FFS. They’re just running in different cgroup’s that limit access to resources.
Yes, I’ll die on this hill.
- Comment on What do you think is the best (and cheapest) way to host a new nextcloud instance and website for my local scouts organisation? 2 months ago:
Could last years? Or months? Depends on a lot of factors. Fans may not like running 24x7, memory could fail, etc.
- Comment on What do you think is the best (and cheapest) way to host a new nextcloud instance and website for my local scouts organisation? 2 months ago:
Since it’s a public instance you’d want to be sure to keep it pretty up-to-date with new system patches and the latest stable versions of Nextcloud. If you’re comfortable with automating updates with ansible, k8s, docker-compose, etc. then it’s not a big deal. If you’re ssh’ing to a server to manually update things then it’s going to be a lot of overhead and likely forgotten.
Old hardware may also bring its own issues and you’ll need backups especially since old hardware (especially consumer-grade stuff) can fail very unexpectedly. And providing support for users is a whole… other thing…
I like the idea of starting with the “old laptop in a basement” approach as a way to get things going to see if the service provides benefit then look to migrate to a more stable platform in the future.
- Comment on Experts fired by Trump revive popular climate website 2 months ago:
- Comment on User "threelonmusketeers@sh.itjust.works" is banning users for downvoting his posts. 2 months ago:
Yeah, I remember dozens of “me too” and “+1” comments after posts people agreed with. It was annoying.
- Comment on Proxmox or Docker? 2 months ago:
“I run an immutable distro, BTW”
- Comment on Proxmox or Docker? 2 months ago:
Proxmox or Docker?
It’s not mutually exclusive? I have a 3-node proxmox config on which I have 3 VMs running as kubenetes nodes to which I deploy containers. I also have some VMs setup for things which either don’t work well as containers or which I simply don’t want as containers (e.g. a couple Windows VMs for doing Windows things).
I understand that running things in a VM provides better security than running them in a container.
Not sure what you mean by this - containers are typically easier to secure as they’re minimalist. But I doubt anyone is using VMs because they think they’re more secure.
- Comment on I created a NixOS Install script for Proxmox 2 months ago:
And I still don’t care. Bad is bad even if a community is doing it.
- Comment on I created a NixOS Install script for Proxmox 2 months ago:
I have a very no-exceptions rule about encouraging people to do a
curl|bashinstall and would just remove that. Provide a link to the script, people can run it if they want. Encouraging the behavior of just directly running scripts off the internet is a bad habit. - Comment on I created a NixOS Install script for Proxmox 2 months ago:
In your Proxmox console, enter the following command: bash -c "$(curl -fsSL raw.githubusercontent.com…)
Do not do this. Never run scripts like this directly without inspecting them first. Do not tell people to run your exciting new script like this. Provide a link to the script and encourage users to inspect it first then run it.