chiisana @ chiisana @lemmy.chiisana.net

Posts

4

Comments

500

Joined

2 yr. ago

Yeah I think the closest thing I’m aware of is Plex and album/track mood on smart playlist, and even then that’s kind of janky (ie: cannot shout into smart assistants to creat one on the fly). Music is so cheap now, even the free Amazon Music I get from Prime serves my needs, so I don’t even bother with it.

You can use Lidarr to subscribe to artists’ new album/singles. But you’d still need to have a workflow to add new artists every now and then to incorporate them into your library.

I haven’t deployed Authelia specifically before so I probably won’t be the best when it comes to debugging. But i’d be happy to take a look if you think an extra fresh pair of eyes might help :)

My very cursory understanding is that SETI was shutting down, but BOINC (so folding etc) should still be going.

I used to think Authelia will allow you to consume external SSO… turns out I was wrong, maybe? So now I think I’m the odd ball here and think it might not be a good idea to deploy Authelia.

Here’s my thought process:

I have some apps I want to secure — they may or may not have already got a bake in authentication where they’ve got my password (ideally, just for that one app managed via password manager, but I’ll be the first to admit that’s not always the case). Passwords are icky, and even though they’re hashed, ideally hundreds of thousands of times, a leak / compromise is not unheard of.

Now, in order to secure these apps, the last thing I want is now to also worry about another app storing the password becoming the single point of failure.

In my mind, if it is literally just for me, I’d look at getting my reverse proxy to handle forward auth via OAuth to some much larger and trusted provider with MFA — Google, Microsoft, GitHub, etc. — and trust that their entire department responsible for auth will be smarter than some open source deployment I try to maintain/keep up.

In my mind, if it is more than just me, I’d look at getting something to consume multiple external providers, such that allows for the users to choose their desired provider, as well as allow me to slap an unified branding. So in this case I’d be looking at something like Authentik, Keycloak, or FusionAuth.

I just really don’t want to deal with handling/storing passwords.

But hey what kind of issues are you running into with Authelia? Is it just deploying/setting up? Or is it integrating with their supported identity provider (ie ldap)? Or something else all together?

Sidebar says “News from around the world” not “News impacting the world”. If you don’t like it, down vote it and move on; or better yet, start a new community that you see fit. This is Lemmy after all, and anyone can create a community/an instance to shape the fediverse to their hearts’ content.

Hm... these are both interesting but might be a bit overkill IMO.

I don't think I'd need a CA and intermediary step if all SSHd needs to do is check if a key is a currently approved key for this particular service or not; and I last looked at chef/puppet many years ago, and it was way too much orchestration work that we no longer need w/ Docker containers and smaller footprint host OSes.

Yeah, the problem is that I have 2 physical servers, each with 5 to 10 VMs on it, and a bunch of other VMs scattered across different cloud providers; it gets tricky to edit the ~/.ssh/authorized_keys file on each of them to reflect a new SSH key (i.e.: new machine on the "network") or replace an existing SSH key (i.e.: annual key cycle).

The fact that people still stuck talking about baggages of PHP 4/5, which was released in 2000, as if they’re still valid today is hilarious to me.

Language itself is not the problem. The old notion of “PHP is insecure” stemmed from languages elitists trying to fan the language war by pointing at CVE repositories and claiming the large number of issues stemming from 3rd party WordPress plug-ins and alike, ignoring the fact that there were way more projects than other languages because it is the most commonly used language on the web, as well as having way longer lineage therefor more time to accumulate security issues; whereas their new and shiney with lesser projects are allegedly more secure because there’s lesser projects, lesser eyeballs, lesser histories, etc.

The core language itself is fine; and just as with any other language out there, it is prudent to keep up with updates. The big named projects are fine; and just with any other projects out there, it is prudent to keep up with updates. The extensions/3rd party modules are … well you get the idea.

Just thought of this comparison:

How would you think if someone tells you “Microsoft (PHP) is insecure because there’s all these 3rd apps (plugins) for Windows (WordPress) that has security issues. Don’t believe me? Just look at all those problems from Windows ME (PHP4/5) days!”

I started trying out FusionAuth and it's been pretty neat. I off-load my auth to Google because I don't want yet another username/password nor do I want to be responsible in storing it, but you can certainly use built-in auth if your objective is to stop using external auth. I currently have my Kasm Workspace deployed behind it, so when user lands on Kasm, they get bounced to FusionAuth where there's a login prompt and Login w/ Google button; when they authenticate (be it through built-in auth or Google in my case), they get bounced back to Kasm Workspace in their account. This was deployed using docker compose, so I just annotate containers I want to protect w/ some labels, traefik handles all the glue work. I really like the way it worked out.

I'd imagine something like Authelia, which gets pushed a lot as well, would be able to offer a similar if not identical workflow.

For Lemmy, at this time, I don't think it is possible to gate it like that, otherwise inbound federation (i.e.: comment replies to this post) won't make it into your instance.

I’d recommend waiting a bit. Thread (network) and Matter (protocol) are finally gaining traction, and is poised to become the de facto standard across all major platforms (Amazon/Apple/Google). Buying Zigbee/Zwave/WiFi/BT gears now is literally buying gears that’s going to be outdated immediately.

Once you get interoperable devices on the better standards, you’d then be able to layer on with all-local setup easier.

Don’t give them ideas because that’s actually kind of too brilliant for them — instead of selling ads only, also directly sell the user base to interested parties.

Did a quick Google, I think it’s just a rebrand; as in, if you’ve already got wefwef, you’ve already got Voyager.

1Password since like 1Password 3 days; early adopters family plan right now. I’m not a huge fan of the new 1Password extension on iOS, but on the Mac front, it’s treating me well. I don’t think I’ll jump to Apple native keychain until feature parity is reached.

I’ve got mine running and shares my notes here: https://lemmy.chiisana.net/post/264

What are you coming up short with?

Oldest and first that pops to mind would be something like Asterisk, but I’ve never hosted it myself before so wouldn’t know what to tell you…

Cloudflare offers registration of most domains at their wholesale cost.

Government politics/regimes aside, this is terrible, as information and knowledge needs to be shared and accessible. Today, we enjoy access to all of humanity’s knowledge in our pocket. If a segregated internet becomes reality, information and knowledge will become divided and only available to those who has access to it; there’s no guarantee who will be the ones losing access, and neither of which will be a desirable outcome.

There’s no shortage of people who will tell you it’s okay to self host email… in fact, you’re probably not hearing all of them, because some will inevitably get routed to spam.