dan @ dan @upvote.au

Aussie living in the San Francisco Bay Area.

---

Read more

Posts

7

Comments

3,387

Joined

2 yr. ago

flavors of iron

Yum yum

Is it just you that uses it, or do friends and family use it too?

The best way to secure it is to use a VPN like Tailscale, which avoids having to expose it to the public internet.

This is what I do for our security cameras. My wife installed Tailscale on her laptop and phone, created an account, and I added her to my Tailnet. I created a home screen icon for the Blue Iris web UI on her phone and mentioned to her, "if the cameras don't load, open Tailscale and make sure it's connected". Works great - she hasn't complained about anything at all.

If you use Tailscale for everything, there's no need to have a reverse proxy. If you use Unraid, version 7 added the ability to add individual Docker containers to the Tailnet, so each one can have a separate Tailscale IP and subdomain, and thus all of them can run on port 80.

That's interesting... It used to be a lot heavier.

Authelia is definitely the lightest in terms of RAM, but it's also the lightest in terms of features. As far as I can remember, they only added OIDC support fairly recently - previously it only supported proxying.

Nothing's as bad as trying to host and maintain a Ruby on Rails app :)

Docker has made a lot of it a non-issue though, since the apps are already preconfigured within the Docker image.

That and email protocols are outdated and aren't too secure. For example:

• Neither SMTP nor IMAP have no way to use two factor authentication.
• Spam blocking is so hard because SMTP was not designed with it in mind.
• SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.

IMAP has a modern replacement in JMAP, but it's not widespread. SMTP is practically impossible to replace since it's how email servers communicate with each other.

The "solution" has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.

with rootkits

These are eventually going to be blocked on Windows. Microsoft are making changes to what's allowed to run in the kernel after the Crowdstrike issue last year.

I'm not the person you're replying to, but Authentik:

• Has a UI for configuring it, including adding users.
• Supports LDAP if you need it. Authelia needs a separate LDAP server.
• Supports practically every two factor auth protocol you'd need: OIDC (OpenID Connect), OAuth2, SCIM, SAML, RADIUS, LDAP, and proxying for apps that don't support any of them (which is getting rarer).
• Supports permissions and permission groups, i.e. only allow certain users to access particular apps.
• Can be used as the source of truth for Google Workspace and Microsoft Entra. Maybe not as relevant for home use.

I haven't tried Keycloak but I hear it's pretty good, albeit a heavier app to deploy.

I have tried Authelia, and it's much less powerful than Authentik. Authelia requires you to manually modify config files rather than using a web UI. It also only supports OIDC (which is in beta) and proxying. Proxying is not recommended and has several issues since it's not "true" single sign-on.

I self-host my email using Mailcow, and use a VPS for it. I don't trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, datacenter-grade 10Gbps or 40Gbps connections, etc). I use a separate VPS just for my emails - it's the one thing I want to ensure is secure, so I didn't want any other random software (that could potentially have security issues) running on it..

I also use an outbound SMTP relay to avoid having to deal with IP reputation. Very easy to configure this in Mailcow. SMTP2Go has a free plan for sending <1000 emails per month.

Do you have any suggestions for fridge brands? A coworker suggested Jennair but they're quite expensive.

Frigidaire French door fridge/freezer. Nice looking unit that came with the house. It has horrible design flaws though. Frigidaire literally invented the first self-contained fridge in the 1920s so I don't understand why they're so bad at building them.

One of the known design issues is that (at least on older models) there's insufficient insulation between the ice maker and the rear of the fridge. This eventually results in condensation and ice forming on the back of the fridge. A web search for "Frigidaire ice on back" and "Frigidaire rust on back" will find plenty of people reporting the same thing.

The annoying thing is that the lines for the water dispenser and icemaker run right across this part, and they end up frozen inside the ice.

First time I noticed this was when the water dispenser stopped working a few months after we bought the house. Pulled the fridge out and the water lines were frozen, and it had made a mess of the wall (the drywall where the ice was was all broken - I guess drywall doesn't like ice being pressed against it all the time).

I tried insulating it with some Styrofoam, but that was no match for the ice - the ice started forming on top of the Styrofoam instead. Now I've re-routed all the water lines so as to avoid the spot that freezes. I'll get a new fridge eventually. Waiting for a good sale. For now, I'm wondering if I should spray foam it, or if the ice will also defeat that and form on top of the spray foam...

People started encountering this issue maybe 10 years ago. Frigidaire used to offer a "sweat kit" (some sort of fancy insulation) to fix it, but they no longer offer it. I also don't think they ever fixed this issue under warranty for anyone.

You could probably use Hoarder and tag the links with "read later".

Yeah this is the part I don't understand. Does the remote not have onboard storage?

At work, quite a few people use Logitech mice, but the IT security team had to block Logitech Options because Logitech added some sort of AI functionality to it without adding a killswitch for enterprise customers... On the positive side, people learnt about alternative apps to reconfigure the mice that don't have any of Logitech's bloat.

iTerm added AI stuff but at least they added a killswitch (a setting in a plist file I think) to force it to be disabled.

Nvidia has been open-sourcing their drivers, but it’s been taking forever.

It's been taking forever because they're moving a lot of code into the firmware to keep it closed source. It's essentially a brand new driver that takes advantage of newer firmware.

That's one of the reasons the open-source driver only works with Turing (2000 series) and newer cards - they don't want to spend the time updating older firmware to handle the open-source driver.

The documentation is kinda lacking, but if you could figure out how to set up Synapse then you can probably figure out Conduit too. https://conduit.rs/

Thanks. Same energy as people in Florida/Texas that want undocumented immigrants deported, except for their gardener and cleaner because they're "the good ones".

Nobody is doing anything malicious.

How do you know that though? VPNs are very commonly used to send spam, perform ransomware attacks, DDoS attacks, etc.

What’s probably happening is they’re worried too many requests are coming from one ip address and you might be scraping their precious data to train your LLM.

This is definitely also a possibility.

Do you mean Synapse the Matrix server? In my experience, Conduit is much more efficient.

I requested a download and am waiting for that to be available before deleting it from 23AndMe.

The issue with a VPN is that it's likely that other people using the same exit node are doing something malicious. A site like reddit or a bank or whatever sees a lot of attacks coming from one IP (or a range of IPs) and mark it as malicious.

You'd likely do the same thing with your own site - something like Denyhosts or Crowdsec that blocks people trying to brute force a password will end up blocking anyone else using that same VPN exit IP.