I think you have part of your answer.
Get a laptop with a SIM Card reader, and do what you may.
The reason it doesn’t work with IP is because, it started out with local networks and was expanded from that. A domain name is similar to a phone number, just that the user has the IP routing information available, whereas in case of phone connection, a probably similar system for routing is all abstracted by cell exchanges.
Hello, I want to self-hosted apps get requests from the users (mainly movies), and then I can find a download for it to move it to a jellyfin server. Maybe after that, it could be a little more automated to download stuff automatically 😃 Thx
Congrats on getting everything working - it looks great!
One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.
The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).
I’m using InfCloud, it has support for events, tasks and contacts so it pairs perfectly with Radicale (which is also what I use). It doesn’t look amazing I’ll be honest and it lacks some features but it works fine.
Run it without mapping config.js first and copy it from the container, edit it on the host, then map the volume and reprovision the container. You have to find the section globalNetworkCheckSettings and add a href: entry that points to your radicale host, for example href: “http://192.168.1.1:5232”.
Another essential setting is to edit the Radicale config file and add the following section:
The -Allow-Origin host and port must match the URL where you access InfCloud in the browser.
If you use a reverse proxy and you put Radicale / InfCloud behind domain names you can use the domain names in config.js and config. As long as InfCloud knows where to find Radicale, and Radicale knows where InfCloud comes.
Holy shit. Why did I read that. There is zero science in that and it’s nothing but religious, woo woo, bullshit. That domain and this user are definitely getting added to my block list.
ByteDance has 270 days (+90 days at president discretion) to divest of TikTok and sell to an entity not affiliated with an “adversary country” (China, Iran, Russia, N. Korea).
If they don’t sell, hosting providers of TikTok application (servers, storage, app store, etc) will be fined up to $500 times the number of users in the US if they continue to host the application
ISPs are explicitly excluded from the bill, and not considered data brokers, which is what the restrictions apply to.
So basically, the law will not require ISPs to block access to TikTok domains and IP addresses. Google search results are also explicitly excluded from the term data broker, and exempt from the restrictions. The only requirement is for app stores to stop hosting the application, so existing installations of the app (after January 2025 assuming ByteDance doesn’t sell) will presumably persist and can be used, even if TikTok is banned.
So who stores the login information? This is fundamentally the question here.
If you store it centrally you only need to ask for username/password combo.
But then someone needs to store it at a central location for everyone to check against.
If it’s not centralized than the user needs to provide it
Email has a hidden trick up its sleeve and that’s the domain name. In order for an email to be valid, the domain name must contain email info on its DNS records. There’s where you can imply knowledge about where the email/message is to go.
But here in lemmy, my email is just Gmail. There’s no way to find the information on where authentication could be located. Which brings me back to the top of centralization vs decentralization.
(5) INTERNET HOSTING SERVICE.—The term “internet hosting service” means a service through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of 1 or more websites or online services, and which may include file hosting, domain name server hosting, cloud hosting, and virtual private server hosting.
So this would prevent a US organization like AWS, Oracle, etc from hosting the TikTok user data as long as TikTok is owned or a subsidiary of ByteDance or another “foreign adversary”.
Elsewhere in the text, they exclude “service providers” from restrictions, so it seems like ISPs are not going to block requests to TikTok.
It’s unlikely but not impossible. I’ve been using PM with a custom domain for about five years now, and never thought too hard about leaving.
In an ideal world, a company like ProtonMail would be cooperatively owned by the workers and paying users, sort of like a credit union.
Pragmatically, they’ve done fine stewardship of the service for the last decade or so they’ve been around. A big part of it is that their value proposition depends on stability and trust. But it could be better.
So…in a short sentence…the title. I have a server in a remote location which also happens to be under CGNAT. I only get to visit this location once a year at best, so if anything goes off…It stays off for the rest of that year until I can go and troubleshoot. I have a main location/home where everything works, I get a...
I don’t think I’ve ever come across a DNS provider that blocks wildcards.
I’ve been using wildcard DNS and certificates to accompany them both at home and professional in large scale services (think hundreds to thousands of applications) for many years without an issue.
The problem described in that forum is real (and in fact is pretty much how the recent attack on Fritz!Box users works) but in practice I’ve never seen it being an issue in a service VM or container. A very easy way to avoid it completely is to just not declare your host domain the same as the one in DNS.
I’m working on a some materials for a class wherein I’ll be teaching some young, wide-eyed Windows nerds about Linux and we’re including a section we’re calling “foot guns”. Basically it’s ways you might shoot yourself in the foot while meddling with your newfound Linux powers....
I accidentally overwrote /etc/passwd once and I allowed /boot to run out of space during a kernal update and I created a local user with the same user that was also on the realm/domain that I had joined and various bash script issues.
Some stuff I've had to fix that someone else did:
named a file rm -rf
rm -rf /bin instead of ./bin -- Also the fact that they had sudo was crazy and also I guess this was the second time
chmod -R 777 /
Various software bugs running swap out of space or hitting the inode limit by creating files over and over again with a timestamp in the filename and having to remove all of them because there was no backup to the OS
Someone disabled SELinux because something wasn't working but didn't tell anyone -- ugh
Compiled java because they googled some issue and followed some old tutorial without understanding anything instead of using alternatives and symlinked the old java from /bin to /home/theiruser/java -- had sudo because he was a Windows domain admin.
Cybersecurity guy didn't know what some VMs did so he turned them off and figured he'd find out if/when someone complained. Caused a massive core services outage.
Same Cybersecurity guy deleted a bunch of data because he wanted to see how the sysadmins would respond and witness backup restorations. He did not inform anyone.
Cybersecurity guy above still has Domain Admin and sudo everywhere. I would have personally removed his privileged access regardless of what 'CyberSecurity' management thought but I was leaving for a new job by then anyway so I figured I'd just let them eventually lie in the bed they made.
There's more but I don't want to keep going because it is Sunday and I don't want to ruin it.
If it’s only you (or your household) that is accessing the services then something like hosting a tailscale VPN is a relatively user friendly and safe way to set-up remote access.
If not, then you’d probably want to either use the aforementioned Cloudflare tunnels, or set up a reverse proxy container (nginx proxy manager is quite nice for this as it also handles certs and stuff for you). Then port forward ports 80 and 443 to the server (or container if you give it a separate IP). This can be done in your router.
In terms of domain set-up. I’ve always found subdomains (homeassistant.domain.com) to be way less of a hassle compared to directories (domain.com/homeassistant) since the latter may need additional config on the application end.
Get a cheap domain at like Cloudflare and use CNAME records that point domain.com and *.domain.com to your dyndns host. Iirc there’s also some routers/containers that can do ddns with Cloudflare directly, so that might be worth a quick check too.
I am using Zoho mail and I like it a lot but there are two disadvantages:
the free tier has no IMAP support
The web app for some reason doesn’t allow to login to two separate accounts at the same time. Only the electron app, that’s just a glorified WebView of the web app, allows multiple account support, for some reason. I have three paid accounts ($1/month) and I’m a bit annoyed by that, I have to use three different browsers or Firefox containers to switch accounts.
For the rest is excellent, the spam filter can be finely tuned in the admin panel like “block all domains like xxx” or “block all emails that contain those words”. And you can set to bounce “address not found” to annoy the worst offenders that don’t respect your privacy. And after a very short training (1 week!), it’s very rarely wrong, unlike Gmail. If it’s in spam, it’s definitely spam, if it’s in the inbox it’s 95% ok. Unfortunately you can’t block entire TLDs like .su or .monster which are exclusively used by spammers
And the webmail is very pretty and chock full of features never saw anywhere else in a web client. For example, you can add a task or add a note to an email and you can tag another user and have a parallel conversation around the content of it. Like tagging a colleague to ask opinion on that. The web client can also add IMAP accounts from other services, and you switch between them. It keeps them separate, doesn’t import emails like Gmail (you can add Gmail/Hotmail/whatever but you can’t add another Zoho email! Infuriating!). It’s like having a “web version of thunderbird”.
Most configs should be in the roaming directory, since you’d usually expect them to roam between computers on a domain. The local directory is only for stuff that doesn’t make sense to sync to other computers - things like caches, configs specific to that individual PC, etc.
Not that it matters for home users, as home users generally aren’t using Active Directory with roaming profiles.
sorry I don’t have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.
I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd “domain bound” linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.
basically the “OtherAttributes” on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with “Set-Aduser” if you just wanna edit an existing user and add these props
the @thing on New-ADuser is called a splat, very useful if you’re not familiar, it turns a hashtable into arguments
In the world of computers, why would remembering numbers be the stop for new technologies?
Do you remember anyone’s public key? Certificate?
I don’t even remember domain (most) names, just Google them or save them as bookmarks or something.
The reason IPv4 still exists is because ISPs benefit from its scarcity. Big ISPs already paid a lot of money to own IPv4 addresses, if they switched to IPv6 that investnywould be worthless.
Try selling static IPv6 addresses as they do now with IPv4. People would laugh at them and just get a free IPv6 address from an ISP that wants to get new users and doesn’t charge for it.
The longer ISPs delay the adoption of IPv6, the longer they can milk IPv4 scarcity.
Seems like you're right. I tried it before without the actual domain ending in the magazine search which didn't work. I wish behavior like this and other stuff would be documented somewhere? Like, I still don't know what's the best way to universally link to communities / magazines or users that would work across the fediverse so that they continue using whatever platform they're on.
I host a few small low-traffic websites for local interests. I do this for free - and some of them are for a friend who died last year but didn’t want all his work to vanish. They don’t get so many views, so I was surprised when I happened to glance at munin and saw my bandwidth usage had gone up a lot....
if I could pay a privacy fee to Alphabet and not be logged and data-mined, I’d do that.
It's called Google Workspace and it's decently nice. You can get a basic business starter account for something like ~$7 per month/per user + whatever you want to pay to register a domain each year. Takes a little bit of know how and you need to do some lifting for yourself that Google would otherwise shoulder for you, but it's pretty nice and has more benefits beyond just the privacy implications, like 30GB of account storage and Google Meet conferencing for up to 100 people without time limits. On the downside, some stuff that needs to track your usage to function properly (Like YouTube video recommendations) just do not work with a Workspace account because they don't track your preferences so they don't have a way to build a recommendation profile for you.
I've been doing it for years now and I appreciate it a lot. In the rare instances when I need to go do something on my old Gmail account it's shocking every time how bad the unpaid versions of Google products have gotten.
I work for the support department of a large multinational imaging company. Starting yesterday, we started getting tons of calls from customers who have been sending email from their devices from Gmail domains who are not able to send emails to M365 users. A bit of snooping in our test M365 domain shows that they are being...
Reverse proxy
I have an openwrt router at home which also acts as my home server. It’s running a bunch of services using docker (Jellyfin, Nextcloud, etc.)...
Why don't computers have "computer-numbers" equivalent to phone numbers
Why doesn’t every computer have 256 char domain name, along with a private key to prove it is the sole owner of the address?...
How do you guys use Tailscale (or other VPN) with containers
I wanted to run my VPN/Tailscale setup past you, see if anybody has suggestions on how I could do things better....
What's is the best way to download things?
Hello, I want to self-hosted apps get requests from the users (mainly movies), and then I can find a download for it to move it to a jellyfin server. Maybe after that, it could be a little more automated to download stuff automatically 😃 Thx
Finally got my server to work properly. (Routing with custom local domain instead of ports) (programming.dev)
I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard....
CalDAV web gui
Hi, Using radicale since I switched from next cloud, using dav5x on android pretty nicely....
deleted_by_moderator
ByteDance prefers TikTok shutdown in U.S. if legal options fail, Reuters sources say (www.ctvnews.ca)
I think we should slightly rethink how login works on most Fediverse apps (Mastodon, Lemmy, but not only) (kbin.social)
A while ago I posted a thread back on the...
ByteDance prefers TikTok shutdown in US if legal options fail, sources say (www.reuters.com)
Why I ditched Gmail for Proton Mail (www.androidpolice.com)
Here's the full text of the “PROTECTING AMERICANS’ DATA FROM FOREIGN ADVERSARIES ACT OF 2024” currently in in the resolving difference phase before the POTUS signs it. UPDATED 4/24 for Accuracy
UPDATE: Adding Division H as well since it’s very relevant, before it was just Division I shown here...
Server behind CGNAT - Reverse VPN? Or how to bypass?
So…in a short sentence…the title. I have a server in a remote location which also happens to be under CGNAT. I only get to visit this location once a year at best, so if anything goes off…It stays off for the rest of that year until I can go and troubleshoot. I have a main location/home where everything works, I get a...
How to use a custom domain with Tailscale on a Synology NAS?
I’ve spent too many hours googling this stuff without a solution in sight that I’m able to understand....
What're some of the dumbest things you've done to yourself in Linux?
I’m working on a some materials for a class wherein I’ll be teaching some young, wide-eyed Windows nerds about Linux and we’re including a section we’re calling “foot guns”. Basically it’s ways you might shoot yourself in the foot while meddling with your newfound Linux powers....
How are you making services remotely accessible? (kbin.run)
I need help figuring out where I am going wrong or being an idiot, if people could point out where......
Custom Domain Email
I self host pretty much everything, but one of the services I find makes more sense to not self host is an email server....
To be honest, it is quite complicated now as well with all of the proprietary software (sh.itjust.works)
TL;DR You can manage Linux Machines with group policy (dmulder.github.io)
I just though I’d share...
Which communication protocol or open standard in software do you wish was more common or used more?
Whether you’re really passionate about RPC, MQTT, Matrix or wayland, tell us more about the protocols or open standards you have strong opinions on!
fucking beautiful. almost a year into the 'verse and its starting to become more functional than that R place... better than i imagined. (cdn.catsweat.com)
Stopping a badly behaved bot the wrong way.
I host a few small low-traffic websites for local interests. I do this for free - and some of them are for a friend who died last year but didn’t want all his work to vanish. They don’t get so many views, so I was surprised when I happened to glance at munin and saw my bandwidth usage had gone up a lot....
‘Meta is out of options’: EU regulators reject its privacy fee for Facebook and Instagram (finance.yahoo.com)
M365 dropping email from Gmail domain?
I work for the support department of a large multinational imaging company. Starting yesterday, we started getting tons of calls from customers who have been sending email from their devices from Gmail domains who are not able to send emails to M365 users. A bit of snooping in our test M365 domain shows that they are being...