TCB13

TCB13 , 12 days ago to technology in Microsoft says it won't let you use Mail & Calendar app on Windows 11

The good part: two garbage apps will be gone from windows 😂

TCB13 , 15 days ago (edited 15 days ago) to selfhosted in Pros and cons of Proxmox in a home lab?

I like the web UI as well, but since i use an iPhone i wasn’t really able to be able to set up the browser with the cert

One thing you can do (that I have in the corporate) is to setup a reverse proxy in front of the WebUI and have it manage user authentication. Essentially nginx authenticates users against the company Keycloak IdP that provides SSO and whatnot. You can do with a simple HTTP basic auth or some simpler solution like phpAuthRequest.

• community.openhab.org/t/…/14542
• docs.nginx.com/…/securing-http-traffic-upstream/
• www.ibm.com/docs/en/order-management?topic=platfo… (not for Incus but the nginx config is similar)
• github.com/kendokan/phpAuthRequest

thanks again for the recommendation.

You’re welcome, enjoy.

TCB13 , 18 days ago to linux in Looking for a Mac OS9 style desktop environment

Unline modern macOS clones this actually look in line with Apple did…

https://lemmy.world/pictrs/image/b2b1dfcc-ea5a-41d8-81b8-c1741aa6453a.png

TCB13 , 19 days ago to programmerhumor in Andrew just wants to open his files on Windows 10

Most of the annoying stuff that Linux users hate about Windows are because Windows has to cater to even the least technologically knowledgeable users.

Isn’t that the whole idea of GNOME? Always considering users as stupid and lowering the bar?

TCB13 , 19 days ago to programmerhumor in Andrew just wants to open his files on Windows 10

Andrew complains, Microsoft makes a root mode so Andrew can have his way. Andrew breaks his computer the next second by deleting a system file and proceeds to call Microsoft support. :)

TCB13 , 19 days ago to selfhosted in HTTPS on homelab (just locally)

While I agree with you, an attacker may not need to go to such lengths in order to get the PK. The admin might misplace it or have a backup somewhere in plain text. People aren’t also prone to look to logs and it might be too late when they actually noticed that the CA was compromised.

Managing an entire CA safely and deploying certificates > complex; Getting let’s encrypt certificates using DNS challenges > easy;

TCB13 , 20 days ago to selfhosted in HTTPS on homelab (just locally)

Just be aware of the risks involved with running your own CA.

You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.

For what’s worth, LetsEncrypt with DNS-01 challenge is way easier to deploy and maintain in your internal hosts than adding a CA and dealing with all the devices that might not like custom CAs. Also more secure.

TCB13 , 20 days ago to selfhosted in HTTPS on homelab (just locally)

Just be aware of the risks involved with running your own CA.

TCB13 , 20 days ago to selfhosted in HTTPS on homelab (just locally)

Yes, LetsEncrypt with DNS-01 challenge is the easiest way to go. Be it a single wildcard for all hosts or not.

Running a CA is cool however, just be aware of the risks involved with running your own CA.

You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.

TCB13 , 20 days ago to selfhosted in Help setting up OpenWRT for extra router

I want the WAN coming in from the router from the Pi’s Ethernet port, and the LAN coming out as Wi-Fi. I may also stick an additional Ethernet adapter to it in the future.

Can you try to explain this a bit more?

TCB13 , 21 days ago to linux in Which distro do you find the most visually appealing?

Anything with GNOME is visually appealing but unfortunately the usability is pure garbage. KDE is the exact opposite and Xfce is quick but sits on an awkward place.

TCB13 , 22 days ago to linux in Getting IP address for LXD/Incus for ssh

You can run full GUI apps inside LXC containers and have X11 deal with the rest. Guides here and here.

TCB13 , 22 days ago to linux in Getting IP address for LXD/Incus for ssh

Well, it’s a container, in most situations you would be running as root because the root inside the container is an unprivileged user outside it. So in effect the root inside the container will only be able to act as root inside that container and nowhere else. Most people simply do it that way and don’t bother with it.

If you really want there are ways to specify the user… but again there’s little to no point there.

<span style="color:#323232;">lxc exec container-name --user 1000 bash 
</span><span style="color:#323232;">lxc exec container-name -- su --shell /bin/bash --login user-name
</span>

For your convenience you can alias that in your host’s ~/.bashrc with something like:

<span style="color:#323232;">lxcbash() { lxc exec "$1" -- sudo --login --user "$2"; }
</span><span style="color:#323232;">
</span>

And then run like:

<span style="color:#323232;">lxcbash container-name user-name
</span>

TCB13 , 22 days ago to linux in Getting IP address for LXD/Incus for ssh

What do you do if you want to find the IP address of an instance, but incus list does not give you one?

If that’s the case then it means there’s no networking configured for the container or inside it. The image you’re using may not come with DHCP enabled or networking at all.

I often just find the IP of the container and then ssh in as that feels natural, but perhaps I am cutting against the grain here.

You are. You aren’t supposed to SSH into a container… it’s just a waste of time. Simply run:

<span style="color:#323232;">lxc exec container-name bash # or sh depending on the distro
</span>

And you’ll inside the container much faster and without wasting resources.

TCB13 , 23 days ago to linux in Why do you still hate Windows?

And that’s okay, however those same people are the ones saying Windows is unusable because it would take a very long time to disable analytics. This is the thing, people aren’t consistent.