• 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: July 12th, 2023

help-circle
  • I’ve used nextcloud for a while now, but it does suffer from jack of all trades syndrome. I’ve started offloading the things I use it for to other services that do a particular thing better. Syncthing for general file syncing across my devices, Immich for managing photos, Radicale for contacts and calendar sync…

    If you’re just looking for an all in one Google Drive like experience for your files though, Nextcloud is as good as it gets.


  • I use Portainer and it’s a good UI, but I find the way they market business edition pretty scummy. Like having a banner ad constantly visible on the page, and having half the features visible but disabled with a big bright “upgrade to Business Edition” message next to them, and directly refusing to add any mechanism to opt out. I respect that they need funding for development, but they need to realize that a lot of their users simply don’t need a business license and aren’t going to buy one no matter how much advertisement you throw at them. The fact that they don’t realize that and refuse to budge indicates to me that they’ve stopped caring about the user experience of their product.

    Sorry for the rant, I’ve been annoyed by this for a long time. Some day I’ll set up my own gitops pipeline, but that pesky day job keeps getting in the way.





  • I’m not super paranoid about security, but I do try to have a few good practices to make sure that it takes more than a bot scanning for /admin.php to find a way in.

    • Anything with SSH access uses key-based auth with password auth disabled. First thing I do when spinning up a new machine
    • Almost nothing is exposed directly to the Internet. I have wireguard set up on all my devices for remote access and also for extra security on public networks
    • Anyone who comes to visit gets put on the “guest” network, which is a separate subnet that can’t see or talk to anything on the main network
    • For any service that supports creating multiple logins, I make sure I have a separate admin user with elevated permissions, and then create a non-privileged user that I sign in on other devices with
    • Every web-based service is only accessible with a FQDN which auto-redirects to HTTPS and has an actual certificate signed by a trusted CA. This is probably the most “paranoid” thing I do, because of the aforementioned not being accessible on the Internet, but it makes me happy to see the little lock symbol on my browser without having to fiddle around with trusting a self-signed cert.


  • MostlyGibberish@lemm.eetoMemes@lemmy.mlNo context
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    10 months ago

    I mean, that goes both ways. As an American, and especially as a guy, I often get sideways looks when I mention I have a bidet. If you can’t or won’t try it out, fine, but people are really acting like it’s strange to clean yourself off using water.