chiisana

You can use Lidarr to subscribe to artists’ new album/singles. But you’d still need to have a workflow to add new artists every now and then to incorporate them into your library.

I think there needs to be individual degree of control beyond just the labels; especially for individual/small servers where owners might feel more individually liable.

For example, even within the NSFW space, there’s a wide varying degree of acceptable-ness depending where you are in the world and what your personal feelings are. A server owner in a more repressive parts of the world may put themselves in harms way if any LGBTQ+ (and apologies in advance, as I know I’m missing several letters and number, but I don’t remember the sequence order) content. Further extreme of the spectrum, “legal” age of drawn characters is another huge legality concern.

Simply having labels and depending on community moderator to label correctly (or even allowing server operators to try to override locally) seem like a only a very basic starting point, individual override is a must to prevent content that may get operators into trouble from even being shown in the first place.

I haven’t deployed Authelia specifically before so I probably won’t be the best when it comes to debugging. But i’d be happy to take a look if you think an extra fresh pair of eyes might help :)

My very cursory understanding is that SETI was shutting down, but BOINC (so folding etc) should still be going.

I used to think Authelia will allow you to consume external SSO… turns out I was wrong, maybe? So now I think I’m the odd ball here and think it might not be a good idea to deploy Authelia.

Here’s my thought process:

I have some apps I want to secure — they may or may not have already got a bake in authentication where they’ve got my password (ideally, just for that one app managed via password manager, but I’ll be the first to admit that’s not always the case). Passwords are icky, and even though they’re hashed, ideally hundreds of thousands of times, a leak / compromise is not unheard of.

Now, in order to secure these apps, the last thing I want is now to also worry about another app storing the password becoming the single point of failure.

In my mind, if it is literally just for me, I’d look at getting my reverse proxy to handle forward auth via OAuth to some much larger and trusted provider with MFA — Google, Microsoft, GitHub, etc. — and trust that their entire department responsible for auth will be smarter than some open source deployment I try to maintain/keep up.

In my mind, if it is more than just me, I’d look at getting something to consume multiple external providers, such that allows for the users to choose their desired provider, as well as allow me to slap an unified branding. So in this case I’d be looking at something like Authentik, Keycloak, or FusionAuth.

I just really don’t want to deal with handling/storing passwords.

But hey what kind of issues are you running into with Authelia? Is it just deploying/setting up? Or is it integrating with their supported identity provider (ie ldap)? Or something else all together?

Hm... these are both interesting but might be a bit overkill IMO.

I don't think I'd need a CA and intermediary step if all SSHd needs to do is check if a key is a currently approved key for this particular service or not; and I last looked at chef/puppet many years ago, and it was way too much orchestration work that we no longer need w/ Docker containers and smaller footprint host OSes.

Yeah, the problem is that I have 2 physical servers, each with 5 to 10 VMs on it, and a bunch of other VMs scattered across different cloud providers; it gets tricky to edit the ~/.ssh/authorized_keys file on each of them to reflect a new SSH key (i.e.: new machine on the "network") or replace an existing SSH key (i.e.: annual key cycle).

Language itself is not the problem. The old notion of “PHP is insecure” stemmed from languages elitists trying to fan the language war by pointing at CVE repositories and claiming the large number of issues stemming from 3rd party WordPress plug-ins and alike, ignoring the fact that there were way more projects than other languages because it is the most commonly used language on the web, as well as having way longer lineage therefor more time to accumulate security issues; whereas their new and shiney with lesser projects are allegedly more secure because there’s lesser projects, lesser eyeballs, lesser histories, etc.

The core language itself is fine; and just as with any other language out there, it is prudent to keep up with updates. The big named projects are fine; and just with any other projects out there, it is prudent to keep up with updates. The extensions/3rd party modules are … well you get the idea.

Just thought of this comparison:

How would you think if someone tells you “Microsoft (PHP) is insecure because there’s all these 3rd apps (plugins) for Windows (WordPress) that has security issues. Don’t believe me? Just look at all those problems from Windows ME (PHP4/5) days!”

I started trying out FusionAuth and it's been pretty neat. I off-load my auth to Google because I don't want yet another username/password nor do I want to be responsible in storing it, but you can certainly use built-in auth if your objective is to stop using external auth. I currently have my Kasm Workspace deployed behind it, so when user lands on Kasm, they get bounced to FusionAuth where there's a login prompt and Login w/ Google button; when they authenticate (be it through built-in auth or Google in my case), they get bounced back to Kasm Workspace in their account. This was deployed using docker compose, so I just annotate containers I want to protect w/ some labels, traefik handles all the glue work. I really like the way it worked out.

I'd imagine something like Authelia, which gets pushed a lot as well, would be able to offer a similar if not identical workflow.

For Lemmy, at this time, I don't think it is possible to gate it like that, otherwise inbound federation (i.e.: comment replies to this post) won't make it into your instance.

I’d recommend waiting a bit. Thread (network) and Matter (protocol) are finally gaining traction, and is poised to become the de facto standard across all major platforms (Amazon/Apple/Google). Buying Zigbee/Zwave/WiFi/BT gears now is literally buying gears that’s going to be outdated immediately.

Once you get interoperable devices on the better standards, you’d then be able to layer on with all-local setup easier.

I mean you either use it or you don’t right? If it doesn’t serve your needs, then it’s generally a prudent idea to get something better. Especially since WiFi is so important now days, it is generally a better idea to have your own infrastructure (router, switch and APs separately) that you trust as opposed to el cheapo ISP combo boxes.

I have XB7 and was able to self serve putting into bridge mode. What limitations are you running into?