I'm a Linux sysadmin and I run open source services for free on NixNet.
From Amolith to ~sircmpwn/free-writers-club
Thank you all for the feedback. I've incorporated some of the suggestions and published the post :) https://secluded.site/pull-vs-push-intentional-notifications/
From Amolith to ~sircmpwn/free-writers-club
Hello all o/ I've drafted a new blog post, but would like some more eyes on it before I publish. Any feedback is welcome :) https://paste.sr.ht/~amolith/a06295a53b2397345c4ecd5f9c4038e3709d3f66 Cheers, Amolith
From Amolith to ~sircmpwn/sr.ht-discuss
Ingo Hoffmann <ingo@hoffmann.cx> writes: > I see where you're coming from. My main concern is that, IMHO, billing should > be more protected/has an extra layer of security. I had the same concern while initially reading the proposal. I checked the billing page and, personally, wouldn't have a huge problem with any of my employees having read-only access to the information here. It shows card type, last four digits, postal code, expiration month, and when you paid how much. If it showed more sensitive information, like more of the card details, I would absolutely want some knob to twist to disable read access. _Ideally_, that page could be hidden from all but a select few people
From Amolith to ~sircmpwn/sr.ht-discuss
> relying on what you host, redundancy becomes much more important. At > that point, I would say a minimum of two self- or professionally-managed > nameservers is ideal. I misplaced a word while editing. I meant to say "a minimum of two […] *secondary* nameservers is ideal", the goal being three total, one primary and two secondary.
From Amolith to ~sircmpwn/sr.ht-discuss
> How risky is it to only run a primary service and rely > on a free secondary service like ns-global.zone? As long as you're content with relying on two nameservers for all your stuff, I see no problem with it :) For personal services, I think even a single primary is sufficient. You'll notice when something's inaccessible and fix it if/when you need to. Once other people begin relying on what you host, redundancy becomes much more important. At that point, I would say a minimum of two self- or professionally-managed nameservers is ideal. > I always wonder why (almost) no public free software service host > offers authoritative DNS. Is there a security implication
From Amolith to ~sircmpwn/sr.ht-discuss
> Though I doubt it's far up on the priorities list, it might be a way for > sourcehut to earn some additional revenue. Thinking of how DNS is > currently, your only options are either the big oligopolists (yuck) or > small providers like Zilore or Hurricane Electric (stretching "small" > a bit here) that haven't caught up on modern standards like DNSSEC or > record types. In my experience, authoritative DNS is quite trivial for most minimally experienced admins to run themselves. Grab a few of the smaller servers from someone like BuyVM distributed across multiple datacenters, spend half a day learning PowerDNS, set one up as your primary, the other two as auto-secondaries, and enable automatic security updates. You're 95% of the way there. All that's left is using some of the free secondary
From Amolith to ~amolith/libremedia-discuss
> I’d like to request upload access. I wish to upload old animation in the public domain. I’m currently signed up with @disney_public_domain@libremedia.video
For the time being, I'm going to have to say no; I am actively
maintaining the system when I can, but I periodically lose access
because the server is physically managed by my co-admin and he
periodically just disappears with no warning for months at a time. I
don't want anyone to begin relying on LibreMedia only for everything to
break for the next six months.
From Amolith to ~amolith/libremedia-discuss
> Hello, I'd like to start uploading video recordings of tabletop RPG sessions. > They will be under CC BY-NC or BY-NC-SA. I have around 64GiB of recordings so > far, with more to come. The sessions are currently streamed on Twitch on a > weekly basis and we'd like to eventually stream simultaneously on LibreMedia > too. For the time being, I'm going to have to say no; I am actively maintaining the system when I can, but I periodically lose access because the server is physically managed by my co-admin and he periodically just disappears with no warning for months at a time. I don't want anyone to begin relying on LibreMedia only for everything to break for the next six months.
From Amolith to ~whereswaldon/arbor-dev
Daniel Wilkins <tekk@linuxmail.org> writes: > On Wed, Jul 20, 2022 at 11:09:56PM -0400, Amolith wrote: >> Signed-off-by: Amolith <amolith@secluded.site> >> + // Allow incoming Sprig/relay connections >> + err = sh.Run("ufw", "allow", "in", "7117") >> + if err != nil { >> + return err >> + } >> + > Do we want to allow ssh in too? You already allowed SSH in the original code you wrote.
From Amolith to ~whereswaldon/arbor-dev
> Should this include hte service name somewhere in the sh.Run > invocation? I don't run systemd so I can't test off-hand. No, any time you modify or add systemd services, you have to run daemon-reload to re-create dependency trees and regenerate things. After modyfing or adding services, you can't start, stop, enable, or disable anything until you run daemon-reload.