Authentik supports more authentication types and I think it’s more stable so you can use it in larger production servers. VoidAuth seems to be a lightweight alternative that only provides OIDC.

Both. How do I get started creating a new article, and how do I contribute to them, or other articles?

If you have caddy as a reverse proxy inside podman user namespace separated networks, they don’t take the upstream client IP address and instead you get local IP addresses assigned to logs. Socket activation is kinda required if you want to get the client’s real IP address in your logs.

I use openSUSE MicroOS as the container host, with podman. It was a bit tricky to install it in my Hetzner VPS and get used to how MicroOS handles system updates (it’s an immutable system), but I am quite happy with it. I found it interesting and decided to try out so I could learn how to use the system.

How do I get started on contributing to new articles (written by a human) for my language? I always wanted to help out but never found an easy way to do so.

With Encrypted Client Hello you can have some more privacy on obtaining certificates for wildcard domains, IIRC.

You can, you can create a profile based on a sensor. I had to install the it87 driver for Linux to identify the case cooling fans I had.

I had the same considerations when I self-hosted headscale as the controller for accessing my VPS. However, I figured that it shouldn’t be a big deal, and there’s no chance of someone registering rogue devices on your mesh, because, even though any device can request enrollment to Tailscale, ultimately you need to execute a command in your headscale server to confirm the enrollment/account creation, so there shouldn’t be that much of a problem leaving the web server exposed.

One more question, how did you manage to get the reverse proxy to proxy your pods? I just added two containers to one, and I cannot access the containers anymore by their names. Do I need to expose their ports on the pod configuration?

Personally, I would avoid host network mode as you expose those containers to the world (good if you want that, bad if you don’t)… possibly the same with using the public IP address of your instance.

My instance is only exposing the HTTP/HTTPS ports, those are the only ports enabled in the firewall.

It seems simple. Does it use pasta as the default networking backend? Also, I guess separating each app into their own network is added security, right? So if anything happens to one app, it cannot move laterally to the other apps unless it manages to gain access to the reverse proxy, which then it would be a huge problem.

Yes, it made people realize we don’t need Secure Boot and it’s just a pit of vulnerabilities.

Do you have to do this every time you update your phone?

Care to share how you disabled every bit of AI in the phone?

Yet companies are manipulating survey results to justify the FOMO jump to AI bandwagon. I don’t know where companies get the info that people want AI (looking at you Proton).

I maintain the DNS plugin for Vultr and I can say that it’s “safe”, but if you’re worried you should check their source code.

I believe it’s easier to have a vulnerability in the external provider’s API (for example, caddy-dns/vultr uses govultr) than Caddy. But I wouldn’t take things for granted if I was skeptical about these plugins.

I have a k3s cluster for fun and I can admit that k8s is way too complicated.

I don’t want to dig hours through documentation to find what I’m looking for. The docs sometimes feel like they were written for software devs and you should figure part of the solution yourself.

I have a ExternalName service that keeps fucking up my cluster everytime it restarts, bringing down my ingresses, because for some reason it doesn’t work and I have no idea where to look at to figure out why it doesn’t work - I just end up killing the service and reapplying the yaml file and it works.

I had to diagnose why my SSL certificates would get stuck in “issuing” in cert-manager, had to dig through 4 or 5 different resources until I got to an actual, descriptive error message telling me that I configured my ClusterIssuer wrongly.

I wanted a k3s cluster to learn but every time I have issues with it I realize it’s a terrible idea.

I wish I had podman + compose but it does seem like a docker-compose is more complicated. Also, I wish I could do ansible but I have no idea where to start (nor how it works).

EDIT: oh yeah I also lost IPv6 support because k3s by default doesn’t enable v6 and I was planning on using Hetzner CCM to have a 2 node cluster until I realized Hetzner Networks don’t support v6.

Can you use CrowdSec to track logs from a k8s pod? Say I have my website and some other services hosted on a k3s cluster, do I need to spin up a new pod for CrowdSec or should it be installed on the host?

As much as I despise MS and think they are equally incompetent, I don’t think it’s a good idea to lock down Windows. They will stop providing kernel access to 3rd parties at first, then a few months later you will only be able to download software from the Microsoft Store.

Yes, it’s a security issue but them being allowed to close down their OS sets a dangerous precedent that will make Windows even more shittier and enshittified than it already is.

where?