All I need is for them to fix the public collection RSS feed bug where they embed “https,http” in the feed xml if you’re behind a reverse proxy - which breaks parsing

and has integration for Oxidized, smokeping, greylog and more

Yes. But also, despite having done it literally thousands of times, I still can’t tell you which way round to put the target and the link name for a softlink on the first go.

My first guess is always

ln -s $NAME $TARGET

No amount of repetition will fix this.

Sounds like you have reason to bump it up the list now - two birds with one stone.

I need to do this too. I know I have stuff deployed that has plaintext secrets in .env or even the compose. I’ll never get time to audit everything. So the more I make the baseline deployment safe, the better.

You’re a monster. My scps would go nowhere

It’s the right move.

I tell you, the first time you’re sat in front of a CEO and an auditor and you have to explain why the big list of servers has a highlighted one called C-NT-PRIK-5 is when the fun stops.

Explaining that it’s short for ‘customer network tester Mr. Prickles 5’, and is actually a cacti server never really seems to help the situation.

At least a few of the customers got a laugh out of it being on the reports!

Username checks out

You had me digging through old hosts files and ssh configs to find some of these.

I try to name them something that resembles what they do or has something to do with what their purpose is.

Short is good, and if it can match more than one of the machine’s purpose/os/software/look, the better.

If it’s some sort of personal machine, it gets a personal name

Phones

• traveller
• pawn
• rook
• bishop

Virtual Workstations

• boxy

• moxy

• sandbox

• cloud

• ship lxc container host

• dock docker host

Laptops

• ciel Razer blade stealth with a rainbow LED keyboard
• arc runs arch.
• lled is a dell

Desktops

• bench
• citadel
• bastion

Lots of people have been talking about products and tools. It’s docker, tailscale, cloudflare proxmox etc. These are important, but will likely come and go on a long enough timescale.

In terms of actual skills, there’s two that will dramatically decrease your headaches. Documention and backup planning. The problem with developing those skills is, to my knowledge, they’ve only ever been obtained through suffering. Trying to remember how to rebuild something when you built it 6 months ago is futile. Trying to recover borked data is brutal. There’s no fail-safe that you haven’t created, and there’s no history that you haven’t written. Fortunately, these are also the most transferable skills.

My advice is, jump in. Don’t hesitate. The chops in docker/linux/networking will come with use and familiarity. If it looks cool, do it. Make mistakes. You will rapidly realise what the problems with your set up are. You will gain knowledge in leaps and bounds from breaking a thing vs learning by rote or lesson. Reframe the headaches as a feature, not a bug - they’re highlighting holes in your understanding. They signpost the way to being a better tech, and a more stable production environment.

The greatest bit about self hosting for me is planning the next great leap forward, making it better, cleaner, more robust. Growing the confidence in your abilities to create a system you can trust. Honing your skills and toolset is the entirety of the excercise, so jump in, and don’t focus on any one thing to master or practice before hand!

It also sounds like clearing your throat, then spitting!

Haugck - Tooie!

Edit: and now I see that was the joke

Buster’s slightly concerned he’s about to be replaced with bookworm

So I’ve implemented Obsidian Git, and it works really well. The only trouble I’ve had is on iOS (I’ve got m it on android, fedora, debian and windows) where it’s bot supporting merge changes.

I’m considering moving to logseq and implementing the same.

The other alternative to self hosting is ‘SyncThing’. After I introduced my dad to obsidian, I saw how he did his synchronization with it, and it looks like a lot less overhead - fairly compelling

Happy to share some notes on my setup and his if you like

This is also true for UDP and ICMP connections, in case anyone reading wasn’t sure. This is how you’re able to ping stream and browse from behind your regular firewalls

No, that’s handled by ARP requests. In this case, it’s likely that the DHCP server is on the gateway, as that’s a pretty common setup for home ISP router arrangements.

Gateway refers to a router that has access to other networks. In this case, the default gateway, which will be the router that has access to the internet.

DNS or name servers are a separate option in DHCP leases, as are the IP addresses for DHCP servers, which are more of a windows thing generally.

In this case this comment is probably an accurate description of what’s happened:

https://lemm.ee/comment/7429148

I’d hesitate to call it truly enterprise, but I’ve used the 24 port/10Gbe version of these in a datacenter. Not many issues to write home about - seems to handle vlanning pretty well.

Has 10Gbe uplinks, US power, and PoE+. Probably access to a fancy dashboard too.

$1600 is probably as cheap as you’re getting.

Edit: Oh yeah, they’re probably not dual attached, and the ‘redundant power supply’ (RPS) is a separate appliance, which I consider kinda bullshit, that takes up another U.

I’ve had no trouble with actual switching performance though fwiw.

Edit 2: They’re probably compatible with the AR mobile app, which is hella cool, and somewhat useful in customer sites.

48 port Ubiquiti

Do not forget to log out and log back in after you add yourself to a new group. Your desktop environment is a program, and it won’t know about the update until you spawn a new graphical shell with the updated permissions.

Lining up the wires, ensuring they’re straight and making sure they’re trimmed to the same length will help avoid crossover too.

You can help straighten them on the square edge of a table, just press them between your finger and the table at the part that’s stripped from the insulation, then pull them over the edge applying pressure the whole time.

You can also look for the newer cat 6 connectors. Lots of brands have an insert that you can slot the wires in to before putting them in the housing, which helps a lot.

Example here: https://www.amazon.com/W-NECTOUN-100-PACK-Connectors-Ethernet-Connector/dp/B0B1DHQCP7/

I would not consider Mermaid complete enough for network diagramming. The very basics are possible, but try to describe anything more complicated throws off the placement and makes the pathing whacky.

Straight flow charts are the closest you can get to a network diagram, so if you try to draw a link that travels back up the chart, it breaks mermaid’s brain trying to figure out the order of decision points (network devices).

The allure of text based diagrams is so tantalizing - but if you need them to be functional, it’s not going to happen

There’s an issue tracking the need a new diagram type to handle it.

If the files exist, are regular, are correct and the permissions don’t prohibit access, maybe there’s something else blocking the connection attempt.

Given that it’s ubuntu, could it be an AppArmor thing? Not sure if that’s enabled by default these days.

Seems to me like it can’t run the binaries, so there’s nothing listening on the sockets you’ve specified. Fix the bin-path issue, fix the problem

I always liked Geary, but stuck with evolution for the EWS support my jobs have always required.