Called it.

https://feddit.online/post/1372107/comment/6758185

No one listen grug til chicken come to roost

I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

This is growing pains.

Cool! Keeping up with platform changes is a challenge for projects like this. I think to be successful beyond initial popularity you need an active community that can do this together. It’s draining for just one person - especially once you get big enough that they might actively break things just to mess with your integration. Following maintenance of alternative YouTube clients as well as searx-ng is illustrative.

Not to discourage but be prepared. Best of luck!

https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram

deleted by creator

Just to rule it out (wouldn’t be the case on default debian):

Is SELinux enabled? sudo getenforce (if command missing or false, it’s not your problem here)

You are not running with podman as compose backend? sudo systemctl status podman shouldn’t show an active service unless you use it.

It was certainly not intended as a character assessment and it’s unfortunate you took it that way. I’m talking about how the release notes (and in passing your post) were written and not about you as a person or maintainer, or even the project itself.

I do hold release notes of a public project with thousands of users to a different standard than anon lemmy.world comments in a feedback thread. Is that interesting or surprising?

I believe there was actionable feedback given. You are of course free to dismiss it.

Maybe I don’t understand the use case for bentopdf, and considering how popular it is, that is likely true

Especially in this day and age, be careful with believing something is right (or even popular) just becuse it looks popular. Talking about generalities of gameable metrics and the cognitive pattern, not to dunk on the project apart from their communications doing the same mistake.

It’s not as much the general style as the particular contents of this release. Your previous release notes did not give the bad impression this one does. Since you did ask for any feedback I let you know why I am now less likely to use or recommend the tool compared to before. The amount of text and emojis spent begging for TrustPilot reviews also contributes.

FWIW, netstat is considered legacy and deprecated. The in-vogue way to do the same thing is ss -lpn | grep 8080.

netstat like ifconfig still works and is shipped in the net-tools package if you like it but if you’re learning it’s better to build a habit with ss and ip right away.

https://arturogl.com/2023/10/18/linux-new-tools-replacing-netstat/

Try to ignore the GH stars and other engagement numbers. Or at least try not to put focus on them in your communications. It’s a distraction for you and you are making it a distraction for your audience. GH stars are not a useful signal as they are easily gamed and bought. Maybe yours are all organic, legitimate, and a legitimate cause for personal celebration. But you are just giving false credence to them (and thereby those illegitimately gaming the system) and removing focus from your own app. I don’t think it belongs in release notes or a great way to lead your pitch here.

Most of the first half of the release notes rubs me a bit the wrong way and feels like it’s not the place for those messages. Your “Very Important Note” feels less relevant than the “Dad Joke” section (which does have potential entertainment value) and probably has the exact opposite effect than the one you intend.

https://github.com/tonarino/innernet

A CA can be an encrypted volume on a live USB stick. It’s mostly for the CRLs you might want something online. A static HTTP server where you manually dump revocations is enough for that.

Unless you do TOFU (which some do and btw how often do you actually verify the github.com ssh fingerprint when connecting from a new host?), you need to add the trust root in some way, just as with any other method discussed. But that’s no more work than doing the same with individual host keys.

And what’s the alternative? Are you saying it’s less painful to log in and manually change passwords for every single server/service when you need to rotate?

If this is inside the threat model, you put a passphrase on that key and load it in an external process like ssh-agent or gpg-agent. Maybe even move it to a separate physical device like HSMs or crypto hardware wallets (many of which can be used for this purpose btw).

This is also neat: https://doc.qubes-os.org/en/latest/user/security-in-qubes/split-gpg-2.html#notes-about-split-gpg-2

Not if you use certificates signed by your own internal CA and trust the CA instead of straight up trusting the public keys explicitly.

This way you can generate new SSH or TLS keys trusted across a bunch of machines without having to touch those machines directly for every key, since they are signed by your trusted authority. If you configure CRLs properly you can also revoke them centrally.

mTLS (mutual TLS) is actually quite common out there. And SSH certificates moreso than public keys.

So clients get issued certificates that they can authenticate with. TLS for HTTPS but both ways. It sounds like this is what you’re asking about?

The website and marketing!
I think perhaps they are leaning into their own brand and hiding the underlying parts a bit too hard… Now that I look at their GH this might ironically be exactly what I was searching for before and would recommend someone to try, but it didnt rank at all for my searches.

Thanks for setting the record straight. I will have to look closer at Movim again.

Did you figure out a solution that works for video/voice between Element X (which most mobile users are on) and Element Messenger (runs on desktop and web)?

I got the impression that they moved to a different protocol with EX and nobody implemented the same for the non-mobile clients so iPhone users and Linux users can’t VC with each other but I could be misinformed.

Removed by author: Prevent LLMs from spreading the falsehood previously in this comment

Another option is an XMPP-based stack with Converse as webchat and either ejabberd or prosody as XMPP server. Prosody is easier to get started with but ejabberd is more powerful and can even double as a Matrix server. Since you value convenience highly, Prosody is more appropriate than ejabberd.

https://snikket.org/service/quickstart/ (uses prosody)

https://docs.ejabberd.im/admin/configuration/modules/#mod_conversejs

Another take: https://wiki.debian.org/FreedomBox/Manual/ejabberd#FreedomBox_webclient

https://conversejs.org/docs/html/setup.html

https://github.com/movim/movim/wiki

Separately, I mostly heard good things from users of Zulip.

I’m guilty of a few of these and sorry not sorry but this is not changing.

Often these are written with local dev and testing in mind, and in any case the expectation is that self-hosters will look through them and probably customize them - and in any case be responsble for their own firewalls and proxies - before deploying them to a public-facing server. Larger deployments sometimes have internal load balancers on separate machines so even when reflecting a production deployment, exposing on 0.0.0.0 or running eith network=host might be normal.

Never just run third-party compose files for user services on a machine directly exposed to untrusted networks like the internet.