For example I’m not aware of any way to do upload without a login in Seafile.
You can create upload share the same way you create a download share. Then just give a link to whoever you want to and that’s it. I’m pretty sure it’ll show files already in the share while uploading, but I’m not 100% sure on that.
You could get around with a normal file share service (assuming you already are using one) via tinyurl or similar redirect. I don’t know how much the free services track you or if they have other security implications, but I have couple of domains laying around and it would be pretty trivial to just create HTTP redirect from “class-a.up.mydomain.foo” to my nextcloud upload link.
Or, if you’re using only one or few distributions you can preseed the image and have the installer do the stuff for you.
That’s something along the lines I do as well, but your methods are far more in depth than mine. I just glance around documentations, how active the development is and get a rough idea if the thing is just a single person hobby-project or something which has a bit more momentum.
And it of course also depends on if I’m looking for solutions just for myself or is it for others and spesifically if it’s work related. But full audits? No. There’s no way my lifetime would be enough to audit everything I use and even with infinite time I don’t have the skills to do that (which of course wouldn’t be an issue if I had infinite time, but I don’t see that happening).
In our company we (at least IT department) get to choose our own bags (within reason). I have some generic lenovo backpack they had laying around when I started and it’s decent enough. Maybe a bit smaller side on what I’d like, but it carries my laptop, headset, random cables, power supply, notepad and stuff like that just fine. And it doesn’t have any kind of visible logo on it at all, unless you count the Think® colour scheme on zipper tabs.
And it’s also a security thing. Should someone steal my backpack it does not have any logos to pinpoint which company it belongs unless I’ve left my lanyard in the pocket with my rfid-tag. And of course if you open the laptop it has AD forest name on there, so it’s pretty trivial to figure out, but at least I’m not advertising ‘steal my things if you want access to this company’ everywhere.
Is my current set up secure, assuming strong passwords were used for everything?
Network security is a complicated beast to manage. If general public can access your services over the internet, that’s a threat you need to mitigate. Strong passwords is a good start on that, but it doesn’t take into account if there’s a flaw or bug on the service you’re running. Also if you have external users, they might reuse their passwords and leak for those might cause a threat too, specially if there’s privilege escalation bugs on the software you’re running.
And so on, it’s a too wide field to cover in a short comment here, but when you’re building your stuff, and what is maybe the most disticntive feature on a good professional between a not so good one, is to think ahead and prepare for every imaginable scenario where something goes wrong. Every time you add a way to access your network, no matter how minuscle, think what happens if that way gets compromised and what it might mean on the very worst case.
Maybe you want to add another access point to your network since your terrace isn’t properly covered. That’s nice to have, but now everyone around 100 meters around your house/apartment might have access to your stuff if they can break your wifi security. Maybe you set up a reverse proxy or tailscale on the stack. Now the whole internet can at least probe your stuff and try to find vulnerabilities, try to use stolen credentials and even try to social engineer their way into your stuff. Or maybe you made an mistake and left something open that shouldn’t be.
I’m not trying to scare you off out of anything. Go ahead and play with your stuff, break things, learn how to fix them, have fun while doing it. Just remember to think ahead about worst case scenarios, weigh their risks, think ahead and then go on. Learn about DNAT, reverse proxies, VPN and network layers and whatever you come across on your adventure but keep in mind that shit will hit the fan at some point. And learn to accept that, learn from your mistakes and do better next time.
Hetzner provides managed web hosting too. For emails I think you need to look for some other provider.
I’ve seen some shit. But I’m also old enough to not care. I’m a freaking system administrator, not a surgeon. No one has died if their email is unreacable for an hour or two. Shit happens, then you deal with it and that’s all. Difference between a junior and a seasoned veteran is that old guys with battle scars is that the seasoned guy knows that something will break, shit will hit the fan and everything might turn up into a chaos and plan accordingly. Juniors will either endure and learn along the way or crumble.
When you’ve been in the business for few decades it’s not that big of a deal to cause an outage. You know how to fix your shit, you know how to work with a severely crippled environment and you know how to build the whole circus from the ground up. And you also know that no matter how disappointed or loud the C** suits are, they’ll calm down once you get them out of the hole.
Just today I had a meeting with discussion on what to do if some obscure edge-case ruins our ~5k users and few continents wide AD tree. Sure, if that would happen, it would most definetly suck balls to get back up and it would hurt the company bottom line and it would mean few nights with very little sleep, but no one would still die and our team is up to the task to build the whole crap out of nothing if needed. So, it’s just business as usual. But all of us have been in the business long enough that we know how to avoid the common pitfalls and we trust eachother enough that should the shit hit the fan in the big way we could still recover the whole situation.
And still, even if the whole thing burns up in the flames, I’ve got the experience and skillset under my belt which will be valuable to some other business entity. I just don’t care if the main office building is on literal fire. It’s not my problem to fix immediately and when it is it’s still just work. I put in the hours they pay for me and do whatever I can but when I’m off the clock the employer doesn’t really exist in my world.
I’ve been a happy customer with joker.com (Germany) for at least 10 years.
I think it was some XMPP related server I ran quite a few years ago which had ‘i_have_read_the_manual = 0’ or something similar buried into default configuration file. And it would just silently exit if that variable was not set properly.
Maybe we need more things like that.
And me.
Don’t know what Elmos minions are doing, but I’ve written code at least equally unefficient. It was quite a few years ago (the code was in written in perl) and I at least want to think that I’m better now (but I’m not paid to code anymore). The task was to pull in data from a CSV (or something like that, as I mentioned, it’s been a while) and it needed conversion to XML (or something similar).
The idea behind my code was that you could just configure which fields you want from arbitary source data and on where to place them on the whatever supported destination format. I still think that the basic idea behind that project is pretty neat, just throw in whatever you happen to have and have something completely else out of the other end. And it worked as it should. It was just stupidly hungry for memory. 20k entries would eat up several gigabytes of memory from a workstation (and back then it was premium to have even 16G around) and it was also freaking slow to run (like 0.2 - 0.5 seconds per entry).
But even then I didn’t need to tweet that my hard drive is overheating. I well understood that my code is just bad and I even improved it a bit here and there, but it was still so very slow and used ridiculous amounts of RAM. The project was pretty neat and when you had few hundred items to process at a time it was even pretty good, there was companies who relied on that code and paid for support. It just totally broke down with even a slightly bigger datasets.
But, as I already mentioned, my hard drive didn’t overheat on that load.
Actual shortage. Performance drops significantly when zfs doesn’t have enough memory. It might have been an option to tweak configuration for zfs pools, add SSD for caching and so on, but I needed to change drive configurations anyways for other reasons so for me it was easier to drop zfs and switch to software raid.
How much RAM your system has? Zfs is pretty hungry for memory and if you don’t have enough it’ll have quite significant impact on performance. My proxmox had 7x4TB drives on zfs pool and with 32 gigs of RAM there was practically nothing left for the VMs under heavy i/o load.
I switched the whole setup to software raid, but it’s not offically supported by proxmox and thus managing it is not quite trivial.
I mostly use battlestar galactica ship names for my own hardware, but it’s been mixed with boring ‘<function>.mydomain.foo’ names as well. I should rename a bunch of stuff around and include them in my DNS.
The exchanged mails between the IMAP host and the MTA need a unique identifier to organize contents of the DB, and this would not be possible or automatic if your switched the upstream MTA.
It sure is possible. I’ve copied maildirs over different software, different servers, local copies back to the server and so on. Also if you just rely on your own IMAP server the upstream doesn’t matter as fetchmail (or whatever you choose to use) anyways communicates between hosts on their preferred protocols.
Obviously there’s a tradeoff since now you’re responsible for your backups and maintaining your server, but it can sit nicely on your private LAN with access only locally or via VPN without direct access to the internet. And you don’t need MTA to run IMAP server in the first place.
You can run a dovecot (or any IMAP server) where ever you want and use fetchmail to pull data from POP-server into it. There’s plenty of discussion and instructions around the web so I won’t copy’n’paste them here, search for ‘fetchmail dovecot’ or something similar.
I meant that the technology itself is reliable. And you can do self hosting just fine too, I’ve been doing it since 2010 or so, but running a local smarthost which sends messages via reputable SMTP provider works just fine too. Or even directly interacting with the SMTP provider from all the applications you’re running.
I did self-host bitwarden and it’s not that bad to keep updated and running after initial setup (including backups obviously) but it still requires some time and effort to keep it running. And as I was the only user for the service it just wasn’t worth the time spent for me (YMMV) so I switched to their EU servers and I’ve been a happy user ever since.
What I should do is to improve local backps on that, currently I just export my data every now and then manually to a secured storage, but doing it manually means that there’s often too long time between exports.