• 4 Posts
  • 219 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle





  • The concern is that it would be nice if the UNIX users and LDAP is automatically in sync and managed from a version controlled source. I guess the answer is just build up a static LDAP database from my existing configs. It would be nice to have one authoritative system on the server but I guess as long as they are both built from one source of truth it shouldn’t be an issue.


  • Yes, LDAP is a general tool. But many applications that I am interested in using it for user information. That is what I want to use it for. I’m not really interested in storing other data.

    I think you are sort of missing the goal of the question. I have a bunch of self-hosted services like Jellyfin, qBittorrent, PhotoPrism, Metabase … I want to avoid having to configure users in each one individually. I am considering LDAP because it is supported by many of these services. I’m not concerned about synchronizing UNIX users, I already have that solved. (If I need to move those to LDAP as well that can be considered, but isn’t a goal).


  • I do use a reverse proxy but for various reasons you can’t just block off some apps. For example if you want to play Jellyfin on a Chromecast or similar, or PhotoPrism if you want to use sharing links. Unfortunately these systems are designed around the built-in auth and you can’t just slap a proxy in front.

    I do use nginx with basic with in front of services where I can. I trust nginx much more than 10 different services with varying quality levels. But unfortunately not all services play well.


  • How are you configuring this? I checked for Jellyfin and their are third-party plugins which don’t look too mature, but none of them seem to work with apps. qBittorrent doesn’t support much (actually I may be able to put reverse-proxy auth in front… I’ll look into that) and Metabase locks SSO behind a premium subscription.

    IDK why but it does seem that LDAP is much more widely supported. Or am I missing some method to make it work





  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 month ago

    I mean it is always better to have more open source. But the point of the multi-hop system is that you don’t need to trust the server. Even if the server was open source:

    1. You wouldn’t know that we are running an unmodified version.
    2. If you need to trust the server then someone could compel us to tap it or monitor it.

    The open source client is enough to verify this and the security of the whole scheme.




  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    1 month ago

    Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.

    I’m actually working on a VPN product as well. It is a multi-hop system so that we can’t track you. But it isn’t publicly available yet, so in the meantime I happily recommend Mullvad.


  • HTTP/1.1 403 UNAUTHORIZED
    {
      "error": {
        "status": "UNAUTHORIZED",
        "message": "Unauthorized access",
      },
    }
    

    I would separate the status from the HTTP status.

    1. The HTTP status is great for reasonable default behaviours from clients.
    2. The application status can be used for adding more specific errors. (Is the access token expired, is your account blocked, is your organization blocked)

    Even if you don’t need the status now, it is nice to have it if you want to add it in the future.

    You can use a string or an integer as the status code, string is probably a bit more convenient for easy readability.

    The message should be something that could be sent directly to the user, but mostly helpful to developers.


  • Vista sucked so bad. I got a nice new laptop and it was constant pain. One of the real breaking points was that it would refuse to let me modify or delete some files even as superuser. If I recall correctly they weren’t even system files, maybe a separate partition or something.

    I tried installing XP but there was some sort of driver issue with my CD drive. It would start installing fine, but then once it tried to reboot off of the HDD to finish the installation it couldn’t find the installation CD to finish copying things, so the install just crashed half-way done.

    I installed Ubuntu on a partition, dual booted for a while. After a few months I realized that I never even used the Windows partition anymore so I wiped it.


  • Likely what is happening is that the game is probing audio devices and triggering the mic on your headphones to get picked up. This switches them into the “headset” profile which has awful audio quality. I don’t know why the UI isn’t showing that, make sure you are checking while the game is running and the audio sounds bad.

    If you want your headphone mic to work there is not much choice. There isn’t a standard bluetooth profile with good audio and mic. If you never want to use your headphone mic you can probably configure some advanced settings in your audio manager (probably PulseAudio or PipeWire).


  • These are all good points. This is why it is important to match your recommendations to the person. For example if I know they have Chrome and a Google account I might just recommend using that. Yes, it isn’t end-to-end encrypted and Google isn’t great for privacy but at least they are already managing logins over all of their devices.

    In many cases perfect is the enemy of better. I would rather them use any password manager and unique passwords (even “a text file on their desktop”) than them sticking to one password anywhere because other solutions are too complicated.


  • It depends on your threat model. It does mostly reduce the benefit from 2FA, but you are probably still very safe if you use a random password per site. I mostly use 2FA when forced (other than a few high-value accounts) so I don’t worry about it. For most people having a random password which is auto-filled so that you don’t type it into the wrong site is more than sufficient to keep themselves secure.