mik

joined 2 years ago
sorted by: new top controversial old
What is the best trategie to refresh ssh keys? in c/selfhosted@lemmy.world
[–] mik@sh.itjust.works 1 points 2 weeks ago

CA unreachable means no renewals, but identity verification (login) is offline. As long as certs renewed fine, connection to the CA is not needed.

LG Update Installs Unremovable Microsoft Copilot on Smart TVs, Ignites Backlash in c/technology@lemmy.world
[–] mik@sh.itjust.works 17 points 3 weeks ago

Totally worth mentioning, some LG OLED TVs are able to be jailbroken and run homebrew software!

https://www.webosbrew.org/

It can block firmware updates and telemetry, so no spying and no surprise "feature" additions.

*Permanently Deleted* in c/selfhosted@lemmy.world
[–] mik@sh.itjust.works 2 points 4 months ago

@wesker@lemmy.sdf.org if it helps, the Symfonium dev is open to de-googled licensing via Ko-Fi donations. See the forum post here: https://support.symfonium.app/t/how-can-i-pay-for-symfonium-without-google-play

Per Tolriq's responses there, you can get the APK safely from the Aurora Store.

10
Feature request: multi-account biometic/pin lock (sh.itjust.works)
 

Coming from Sync for Lemmy, a feature I am missing is the ability to prompt for a pin or biometric check when switching into a particular account, or opening the app to that account.

This would be useful to protect more sensitive accounts, especially if it can also hide the protected accounts details on the account switcher, perhaps with a custom account display name local to the app?

Need some help with geoblocking caddy. in c/selfhosted@lemmy.world
[–] mik@sh.itjust.works 2 points 8 months ago

It probably would be easier to just write an "update Caddy" script. They don't release updates very often, except for security fixes, so it's not much effort to do manually. I automated mine with Forgejo Actions, you could do the same with GitHub actions as a free option for example. Lots of neat ways to accomplish this!

Need some help with geoblocking caddy. in c/selfhosted@lemmy.world
[–] mik@sh.itjust.works 2 points 8 months ago (4 children)

Xcaddy is a build tool. Caddy plugins are built into Caddy itself for optimization purposes, so xcaddy essentially makes you a custom version of Caddy. It only conflicts with Caddy so much as building a new version would conflict with the old version. You still get a normal "Caddy" executable after running xcaddy, just replace your existing Caddy with the new one created by xcaddy!

*Permanently Deleted* in c/linux@lemmy.ml
[–] mik@sh.itjust.works 5 points 1 year ago

It may be mostly "security theater" but it requires almost no extra effort and drastically increases the difficulty of compromise by adding privilege escalation as another requirement to gaining root access.

*Permanently Deleted* in c/linux@lemmy.ml
[–] mik@sh.itjust.works 11 points 1 year ago* (last edited 1 year ago) (16 children)

It helps protect you because if the application in question is compromised in any way (or has a flaw, i.e. an accidental rm -rf /*), the only access it has is limited to the user it is run as. If it is run as root, it has full administrative privilege.

I cannot seem to figure out how to get caddy automatic HTTPS to work behind cloud flair proxy. in c/selfhosted@lemmy.world
[–] mik@sh.itjust.works 2 points 1 year ago

I run the setup you're aiming for, and as the other guy said, DNS challenge is the way to go. That's what I do, and it works beautifully. It even works with Caddy auto-https, you just need to build Caddy with the cloudflare-dns plugin.