moonpiedumplings

Cal state northridge?

Because forgejo's ssh isn't for a normal ssh service, but rather so that users can access git over ssh.

Now technically, a bastion should work, but it's not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn't it be configured within the other tools used for exposes services? (Reverse proxy/caddy).

And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn't do.

So based on what you've said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?

Yeah, I don't even know sharing Unix users is possible. EDIT: It seems to be based on comments below.

But what I do know is possible, is for Unix/Linux to get it's users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.

Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo

After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server

Or you could have a config file for the openldap server

RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I've seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.

First things first: Check if any data was actually leaked/breached.

Many times, the data leaks news sites like to report in the most alarmist manner, don't actually contain any new data, and are just aggregations of older breaches that already happened. Although still worth reporting, sadly, due to the way ads and clickbait works, they are incentivized to play it up and report it as the LARGEST DATA BREACH EVER 2024 CLICK ME IMMEDIATELY.

But yeah. My recommendation: Find high quality sources which either don't report this stuff, or I like lemmy (and used to like reddit), because when stuff like that gets posted, it gets called out by users in the comments.

Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.

For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.

I use the browser extension Port authority to block it.

Of course, port scanning is used by ebay to scan users computers, and discord.

Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you're doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.

Anyway the centralized nature of Revolt Chat makes it no very appealing for me.

I agree with this. I will probably stick with either matrix or xmpp due, to their federated nature, and strong E2EE. Matrix is a better discord replacement, as it has more features, is more standardized, has a better web client, and has "spaces", which are somewhat analogous to discord servers.

Xmpp however, is much more lightweight on both servers and clients than matrix, and it's E2EE works more reliably (none of that "failed to decrypt nonsense), and makes a better E2EE messenger.

I attempted to find evidence to support this.

I found one reddit post claiming this, but they themselves did not provide any evidence.

freedom of religion is a human right bruh i did not say anything but i believe in god the banned me and claimed i was being homophobic 1. i said nothing about it 2. stfu even if i was

​Not exactly the most compelling piece of evidence, and this was all I could find.

Also Black here!

(My keyboard doesn't have emotes, but pretend this is the black hand waving hi)

Edit: 👋🏾

Pip in a venv doesn't get you non python tools.

Conda also has venvs, for seperate environments for stuff as well.

https://rclone.org/drive/

https://rclone.org/crypt/

No way to protect emails, google chats, or many other things AFAIK. Yeah, I hate it too.