https://github.com/jgraph/drawio/blame/dev/LICENSE <-- that’s … a rather specific and recent change. Is there a story here ?
https://github.com/jgraph/drawio/blame/dev/LICENSE <-- that’s … a rather specific and recent change. Is there a story here ?
You are aware that draw.io is itself open source and self-hostable: https://github.com/jgraph/drawio ?
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
Navidrome is another server that works pretty well, implements the subsonic protocol ( so all the apps that can cache and stream to your mobile device work). You can have multiple logins, or just share out playlists and albums individually to non-authenticated users.
MoCA is a way to send wired Ethernet up to (300mb/s, at least the version i have) over coax. Verizon fios would provide these devices to send internet to set top boxes over existing coax cabling, but you can get a pair of these devices and send Ethernet in on one side, and Ethernet out the other side.
I have noticed however, it adds a bit of latency to the connection, which may be trouble.
Depending on your use cases and apps, file locking can be problematic when sharing across SMB and NFS simultaneously, their locking semantics are slightly different
TacticalRMM is very comprehensive, self hosted, but more geared towards organizations managing a fleet of machines.
Passkeys are great, and generally a plus for security; but (a) all the most popular implementations have not implemented key export and transfer to alternate implementations (b) It includes an implementation ID + hardware attestation feature which can be used to disable ‘unapproved’ implementations by key consumers. Considering the most common device with a ‘secure’ environment, and can implement this are your cell phones, and they are made by Apple + Google, this effectively locks your identity to either of these platforms. © All the public signals smell and look like the providers (apple, google, Microsoft) are doing everything they can to implement the features to make lock in all but inevitable, including mandating that implementations user-hostile features, or risk being rejected by sites.
It’s a great idea, and it could be awesome, but things are not being addressed. Or being handwaved as “we can address them later”. This recent discussion from last month (both the discussion in the linked github issue, and in the HN thread both including some key players in the PassKey system) is pretty telling: https://news.ycombinator.com/item?id=39698502
IMAP on O365 now requires “Modern Auth”, which requires OAuth to authenticate access to mailboxes. Anything that connects via IMAP will need to be approved by the admins at this point (Including Thunderbird). Without the cooperation of your organization’s IT team, you are not going to get far.
I worry too – if this gets any significant uptake, what’s stopping Reddit from shutting off the spigot? Given their reasons for turning the screws on API and other policy changes, they may not take kindly to having “their” content re-posted elsewhere, let alone to a system designed specifically to escape reddit.
Planka looks very promising too
TOR needs to have a lot of ‘background noise’ legit use, otherwise the folks needing to hide in the weeds stick out like a sore thumb.
If you use gitea, it’s just a few steps to enable it to be an OAuth2 provider. See Oauth2 Provider Docs
Not only do they not federate, they also seem to suggest they are not making the self hosting option as easy as it could be because they would prefer one instance that everyone connects with.
It seems pretty solid otherwise, and the self hosted option can work if you are willing to spar with it, but that position makes it super easy for one organization to buy or somehow influence all the primary devs and turn the project closed in no time at all.
Personally, I will use both: On servers with fixed network connections I will tend to use ifupdown; but on my linux laptops I’ll use networkmanager or networkd which tend to have nice UI’s for joining various forms of wifi networks. On my laptops for some VPN’s i"ll use the ifupdown configuration, which lets me setup all sorts of exotic configurations (bridges, vlans, vxlan, vpns, namespaces, etc.) The linux command line tooling has a litany of functions to check/test/diagnose/tweak networking settings, and they work across all the distros, AND they can reveal the full details of the network, as the kernel sees it. NetworkManager, networkd, connmann, etc, often omit details in the name of simplifying for the most common scenarios.
As an anecdote – I have been sitting on an elastic IP at AWS for years, with reverse DNS configured properly for it. Way early on (years ago), some spam filters would block the whole netblock, but I can’t remember the last time the IP Block was wholesale blocked. I think AWS is very much on top of any spam complaints from their Elastic IPs, and as long as you don’t abuse your specific IP, you are in good shape for light volume, non-spam mail.
LMTP support would be nice too: existing mail routing infrastructure could send messages into stalwart-managed mailboxes. (Edit: reading the docs, they do support LMTP! This is awesome)
A single binary can be invoked with different privilege levels. OpenSSH, for example is a single binary, but uses OS privilege separation when setting up connections from the root-owned daemon. (Just to be clear, I’m not sure that stalwart is using this technique, just that single binary apps do not exclude the possibility of OS privilege separation.)
Revolt is kinda “centralized”. You can host your own version, but they seem to actively discourage you from doing so.