.... /s?
arcayne
Flex in my ass
absolute madlad
For sure! If you do end up taking it for a spin, feel free to ping me with any questions.
I'd like to encourage you to take another look at Authentik, it sounds like their Proxy Provider is exactly what you're looking for: https://docs.goauthentik.io/docs/providers/proxy/
Authentik can certainly get complex, but only if you want/need it to. It is by far the most user-friendly IDP solution I've found, especially for what it offers. Their docs also have step-by-step guides for how to integrate a lot of popular self-hosted apps.
Only takes a couple mins to spin up a test environment using their Docker compose file: https://docs.goauthentik.io/docs/installation/docker-compose
Apps: SSO via Authentik where I can, unique user/pass combo via Bitwarden where I can't (or, more realistically, don't want to).
General infra: Unique RSA keys, sometimes Ed25519
Core infra: Yubikey
This is overkill for most, but I'm a systems engineer with a homelab, so it works well for me.
If you're wanting to practice good security hygiene, the bare minimum would be using unique cred pairs (or at least unique passwords) per app/service, auto-filled via a proper password manager with a browser extension (like KeePassXC or Bitwarden).
Edit: On the network side, if your goal is to just do some basic internal self-hosting, there's nothing wrong with keeping your topo mostly flat (with the exception of a separate VLAN for IoT, if applicable). Outside of that, making good use of firewalls will help you keep things pretty tight. The networking rabbit hole is a deep one, not always worth the dive unless you're truly wanting to learn for the sake of a cert/job/etc.
Ok, I'll bite.
First off, thanks for sharing Louis' video, I just finished watching it. Not really sure how it was supposed to reinforce your statement, Louis had a good take that actually echoed a lot of the same points Jason was trying to make.
I'm not against the intent behind the initiative, to be clear. Frankly, neither is Jason if you pay attention to what he says in his videos - he just doesn't agree with some of the ways they're going about it.
My concerns stem from wanting the initiative to have the best chance of success if it does end up grabbing traction. Like Jason said, if we're going to start this much-needed conversation, lets make sure the language being used is precise, well defined, and calls attention to the source of the problem. Yeah, the initiative might be EU-only right now, but once the conversation starts, it can quickly and easily become a global discussion.
In my opinion, some of the language being used for the initiative (and by many of its more vocal supporters) runs the risk of being tragically misinterpreted as bunch of babies that want to throw a public fit because someone took their 10yr old bottle away and it's just not faaaair, rather than appearing like a level headed collective with strong talking points fit for adult discussion in a global forum.
I agree with both Jason and Louis that one of the most intrinsic faults with the current state of the gaming industry, that absolutely must be addressed, is the distinct lack of clear and obvious definitions - in both marketing and at the point of sale - as to whether a transaction will result in you receiving a copy of a game which you will then own in perpetuity, or merely a license to access a game during the finite course of its existence. Right now, that's nearly impossible to determine at a glance, which is not OK.
I do consider live service games to be finite. Aside from it being an impossible task, it simply does not make sense to expect, let alone demand, that any company should indefinitely sustain even a fraction of the infrastructure required for games like WoW, Guild Wars, or FF after they've obviously run their course and begun idling with an average active player count in the double-digits for months on end.
That said, I also believe that (in certain cases) it is not unreasonable to ask studios/publishers to facilitate the release of components (server binaries, source code, etc) that would enable enthusiast communities to continue enjoying the game by hosting private servers at the cost of their own time, effort, and resources. It's highly unlikely those instances would ever be able to replicate the glory days when the game was at its peak, but who cares? I had tons fun on private WoW servers back in the day, and got to enjoy a lot of creative changes and additions to the base game from hobbyist developers.
Most importantly, I firmly believe that games like The Crew should not exist. Which is to say, wolves in sheeps clothing - aka live service games masquerading as single player games with 'optional' multiplayer (same goes for the whole 'always online' concept that so many single player games have started to adopt). If a game has a single player component in any fashion - it should absolutely be considered a "possession" and continue to function offline, indefinitely, regardless of what happens to the online components it might have shipped with.
The intent of my original comment was to encourage the consideration and evaluation of multiple perspectives on such an important subject, maybe spark some thoughtful conversation, and have an opportunity to learn from your perspectives as well. I won't be making that mistake 'round these parts again though, holy shit.
Thanks to The Primeagen, I've recently become fond of pronouncing it /skwiːl/
Y'know: Squeal, Squeal-lite, Pee-squeal, etc.
Ah yes, reminds me of the surprisingly family-friendly ILoveBiGals.com
We're so tightly integrated with the M$ ecosystem at my work, it's painful. My department has even been going out of it's way to self host (F)OSS alternatives where we can, just to avoid as much of the cludge as possible.
Has anyone tried out the new Teams integration feature that Mattermost recently rolled out for Enterprise customers? If so, any good?
If we can seamlessly sync calls/meetings from Teams into Mattermost and ditch the Teams client for our day-to-day comms, I might have a fighting chance at convincing my supervisor to pivot my department.
Wezterm is my primary. Love the built-in domain/sshmux features, especially for work. The LUA config rocks, sky is the limit. Highly portable when using something like Chezmoi or YADM.
That said, it's not always the most performant, especially with certain TUIs. I've been running my NVim workspace in Kitty lately just to avoid the minor UI lag (primarily with lazygit). Not a fan of Kitty (or its dev) otherwise, but it serves its purpose.
If Wezterm ever gets optimized, it'll be the GOAT for me.
Ghostty also sounds like it's got potential, but haven't gotten my invite yet. ¯\_(ツ)_/¯