All I need is for them to fix the public collection RSS feed bug where they embed “https,http” in the feed xml if you’re behind a reverse proxy - which breaks parsing

and has integration for Oxidized, smokeping, greylog and more

Well, apparently Meta’s pixel tracking script was bypassing that VM and SELinux enforcment to exfil tracking impressions for years and doing it by creating webRTC dummy ports, that were chatting with their own apps (Instagram, Facebook, ?WhatsApp?-not sure). So not sure this was a great implementation to begin with.

And this was working despite sandboxing on other browsers

Source: https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

Thanks for the feedback - It was a systemd issue. Something caused it to continue generating slices for espanso until the machine locked up - probably spawned with each terminal. It happened on out of date fedora install 36 (when 41 was out) with gnome on it.

Since then I’ve moved to a window manager for all my machines and would likely invoke it the same way - perhaps now it’s time to revisit!

I used eapanso for a few years, but kept running in to issues with it spawning hundreds of versions of itself.

I really miss it though. Would you say it has matured?

We’re everywhere!

And search.

Ctrl +a and Ctrl +e for beginning and end of line are from Emacs.

GNU Readline is what provides them in the bash. There’s a bunch of shortcuts worth learning in there!

Most distributions I’ve tried use Emacs as the default shell binding style, some of the bindings are even available in things like appliance cli’s like Cisco IOS and clones.

Bash supports vi mode too, you just have to switch to it.

set -o vi

ZSH uses zle (ZSH Line Editor) instead of Readline, but I assume the Emacs style bindings have been copied over to zle for muscle memory portability. You can switch the keymap in zle,

bindkey -v

or set your own!

Yes. But also, despite having done it literally thousands of times, I still can’t tell you which way round to put the target and the link name for a softlink on the first go.

My first guess is always

ln -s $NAME $TARGET

No amount of repetition will fix this.

Sounds like you have reason to bump it up the list now - two birds with one stone.

I need to do this too. I know I have stuff deployed that has plaintext secrets in .env or even the compose. I’ll never get time to audit everything. So the more I make the baseline deployment safe, the better.

It’s common with rootless docker/podman. Something needs to start up the services, and you’re not using a root enabled docker/podman socket, so systemd it is.

Sounds like I won’t be using Vanilla because that (obsidian + synching + tailscale) is definitely my primary need.

The last time I played with it, I just remember thinking, cool - but why?

That’s what I was thinking, I know the pain of watching something run for ages, only to finally get past where it failed last time and run straight in to another stumbling block.

I don’t envy you having to work in an SELinux environment with less than stellar developer understanding of policies and contexts.

Is it not possible to run it in audit mode in dev and have it tell you what the would have blocked?

You’re a monster. My scps would go nowhere

It’s the right move.

I tell you, the first time you’re sat in front of a CEO and an auditor and you have to explain why the big list of servers has a highlighted one called C-NT-PRIK-5 is when the fun stops.

Explaining that it’s short for ‘customer network tester Mr. Prickles 5’, and is actually a cacti server never really seems to help the situation.

At least a few of the customers got a laugh out of it being on the reports!

Username checks out

You had me digging through old hosts files and ssh configs to find some of these.

I try to name them something that resembles what they do or has something to do with what their purpose is.

Short is good, and if it can match more than one of the machine’s purpose/os/software/look, the better.

If it’s some sort of personal machine, it gets a personal name

Phones

• traveller
• pawn
• rook
• bishop

Virtual Workstations

• boxy

• moxy

• sandbox

• cloud

• ship lxc container host

• dock docker host

Laptops

• ciel Razer blade stealth with a rainbow LED keyboard
• arc runs arch.
• lled is a dell

Desktops

• bench
• citadel
• bastion

Lots of people have been talking about products and tools. It’s docker, tailscale, cloudflare proxmox etc. These are important, but will likely come and go on a long enough timescale.

In terms of actual skills, there’s two that will dramatically decrease your headaches. Documention and backup planning. The problem with developing those skills is, to my knowledge, they’ve only ever been obtained through suffering. Trying to remember how to rebuild something when you built it 6 months ago is futile. Trying to recover borked data is brutal. There’s no fail-safe that you haven’t created, and there’s no history that you haven’t written. Fortunately, these are also the most transferable skills.

My advice is, jump in. Don’t hesitate. The chops in docker/linux/networking will come with use and familiarity. If it looks cool, do it. Make mistakes. You will rapidly realise what the problems with your set up are. You will gain knowledge in leaps and bounds from breaking a thing vs learning by rote or lesson. Reframe the headaches as a feature, not a bug - they’re highlighting holes in your understanding. They signpost the way to being a better tech, and a more stable production environment.

The greatest bit about self hosting for me is planning the next great leap forward, making it better, cleaner, more robust. Growing the confidence in your abilities to create a system you can trust. Honing your skills and toolset is the entirety of the excercise, so jump in, and don’t focus on any one thing to master or practice before hand!

I am doing the same, all I need is keepassdx to support passkeys now