I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you’d better onboard on matrix.org or else.

People saying self-hosting mastodon is hard never had to touch matrix. It’s not hard, the protocol is literally broken to the point where starting again is not an option.

I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It’s wild how much easier it used to be with xmpp.

First party app, yes. Thanks for the recommendation, I’ll give swiftfin a try.

Jellyfin looks pretty bad on an iPad. Subtitles setting keep getting reset on their own, it doesn’t understand basic keyboard controls (spacebar to pause), the UI is overall tiny. Oftentimes it will forget to save the spot where I finished watching and on the next launch will happily play the movie from beginning.

Local models are really good at tokenizing the text and figuring the intent in the user input. Not perfect, but much better than any possible regexps you can think of. And it’s a trivial operation you can run even on a CPU model.

The windows client does, yes. But I’ve found that to be fragile on occasions.

Technically, it does have a windows client. It’s just in various states of being broken.

Updates to DNS, yes. Not necessarily to your primary zone. In other words, you don’t need access to the name servers for your highly privileged example.com zone, only the nameservers for inconsequential.example.com. With the challenge delegation you can easily narrow the scope by CNAMEing the relevant _acme-challenge enries in your primary domain once. This not only removes the need for the validator to modify your primary zone, but also scopes what subdomains it can validate, too. So the blast radius decreases.

I, too, maintain several devices that insist on having the certificates (and keys, yuck) being fed to them by hand. I automated it all, because I don’t see why a human should be in a loop of copying the secret material. Automaton is good.

How complicated is it to have a CNAME? /s

You can delegate to isolated nameservers with DNS-01, there’s no need to have control over the primary zone: https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation

It was my first introduction to the type-length-value concept over the network, seemed radically different from the text only IRC protocol that I knew back then. I remember how fun it was to write an elegant parser for the ICQ messaging, and how I ended up on somewhat a DOM model where I converted the on-wire format into series of nested objects. Not the most efficient idea, but it was neat.

yeah, I thought I deleted it immediately but the deletes federate in weird ways. was a client bug.

deleted by creator

It’s much more than just “http requests”, honestly. A Matrix server and e.g. nginx have very little in common.

That’s what their docs say:

At an absolute minimum, Dendrite will expect 1GB RAM. For a comfortable day-to-day deployment which can participate in federated rooms for a number of local users, be prepared to assign 2-4 CPU cores and 8GB RAM — more if your user count increases.

That’s not accounting for Postgres.

I got that. What I mean is that you can easily have a tiny 256mb VPS for a bunch of static websites or even some WordPress and the official matrix servers would require you to easily double or triple the bill.

I looked into matrix servers the other day for an unrelated reason and tbh the amount of resources they ask for is way more than you need for a webpage (dendrite asks for 1gb ram minimum for a number of users, and that’s without accounting for postgres)

2M per BitMagnet instance. That’s about 18Gb in postgres. Not significant, but around where you start to think about query optimization.

BitMagnet isn’t a silver bullet. Its datastore use makes it rather unreliable past about 2M torrents mark.

Honestly, it’s hardly newsworthy given how sudo was a thing in windows for quite a while now. I use it pretty often, especially sudo pwsh for elevated shells.