Well, it startend with conduit. That was a respectable name. The development slowed down and someone wasnt happy abput not getting pr merged. Then it got forked to conduwuit.

Speed picked back up. There was later a massive meltdown for some reason. To successors emerged continuwuity and tuwunel.

Oh I missed that. Oh no. Rolling your own crypto, surely nothing can go wrong.

For a discord or Telegramm alternative it doesnt need to be e2e.

It’s also a lot harder to make money with open source. You would need to find something to offer on top for money. That can be hosting (nextcloud), support (redhat), consultation (hyper) or additional features(zeds AI offering).

In a side node: when building for geentoo it should be possible to build all rust libs as dylib. The compiler only offers a stable abi for the same version and all flags being equal. When building everything yourself that should work at the coat of updating the compiler requiring a complete rebuild of all libs.

I should have been more clear.

I meant for self hosting.

Though realistically, even if the service is provided for the public, you could just use an instance of keycloak or something similar with open registration. That’s what an association I’m close to is doing already.

By default, the Credentials provider does not persist data in the database. However, you can still create and save any data in your database, you just have to provide the necessary logic, eg. to encrypt passwords, add rate-limiting, add password reset functionality, etc.

That is exactly the complexity I wouldn’t want. With just SSO it is enough to send a redirect URL to the browser and on the callback set a cookie. No js needed. If your service gets compromised and someone leeks the credentials, just log everyone out.

If i created a service I would go in the opposit direction. Only offer SSO and no other option.

You loose quite a bit of complexity that way.

You say you are on a budget. Yet you talk about 128 Gigs of ram.

Maybe you should clarify what your budget is.

Turns out, there are companies that will do that for you for money.

Its timing based. When piped a script, bash executes each line completly before taking the next line from the input. Curl has a limited output buffer.

1. Operation that takes a long time. Like a sleep, or if you want it less obvious. A download, an unzip operation, apt update, etc.
2. Fill the buffer with more bash commands.
3. Measure on the server if at some point curl stops downloading the script.
4. Serve a malicious payload.

They can even serve a different file for curl vs curl|bash

I think the Problem is the kernel dumping RAM to disk in crash. Potentially containing secrets.

I manage all my services with systems. Simple services like kanidm, that are just a single native executable run baremetal with a different user. More complex Setups like immich or anything that requires a pzthon venv runs from a docker compose file that gets managed by systemd. Each service has its own user and it’s own directory.

If a service doesnt offer Oidc, just dont self host it. The SSO service can then be properly secured and even if its only a password, at least its not reused.

Careful. Not every fascist is a nazi. From what I can tell he is only the former and not the latter.

You can get your ds to boot any room you want.

I’ve clarified my point.

They are not hiring employees. They are searching for an independent contractor. That is a small but important difference.

Edit: added cursive parts to clarify.

At least in the beginning the scrapers just used curl with a different user agent. Forcing them to use a headless client is already a 100x increase in resources for them. That in itself is already a small victory and so far it is working beautifully.