Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

kbin.social

Starbuck , to Selfhosted in how to access nextcloud outside LAN?

Please set up Tailscale or a Wireguard VPN before you start forwarding ports on your router.

Your configuration as you have described it so far is setting yourself up for a world of hurt, in that you are going to be a target for hackers from literally the entire world.

thecrotch ,

before you start forwarding ports on your router

Don't you mean instead of? If all the OP wants to do is access next cloud, they can do it over the VPN without forwarding ports. What you're suggesting doesn't solve the problem of port 80 being an attack vector, and adds yet another attack vector (the VPN itself)

Starbuck ,

Realistically, yes. But it’s a phrase and it’s important that they start doing that first. Maybe it’s their intention to do it publicly.

Also, sure, but a Wireguard installation is going to be much more secure than a Nextcloud that you aren’t sure if it’s configured correctly. And Tailscale doubly so.

thecrotch ,

Wireguard installation is going to be much more secure than a Nextcloud

I understand that, and it's a good suggestion and a better solution if it fits the OPs use case. I don't understand suggesting they do both. Either VPN or port forwarding solve the problem, doing both seems unnecessary.

uzay , to Selfhosted in how to access nextcloud outside LAN?

To be honest, I would advise against opening your home network like that at all. A VPN would be much safer. If you use something like Tailscale it would be much easier as well and doesn't need opening any ports at all.

nodsocket , to Selfhosted in how to access nextcloud outside LAN?

If you want to be very secure, host a VPN and don't open any ports besides the VPN port. Then access anything as though you're on LAN.

Rentlar , to Selfhosted in how to access nextcloud outside LAN?

I've not set up Nextcloud myself, so a basic question first: have you already tried canyouseeme.org to check for the running service on that port?

If the service is not available, then either your server or the router isn't configured correctly. If it is, then the problem is in the software.

Tenkard , to Self Hosted - Self-hosting your services. in vpn on nextcloud?

It's an extra layer of security. Your nextcloud instance won't be reachable from anybody who isn't on your vpn, if a bug which allows unauthorized access gets discovered you will be protected, if they steal your nextcloud credentials you will be protected, but if you're on a device without the vpn you won't be able to access nextcloud.
As for the domain you can buy a random xyz for a couple of bucks per year so just do it

ProperlyProperTea , to Self Hosted - Self-hosting your services. in vpn on nextcloud?

Sure, you can use a VPN if you want to spin up the instance and connect to it without having a domain. You can always open the instance of Nextcloud to the internet later, when you buy a domain.

Get a cheap .XYZ domain if you just want to experiment with spinning up a reverse proxy.

milkytoast OP ,
@milkytoast@kbin.social avatar

honestly a .com was just about the same as anything else I think. could be wrong tho idk

beta_tester , to Selfhosted in vpn on nextcloud?

I'd use a free dynamic dns hoster

You can get SSL easily with ngninx proxy manager and letsencrypt

Easy setup with podman or docker compose nextcloud

https://github.com/nextcloud/docker#running-this-image-with-docker-compose

And

https://nginxproxymanager.com/guide/#quick-setup

Telodzrum , to Selfhosted in vpn on nextcloud?

This is all going to depend on your risk tolerance, overall attack surface, and network topology.

milkytoast OP ,
@milkytoast@kbin.social avatar

whats attack surface and network topology?

SGG ,

In very basic terms, and why you want to do them:

Attack surface is the ports and services you are exposing to the internet. Keep this as small as possible to reduce the ways your setup can be attacked.

Network topology is the layout of your home network. Do you have multiple vlans/subnets, firewalls that restrict traffic between internal networks, a DMZ is probably a simple enough approach that is available on some home grade routers. This is so if your server gets breached it minimises the amount of damage that can be done to other devices in the network.

BearOfaTime ,

If you don't understand these terms, you probably shouldn't be exposing any kind of port on your router. Seriously, not being snarky.

I used to teach multiple levels of Cisco classes, and I wouldn't expose a port these days, I don't know enough.

Instead, I'd recommend using Tailscale on a home machine and your mobile devices.

Using Tailscale, you can also selectively expose a service to the wider world (not just devices running Tailscale), using the Funnel feature.

I'd say it's your safest intro to accessing self-hosted resources from just about anywhere.

Edit: a couple years ago I opened a port helping a friend test something, I forget what. Within hours I was getting hammered with thousands of requests per hour, people trying to break in.

I wasn't worried because of the security we had, but it was annoying, and potentially a massive risk.

milkytoast OP ,
@milkytoast@kbin.social avatar

i would need to open a port even if i were to use a domain name correct? would hiding the ip behind a reverse proxy be enough? is nextclouds brute force protection not enough?

BearOfaTime ,

A reverse proxy helps, a LOT, like practically eliminating the issue because authentication happens at the proxy, not your port. I've never set one up, but I think your local system makes an outbound connection to the proxy, creating the tunnel. In this way no one ever knows what they're really connecting to - the proxy appears to be the endpoint.

Which is essentially what Tailscale Funnel does - they expose an interface, then encrypt a tunnel between your Tailscale network and that "proxy".

Same concept, just all rolled in to one thing, a check box and a little config info. TS Funnel will create the url to access your service. I suppose you could create another domain/url and have it redirect (or use a link shortener) to make it easier to share. I think by default it uses your Tailscale network name as the domain, and adds to it to define the service.

https://tailscale.dev/blog/funnel-serve-demo

milkytoast OP ,
@milkytoast@kbin.social avatar

first I have to find out if my ISP will even let me open a port lol

thanks tho :)

BearOfaTime ,

When you do something like Reverse Proxy or Tailscale, your devices make an outbound connection to the Reverse proxy (or with Tailscale it goes to their auth/directory service) using UPnP.

UPnP is standard protocol these days, and how pretty much any communication or gaming app works. The port opening is performed dynamically by the router, the port number is different every time an outbound connection is made, and it's ephemeral (both in the range and that the port closes after the session is complete). This isn't something that's typically blocked or disabled, as it would break all sorts of things.

https://en.m.wikipedia.org/wiki/Universal_Plug_and_Play

I may have misstated exactly how it works - I studied it when it was released, it became ubiquitous and always works, so I haven't stayed current or reread anything for a while. It just works (and man has it saved me a ton of manual port config).

MaggiWuerze ,

The fact, that I have to enable it on a device by device basis on my router speaks to the opposite. You shouldn't let some app open random ports on your router and you didn't need to do so for years

MaggiWuerze ,

Where do you live and whats your router?

milkytoast OP ,
@milkytoast@kbin.social avatar

Illinois, USA, the one xfinity gave me

MaggiWuerze ,
milkytoast OP ,
@milkytoast@kbin.social avatar

ugh so I gotta use the app? ew

MaggiWuerze ,

Does the thing not have a web interface? Usually 192.168.178.1 should get you there

milkytoast OP ,
@milkytoast@kbin.social avatar

yea it does, couldn't log in tho, idk. maybe I messed up user or something

I'll try some stuff when i get home

paradox2011 , to Privacy in "No expectation of privacy in public spaces" is a completely broken mentality.

The general public's apathy towards privacy is quite frustrating. I think there are laws that are pretty much what you outline here to one degree or another in various countries. Whether people respect them or whether the government respects them is a totally different thing though.

sik0fewl , to Game Development in Looking for some Lua alternatives to be embedded in a game engine

I've used Squirrel a bit ages ago and it worked quite well. Similar to Lua, but OOP and more C-style syntax.

I'm surprised Lua isn't working out for you, though. It seems like such a simple language. Although I just admit I've never used it before.

ZILtoid1991 OP ,
@ZILtoid1991@kbin.social avatar

The main issue with Lua isn't the language, but the API, which doesn't want to play nice with my program, and is poorly documented with the assumption that people only want to use the API in the simplest possible way, even at the cost of not using certain functionality.

porgamrer , to Game Development in Looking for some Lua alternatives to be embedded in a game engine

This is not a recommendation, but just a couple of days ago someone linked to this project, claiming similar goals to lua, great performance, and gradual typing:

https://cyberscript.dev/

I can't tell you what it's actually like though.

A more established, proven option is Haxe. Haxe has a lot of libraries but I think it's specifically designed to be batteries-optional. This Haxe VM in particular looks pretty impressive:

https://hashlink.haxe.org/

Haxe has the distinction of having been used to ship loads of successful games made by small teams with custom engines.

Another option designed for simplicity, low-complexity and easy embedding is wren:

https://wren.io/

Implementation is apparently only 4000 lines.

Cheesus , to Privacy in Do I need to be a resident of the EU to get their data protection or can I just be a citizen?

Mildly on topic: I recently moved to France from Canada, I'm not an EU citizen, and google isn't really sure if I'm on vacation or if I've moved permanently.

Every single website now asks me about cookie settings. Most have a reject all button, but occasionally I have to manually uncheck some sliders to protect my data. Time well spent.

My parents back in Canada always think it's some voodoo magic when Facebook shows them ads about stuff they've recently been 'talking about (AKA searching on Google.) Duhhh. Thanks EU!

Pantherina ,

In the EU it is illegal to save unnecessary Cookies without active consent. So the best you can do for your privacy is use Ublock origin with a cookiebanner list!

But this should only be for EU I guess

radek , to Fediverse in Mbin: A kbin fork that promises to never review PRs before merging them

It seems to automatically pull all changes from kbin anyway so I don't know about this consensus approach.

https://karab.in/m/karabin/p/340377/Usterka-z-crosspostami-nie-zawsze-sa-przyporzadkowane-odpowiedniemu-watkowi-matce-at-ernest

cacheson ,
@cacheson@kbin.social avatar

Hmm, that seems like not such a good look from Ernest. According to google translate:

I know, honestly it was on purpose. I noticed that forks sync changes immediately with /kbin. I wanted to check how they deal with this much-announced community-based qualitative code review. Answer: they can't cope. Quite an obvious bug was accepted in PR and domerged into the main branch :P It now works properly on the rifle ;)

Hopefully everyone can play nice and work together productively.

density OP ,
@density@kbin.social avatar

seems like you are saying ernest put thru an intentionally malicious PR to see what would happen? And what happened was exactly what is described? I mean, ya, thats what people will do.

ernest ,
@ernest@kbin.social avatar

It wasn't entirely intentional, it was actually my mistake. But I held off on pushing the hotfix for a while. It was a development branch, so these kinds of bugs were permissible - in this case, it just changed the order of related posts, nothing serious. It was quite easy to spot and fix. Slow and cautious acceptance of pull requests, something I spent a lot of time on, was the main accusation from the creators of forks. Hastily accepting them was a problem for me. I personally considered a consensus similar to that, but now I see it doesn't make sense. Someone needs to take responsibility. Personally, I believe that forks are the best thing that could have happened to the project.

melroy ,
@melroy@kbin.melroy.org avatar

It is good to really see your true nature now. I'm also think the fork is the best thing that could have happened for the community. It's a pity that you never started a conversation, but instead you still try to do mean things like this.

ernest ,
@ernest@kbin.social avatar

Oh c'mon, don't be mad. It's just a wrong sorting of posts, it's in an edge case, and seriously it wasn't intentional. I just wanted to check how such management looks in practice, how many merge accepts are needed, etc. I didn't mean to do anything wrong that could cause harm. I even push the same code to my instance to facilitate your tests ;)

But you're right - that's just my nature. I approach PR with very limited trust, whether they're mine or from others.

melroy ,
@melroy@kbin.melroy.org avatar

I know your approach on PRs. Hence the main reason of the fork. The community does believe in their people and the good in mankind. Only 1 approval is required from another maintainer for now. We are using C4 way of working.

ernest ,
@ernest@kbin.social avatar

I assure you that I didn't intentionally push incorrect code into the repository. These were my first lines of code in a really long time. I simply got involved in other things that I wanted to finish first, and I noticed the edge case in the meantime, but it wasn't a priority. I saw that you were syncing and I was hoping to benefit a bit from it once you fixed it. I didn't expect the review to happen so quickly. By the way, I was genuinely curious about how this project management method works because, you know, I've always avoided such an approach. Merloy, you know how much I owe you, and I appreciate what you've done for the project, as well as the other Mbin contributors. Our overall visions haven't always been the same, and I think it's great that kbin has been forked. You see for yourself how my work looks until the release - there are many things I'll be refining over time. That's why I've put a hold on all other PRs, and now I want to focus on this.

BaldProphet ,
@BaldProphet@kbin.social avatar

@ernest @melroy
lol this whole conversation is a microcosm of the open source community. I agree with ernest that forks are great and would add that they show that the open source system is working as intended.

HeartyBeast ,

“True nature” in this case appears to be slow and cautious. Shocking stuff!

TheVillageGuy ,

In hindsight maybe we should have responded by saying we merged your mistake intentionally to see how you'd respond.

i am not being serious of course, as that's not our community's nature. Even though it's allowed to gather proof, we (I am quite sure I can speak on behalf of the community here) would never intentionally introduce bad code into software which is being actively used.

Ernest, you have seen me before, pleading for you to change your ways, on all fronts. This, sadly, degrades the faith I have in your project being suitable for being used in production, from a pragmatic point of view. Kbin may be reliable, but you are not.

BaldProphet ,
@BaldProphet@kbin.social avatar

Ernest said he didn't introduce bad code on purpose:

I assure you that I didn't intentionally push incorrect code into the repository. These were my first lines of code in a really long time. I simply got involved in other things that I wanted to finish first, and I noticed the edge case in the meantime, but it wasn't a priority.

TheVillageGuy ,

Ernest has said many things in the past and many times has not lived up to his promises. So I doubt this words now. Also he's already contradicted himself on this matter.

ernest ,
@ernest@kbin.social avatar

Yeah, that's true. Real-life stuff was kinda more important for me at the moment than managing the project.

For me, it's straightforward: I pushed some dev code that wasn't even a complete feature, and it got approved in your pull request. That's why I was advocating for everyone to only merged their own PRs in the /kbin repository – so that each person could take responsibility for their own work. I won't go on about this any further.

TheVillageGuy ,

Real-life stuff was kinda more important for me at the moment than managing the project.

As it should be, always, for everybody, you won't ever hear me judge you on that, so please don't try to make me look bad by implicitly suggesting I am.

What you failed to do however is delegate, even temporarily, your responsibilities to people you trust. Instead you left people who trusted you dangling, only sporadically feeding them promises you would never fulfill. It seems keeping them on a leash was kinda more important to you than securing the future of kbin.

I won't go on about this any further.

I hope I'll never have to mention this again, so you'll never have to. Which would imply that you'll have come to terms and lived up to your promises, both recent ones and from the past.

ernest ,
@ernest@kbin.social avatar

Yes, I say this fully aware - there are many things that I have failed at. Much of what I said, I failed to achieve. However, I never wanted to keep people on a leash; I am more of a person who prefers to stay on the sidelines and engage in what brings me the greatest pleasure - coding, just like any other contributor.

Believe me, I tried to delegate tasks, had many private conversations and discussions. Perhaps it wasn't visible from the outside. However, in that mental state, the last thing I wanted to do was resolve conflicts among adults, and it all started to boil down to that. As @BaldProphet mentioned - "microcosm of the open-source community."

Moreover, there were too many different visions of the project, ignoring requests, etc. That's precisely why I decided to temporarily halt development, to secure the future of kbin. It was my decision, and as I mentioned, forking turned out to be the best thing that could happen. As you can see, the differences are not that significant, but it will be easier for all of us - especially since we can always draw inspiration from each other, and I don't think anyone has a problem with that.

However, I still maintain contact with many people, and sometimes they mention to me the attitude of certain individuals on mbin's Matrix - it is at least puzzling. In any case, I want to stay away from that and focus on my work with contributors who understand and prefer my approach.

TheVillageGuy ,

Thank you for your in depth, genuine, reply

Believe me, I tried to delegate tasks, had many private conversations and discussions. Perhaps it wasn't visible from the outside

I am sorry but I'm having a hard time believing you when you say that you were seriously trying to delegate, as not a single soul ever said anything which would remotely confirm this. I believe you had conversations, but they ultimately didn't result in anything in this context.

However, in that mental state, the last thing I wanted to do was resolve conflicts among adults

I am not sure how to interpret this as there were no conflicts that I'm aware of that needed resolving during your absence, everybody was just waiting

I am more of a person who prefers to stay on the sidelines and engage in what brings me the greatest pleasure - coding, just like any other contributor.

There's nothing wrong with being like that, there are other people willing to do things like resolving issues. Like me. I realize I appeared out of nowhere. As a new instance owner it took a while for me to notice, but when the situation became clear to me I was ready to jump in and help, just like all the other people who had offered their help (before me).

You've basically just admitted that you were either incapable of or unwilling to engage in structural problem solving and management of the kbin project. That's fine, but you should have reached out and informed the community as soon as you became aware of this.

forking turned out to be the best thing that could happen

Yes, forking can have positive side effects and perhaps having two versions in development synchronously can merit more than one. This however was not the proper way to achieve this and using it as an excuse to justify your behavior and inaction is unjust.

However, it is not too late. You can still do the right thing by starting delegation now, by clearly assigning multiple people to all essential tasks, and giving multiple people complete control of kbin.social, so that, should a similar situation occur in the future, you and the community will confidently know that the project will not grind to a halt again.

Then seek a constructive dialog with the mbin community and we can make the project, in it's current for, work. Together.

If you feel uncomfortable with or are have trouble doing any of this, as you've clearly indicated you'd rather spend your time on coding, you are always welcome to ask me for advice.

Never hesitate to ask for help.

Horza ,

At this point you are just evidencing that Ernest's judgement was spot on.

ernest ,
@ernest@kbin.social avatar

You see, I don't know how I would act now in hindsight. You have to take into consideration that, at the peak, hundreds of people willing to help appeared out of nowhere, people I didn't know at all. By nature, I am rather distrustful and approach new relationships cautiously - I really need a lot of time to get to know another person well. It's true that after some time, a certain structure began to take shape, but not everything is always as it seems at first glance - especially when so many strong personalities converge in one place. Perhaps it was a mistake that instead of addressing many things publicly, I tried to solve them in private conversations.

And you're right, anyone who knows me a bit knows that I have trouble asking for help. Sometimes, I take too much on myself, which is not good in the long run. I'm working on it. But this time was something more. I promised to take care of things, and under normal circumstances, it would probably be easy for me because I have some experience in resolving such situations. But these were not normal circumstances. I realized this too late. I was just overwhelmed by real life. So many problems collapsed on me that I could never have anticipated. These were the worst months of my entire life. I don't want to write too much about it or make excuses, but at some point, even getting out of bed or eating something became difficult. When I tried to get back to the project, the thought of the backlog and how many people I let down made me feel sick. That's why I'm really glad to be where I am now. I can only apologize to you and try to fix some mistakes. I need to do it at my own pace. I want to clean up the mess, find my rhythm, and then engage in broader communication with people. I'm still recovering on my own.

What I did was indeed a bit malicious, but I believe it was the only way to achieve the intended effect. The fact that I really like you all should not mean that I will be uncritical of your work. I don't want you to fully trust everything that comes from me - only in this way can we fully utilize the potential we have in developing the fediverse. Frontend errors are just a trivial matter; they can be quickly found and fixed. However, the situation is completely different when it comes to backend mechanics. Seemingly minor errors when I was developing karab.in made me undo them for weeks. With larger instances, there may not be a second chance. This is not a centralized system, you have to consider others above all. That's why I am so sensitive to it and have so many doubts about making changes.

It's not that I want to make things difficult for you. I really care about mbin developing in the right direction. I am curious about what the future will bring. I would like kbin to remain rather ascetic, subtle, and something that you need to learn and understand a bit, rather than having everything handed to you on a platter. Mbin can be a different face, with more features, bolder, and I know that you have many great ideas for it. A simple example is the labels for marking mods/admins/ops that you are currently working on - kbin has it marked in a subtle way with a faint left border outline - you can do it differently, and that's great. As someone very wise once said, "If it's not diverse, it's not the fediverse."

@melroy I am sure that this is just the beginning of our shared adventure. I hope you won't hold a grudge against me for long ;) Guys, I deeply regret that we met at this stage of my life, but as I say, all I can do is try to fix my mistakes. Thanks for everything!

HeartyBeast ,

You know you come across as incredibly toxic, yes?

HeartyBeast ,

What you failed to do however is delegate, even temporarily, your responsibilities to people you trust.

Possibly becausE - you kkkw, urgent real-life stuff got in the way

fr0g ,

Instead you left people who trusted you dangling, only sporadically feeding them promises you would never fulfill.

Now, you see, this is the part that I as an uninvolved observer who's just now catching up on the happenings do not get. Promises that were never fullfilled?
How long has or hasn't this actually been an issue? Because from what I can see looking at the codeberg commits, it seems like development stalled for how long, like a month or so?

I totally get not wanting to be left hanging and having some answers and pathway for how contributions can happen. But as you also agree on, I also get real life being more important and getting in the way sometimes. And in that sense, being out of it for a month or so does not exactly seem like an earth-shattering amount, even if it's annoying when it happens to be the project lead and not much can happen.

I just can't help but feel like all of this has been pretty impatient and premature, which also makes it hard for me to really understand the point of the fork, even if I can relate to the basic rationale behind it. But then again, I have no knowledge of the direct going ons and communications between the contributors and the events that led to this. So there might be a lot I'm just not getting.

TheAgeOfSuperboredom , to Fediverse in Mbin: A kbin fork that promises to never review PRs before merging them

Sounds like it'll be a disaster

abhibeckert , to Technology in Tools for collaboration

Yes there's software for this, but I think you can keep it simpler than that.

Just tell them to create a new spreadsheet every day (possibly by creating a copy of yesterday's spreadsheet). Obviously name the files by date. With a new directory for each month.

Also, it sounds like they don't have good backups. Help them with that.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • random
  • meta
  • All magazines