Authentik supports more authentication types and I think it’s more stable so you can use it in larger production servers. VoidAuth seems to be a lightweight alternative that only provides OIDC.

Both. How do I get started creating a new article, and how do I contribute to them, or other articles?

If you have caddy as a reverse proxy inside podman user namespace separated networks, they don’t take the upstream client IP address and instead you get local IP addresses assigned to logs. Socket activation is kinda required if you want to get the client’s real IP address in your logs.

I use openSUSE MicroOS as the container host, with podman. It was a bit tricky to install it in my Hetzner VPS and get used to how MicroOS handles system updates (it’s an immutable system), but I am quite happy with it. I found it interesting and decided to try out so I could learn how to use the system.

How do I get started on contributing to new articles (written by a human) for my language? I always wanted to help out but never found an easy way to do so.

With Encrypted Client Hello you can have some more privacy on obtaining certificates for wildcard domains, IIRC.

You can, you can create a profile based on a sensor. I had to install the it87 driver for Linux to identify the case cooling fans I had.

I had the same considerations when I self-hosted headscale as the controller for accessing my VPS. However, I figured that it shouldn’t be a big deal, and there’s no chance of someone registering rogue devices on your mesh, because, even though any device can request enrollment to Tailscale, ultimately you need to execute a command in your headscale server to confirm the enrollment/account creation, so there shouldn’t be that much of a problem leaving the web server exposed.

One more question, how did you manage to get the reverse proxy to proxy your pods? I just added two containers to one, and I cannot access the containers anymore by their names. Do I need to expose their ports on the pod configuration?

Personally, I would avoid host network mode as you expose those containers to the world (good if you want that, bad if you don’t)… possibly the same with using the public IP address of your instance.

My instance is only exposing the HTTP/HTTPS ports, those are the only ports enabled in the firewall.

It seems simple. Does it use pasta as the default networking backend? Also, I guess separating each app into their own network is added security, right? So if anything happens to one app, it cannot move laterally to the other apps unless it manages to gain access to the reverse proxy, which then it would be a huge problem.

For the panels issue, you can launch CS2, press Alt+F3 to open the window settings, go to configure special app settings, then set an option for the app so that it always launches in fullscreen mode.

I also added a shortcut to make games fullscreen by pressing Ctrl+Enter.

I believe this is a bug with KDE and should be reported to them. The same issue is reported on Valve’s repository but nothing has been done from Valve’s side to fix this issue.

EDIT: link for relevant issue: https://github.com/ValveSoftware/csgo-osx-linux/issues/3274

the workaround is written in one of the comments:

1. Open CS2
2. Press Alt+F3
3. Click on “More actions”
4. Click on “Configure special applications settings”
5. Add a property
6. Select “Fullscreen” (click on the “+”)
7. Select “Force” and “yes” for the “Fullscreen” parameter
8. Click on “Ok” (apply and close)

It’s still not an excuse to just ignore the security update because you might not be a target for hackers.

Just check your logs, there’s probably a dozen or more requests trying to access wordpress pages on your server, or login via SSH. They want to take over your server so it can be part of a botnet.

I think so, but if you check the official image you can definitely find out how to include custom plugins in it. I think the documentation might mention a thing or two about it too.

You can install the log transformer plugin for Caddy and have it produce a readable log format for fail2ban: https://github.com/caddyserver/transform-encoder

I had this setup on my VPS before I moved to a k3s setup. I will take a look at how to migrate my fail2ban setup to the new server.

The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.

I’d recommend Forgejo/Gitea as others have mentioned or https://sourcehut.org (instance available at https://sr.ht/)

Did you use SDL_VIDEODRIVER or SDL_VIDEO_DRIVER? The former one is the old parameter and the latter works. I am using it right now on a Wayland session.

There’s a GitHub issue tracking this bug. It seems like SDL3 was finally released and Valve “forgot” to compile SDL3 with Wayland support.

If you’re using Wayland, you can add a startup parameter to force the game to use X11 and it will work.

This issue is also affecting Dota 2.

I stopped reading when I read “Electron”.

I used Heroic a few times and it’s absolute garbage because it runs Electron.

They said they will offer these 2 versions side-by-side, but mark my words, a few months/years they will go with the Electron version and kill the GTK version.