All I need is for them to fix the public collection RSS feed bug where they embed “https,http” in the feed xml if you’re behind a reverse proxy - which breaks parsing

and has integration for Oxidized, smokeping, greylog and more

Thanks for the feedback - It was a systemd issue. Something caused it to continue generating slices for espanso until the machine locked up - probably spawned with each terminal. It happened on out of date fedora install 36 (when 41 was out) with gnome on it.

Since then I’ve moved to a window manager for all my machines and would likely invoke it the same way - perhaps now it’s time to revisit!

I used eapanso for a few years, but kept running in to issues with it spawning hundreds of versions of itself.

I really miss it though. Would you say it has matured?

We’re everywhere!

And search.

Ctrl +a and Ctrl +e for beginning and end of line are from Emacs.

GNU Readline is what provides them in the bash. There’s a bunch of shortcuts worth learning in there!

Most distributions I’ve tried use Emacs as the default shell binding style, some of the bindings are even available in things like appliance cli’s like Cisco IOS and clones.

Bash supports vi mode too, you just have to switch to it.

set -o vi

ZSH uses zle (ZSH Line Editor) instead of Readline, but I assume the Emacs style bindings have been copied over to zle for muscle memory portability. You can switch the keymap in zle,

bindkey -v

or set your own!

Yes. But also, despite having done it literally thousands of times, I still can’t tell you which way round to put the target and the link name for a softlink on the first go.

My first guess is always

ln -s $NAME $TARGET

No amount of repetition will fix this.

Sounds like you have reason to bump it up the list now - two birds with one stone.

I need to do this too. I know I have stuff deployed that has plaintext secrets in .env or even the compose. I’ll never get time to audit everything. So the more I make the baseline deployment safe, the better.

It’s common with rootless docker/podman. Something needs to start up the services, and you’re not using a root enabled docker/podman socket, so systemd it is.

Sounds like I won’t be using Vanilla because that (obsidian + synching + tailscale) is definitely my primary need.

The last time I played with it, I just remember thinking, cool - but why?

That’s what I was thinking, I know the pain of watching something run for ages, only to finally get past where it failed last time and run straight in to another stumbling block.

I don’t envy you having to work in an SELinux environment with less than stellar developer understanding of policies and contexts.

Is it not possible to run it in audit mode in dev and have it tell you what the would have blocked?

You’re a monster. My scps would go nowhere

It’s the right move.

I tell you, the first time you’re sat in front of a CEO and an auditor and you have to explain why the big list of servers has a highlighted one called C-NT-PRIK-5 is when the fun stops.

Explaining that it’s short for ‘customer network tester Mr. Prickles 5’, and is actually a cacti server never really seems to help the situation.

At least a few of the customers got a laugh out of it being on the reports!

Username checks out

You had me digging through old hosts files and ssh configs to find some of these.

I try to name them something that resembles what they do or has something to do with what their purpose is.

Short is good, and if it can match more than one of the machine’s purpose/os/software/look, the better.

If it’s some sort of personal machine, it gets a personal name

Phones

• traveller
• pawn
• rook
• bishop

Virtual Workstations

• boxy

• moxy

• sandbox

• cloud

• ship lxc container host

• dock docker host

Laptops

• ciel Razer blade stealth with a rainbow LED keyboard
• arc runs arch.
• lled is a dell

Desktops

• bench
• citadel
• bastion

They’ve stuck it under its own app entry. Both K-9 and Thunderbird end at 8.2 for suggested releases.

I just installed Thunderbird, looks identical, just a rebrand. They’re so identical the import function is seamless mostly seamless.

Not sure if it’s a quirk of GrapheneOS or just the way things are now, but for gmail accounts, you’ll need to go in to something like Settings > Account > fetching mail > incoming server and then hit next.

This will dump you back in to the google web login auth page, so you can approve the app for each account.

Otherwise, the sync and alert settings are copied just fine, so it’s good enough.

Unless you run your own davmail server and connected to that instead, probably not.

I bought the dbrand grip for the last 3 phones I’ve had, and it’s always been a great choice for me, highly recommend; but I shouldn’t have to spend $60 and increase the thickness of the phone by nealy 20% just to be able to hold on to the damn thing.