I am an enthusiast of Tech, gaming, food, culture, and all interesting things.
My advice: only forward ports 8080 and 443, then make sure that you have fail2ban or crossed properly set up on your reverse proxy. After that, you are pretty much fine as long as you keep on top of updating your containers.
I would be careful about which apps you proxy. Idk why you need to access the admin portal for pi hole worldwide. If you really want to do that, you should set up a vpn.
I use a Kerrigan, but I’m a debian guy.
Apple probably just lets it happen.
Yeah, I agree, I don’t like that aspect of flatpak development either. The idea that the containerization is supposed to provide some kind of resistant form of a sandbox that prevents malicious programs from breaking into your system; I don’t buy it.
Look, you need to trust your application sources, there is no way around that. The idea that this is supposed to be a “safer” way to install software than any other package manager is silly.
I still like that flatpak apps are separated from your system and locked to their own dependencies because it makes these apps more portable to different distros. But not for security reasons.
I really like flatpak! But it has its limitations. Thats okay!
There is just a space for containerized images of desktop apps that are distro independent. Linus talks about this at a QA, but having a maintrainer for every app and every distro under the sun is just a waste (he used his diving app as an example). Flat park is a good solution for packaging up apps, and it makes sense for stand alone apps that have a lot of moving parts and don’t need to integrate with the rest your intro. Their are basically 5 apps that I use everyday that install through flatpak. Stuff like discord and Joplin.
At the same time, if something is supported through the distro package manager directly, I would rather install through that. Especially for core system components, but also for apps that aren’t really daily drivers for me. I definitely feel like I have to actively maintain flatpak installations, so if I can install without a flatpak, I would rather not. For small apps, especially simple command line apps, their probably isn’t that much maintenance work to get them on the distro anyway.
I feel like, at this point, it has more than proved itself as a general purpose desktop scheduler. But there are situations where you would want something different but a lot of software depends on it anyway.
I also kinda don’t understand the hate toward the project itself, other than hearing some of the technical guidance on it has been a bit arrogant in the past or something. Sounds like sily open source drama to me honestly.
People are saying that it is a cloud managed reverse proxy, but I would not recommend using it like this. You should be running a reverse proxy on your own hardware, imo.
It is still useful because you can use it as just a proxy. You can point your dns to your cloudflare tunnel endpoint and cloudflare will screen all traffic going to your server. I’ve actually stopped using it, but it is a decent way to auto feel all the random internet traffic pitfalls like portscanning bonnets. Also putting something between your server IP and your domain is nice.
Oh, are you using Podman on windows? Yeah, it needs a virtual machine because it has to load the linux kernel. I would definitely believe that the windows version (or mac, I guess) of podman is way heavier than the alternatives on those platforms, but on linux it just ends up using the host kernel.
If you are doing this on linux, and still need to load a vm to use podman, that would be interesting. I haven’t run across that, but I haven’t been able to use podman too much.
Wow, 4 watts? That’s a lot. Any insight on what is taking up all this extra energy? I thought that podman would be thinner than docker honestly.
I love porkbun, but I am currently having an issue with their 2FA implementation. Their customer service is very responsive however.
That also helps linux. Tried watching something on someone else’s peacock account logged into Linux, and got an error. Checked Google to see if it was available. A free site had it, in better quality streaming too! We ended up using her computer, but I was kind of amazed.