https://github.com/jgraph/drawio/blame/dev/LICENSE <-- that’s … a rather specific and recent change. Is there a story here ?
https://github.com/jgraph/drawio/blame/dev/LICENSE <-- that’s … a rather specific and recent change. Is there a story here ?
You are aware that draw.io is itself open source and self-hostable: https://github.com/jgraph/drawio ?
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
Navidrome is another server that works pretty well, implements the subsonic protocol ( so all the apps that can cache and stream to your mobile device work). You can have multiple logins, or just share out playlists and albums individually to non-authenticated users.
MoCA is a way to send wired Ethernet up to (300mb/s, at least the version i have) over coax. Verizon fios would provide these devices to send internet to set top boxes over existing coax cabling, but you can get a pair of these devices and send Ethernet in on one side, and Ethernet out the other side.
I have noticed however, it adds a bit of latency to the connection, which may be trouble.
Depending on your use cases and apps, file locking can be problematic when sharing across SMB and NFS simultaneously, their locking semantics are slightly different
TacticalRMM is very comprehensive, self hosted, but more geared towards organizations managing a fleet of machines.
It’s uncommon for ‘public use’ ethernet ports to exist, unless they are clearly labeled. The ethernet ports might grant access to the internal network, which, is easy to accidentally do. A non-profit library with a limited budget might overlook all the extra protections on open ports (enable/disable ports as needed, use 802.11x port-based authentication, internal SSL, etc), that would be necessary to secure it. Or, even better; that RJ45 port might be wired up to an old PBX, and you may have fried their telephone system, or your own hardware.
https://pairdrop.net is FOSS, cross platform, realtime, peer-to-peer, and only needs a browser. You can host your own version if you prefer. In contrast, Firefox Send (also FOSS) was ‘asynchronous’ (you could upload, and then email a link), but it was shut down due to abuse. https://github.com/timvisee/send is a fork of the archived github project that you can self host with many improvements, notably authentication, so only yourself and trusted users can upload. (edit: wrong link for ff send)
IMAP on O365 now requires “Modern Auth”, which requires OAuth to authenticate access to mailboxes. Anything that connects via IMAP will need to be approved by the admins at this point (Including Thunderbird). Without the cooperation of your organization’s IT team, you are not going to get far.
Planka looks very promising too
If you use gitea, it’s just a few steps to enable it to be an OAuth2 provider. See Oauth2 Provider Docs
Not only do they not federate, they also seem to suggest they are not making the self hosting option as easy as it could be because they would prefer one instance that everyone connects with.
It seems pretty solid otherwise, and the self hosted option can work if you are willing to spar with it, but that position makes it super easy for one organization to buy or somehow influence all the primary devs and turn the project closed in no time at all.
Personally, I will use both: On servers with fixed network connections I will tend to use ifupdown; but on my linux laptops I’ll use networkmanager or networkd which tend to have nice UI’s for joining various forms of wifi networks. On my laptops for some VPN’s i"ll use the ifupdown configuration, which lets me setup all sorts of exotic configurations (bridges, vlans, vxlan, vpns, namespaces, etc.) The linux command line tooling has a litany of functions to check/test/diagnose/tweak networking settings, and they work across all the distros, AND they can reveal the full details of the network, as the kernel sees it. NetworkManager, networkd, connmann, etc, often omit details in the name of simplifying for the most common scenarios.
As an anecdote – I have been sitting on an elastic IP at AWS for years, with reverse DNS configured properly for it. Way early on (years ago), some spam filters would block the whole netblock, but I can’t remember the last time the IP Block was wholesale blocked. I think AWS is very much on top of any spam complaints from their Elastic IPs, and as long as you don’t abuse your specific IP, you are in good shape for light volume, non-spam mail.
LMTP support would be nice too: existing mail routing infrastructure could send messages into stalwart-managed mailboxes. (Edit: reading the docs, they do support LMTP! This is awesome)
A single binary can be invoked with different privilege levels. OpenSSH, for example is a single binary, but uses OS privilege separation when setting up connections from the root-owned daemon. (Just to be clear, I’m not sure that stalwart is using this technique, just that single binary apps do not exclude the possibility of OS privilege separation.)
What are you using for your DNS TTL value?
Revolt is kinda “centralized”. You can host your own version, but they seem to actively discourage you from doing so.