- 0 Posts
- 17 Comments
You are aware that draw.io is itself open source and self-hostable: https://github.com/jgraph/drawio ?
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
MoCA is a way to send wired Ethernet up to (300mb/s, at least the version i have) over coax. Verizon fios would provide these devices to send internet to set top boxes over existing coax cabling, but you can get a pair of these devices and send Ethernet in on one side, and Ethernet out the other side.
I have noticed however, it adds a bit of latency to the connection, which may be trouble.
If you use gitea, it’s just a few steps to enable it to be an OAuth2 provider. See Oauth2 Provider Docs
Not only do they not federate, they also seem to suggest they are not making the self hosting option as easy as it could be because they would prefer one instance that everyone connects with.
It seems pretty solid otherwise, and the self hosted option can work if you are willing to spar with it, but that position makes it super easy for one organization to buy or somehow influence all the primary devs and turn the project closed in no time at all.
Personally, I will use both: On servers with fixed network connections I will tend to use ifupdown; but on my linux laptops I’ll use networkmanager or networkd which tend to have nice UI’s for joining various forms of wifi networks. On my laptops for some VPN’s i"ll use the ifupdown configuration, which lets me setup all sorts of exotic configurations (bridges, vlans, vxlan, vpns, namespaces, etc.) The linux command line tooling has a litany of functions to check/test/diagnose/tweak networking settings, and they work across all the distros, AND they can reveal the full details of the network, as the kernel sees it. NetworkManager, networkd, connmann, etc, often omit details in the name of simplifying for the most common scenarios.
As an anecdote – I have been sitting on an elastic IP at AWS for years, with reverse DNS configured properly for it. Way early on (years ago), some spam filters would block the whole netblock, but I can’t remember the last time the IP Block was wholesale blocked. I think AWS is very much on top of any spam complaints from their Elastic IPs, and as long as you don’t abuse your specific IP, you are in good shape for light volume, non-spam mail.
A single binary can be invoked with different privilege levels. OpenSSH, for example is a single binary, but uses OS privilege separation when setting up connections from the root-owned daemon. (Just to be clear, I’m not sure that stalwart is using this technique, just that single binary apps do not exclude the possibility of OS privilege separation.)
https://github.com/jgraph/drawio/blame/dev/LICENSE <-- that’s … a rather specific and recent change. Is there a story here ?