sxan

What are you folks using for self-hosted single sign-on?

I have my little LDAP server (lldap is fan-fucking-tastic -- far easier to work with than OpenLDAP, which gave me nothing but heartburn). Some applications can be configured to work with it directly; several don't have LDAP account support. And, ultimately, it'd be nice to have SSO - having the same password everywhere if great, but having to sign in only once (per day or week, or whatever) would be even nicer.

There are several self-hosted Auth* projects; which is the simplest and easiest? I'd really just like a basic start-it-up, point it at my LDAP server, and go. Fine grained ACLs and RBAC support is nice and all, but simplicity is trump in my case. Configuring these systems is, IME, a complex process, with no small numbers of dials to turn.

A half dozen users, and probably only two groups: admin, and everyone else. I don't need fancy. OSS, of course. Is there any of these projects that fit that bill? It would seem to be a common use case for self-hosters, who don't need all the bells and whistles of enterprise-grade solutions.

I had to. We should have Prague Fridays, or something.

So, the (c) on the scan is 2012, but I took the photo on BW film in late December, 1990. It's one of my favorites - probably the favorite - of my own pictures. Although, it's not the one I get the most print requests for from friends & family. It's funny how your own memories influence your artistic impressions.

Recommendations for a color, full duplex, laser printer?

Another printer company (Brother) has fallen to the allure of "remote disable" if they object to you using your own device in a way they don't like: trying to self-service, use third party inks, whatever. It's at their discretion. Given printers are the sorts of devices to which you tend to want to have network access, preventing this is a lot of work.

I've been looking at color duplex laser printers, and Brother has been at the top of the list, until they recently announcement that they'd disable printers using third party inks.

BIFL to me implies that the company isn't going to actively sabotage self-service, or restrict your usage of the thing, so I think this is an appropriate question for this c/.

My wife's work computer desktop background changed itself today, and she called me in to see it. I said, "that's a Saw Whet." Not believing me, she looked up the credits and said, "get out! It is!"

I owe it all to !superbowl. I couldn't have identified even a Snowy before this community.

Thanks, anon6789.

cross-posted from: https://lemm.ee/post/57615714

http://xkcd.com/936/

Not worth creating a project for, and it might be interesting to see what changes people would make.

Non-standard dependencies:

• words, for the dictionary
• zsh (this will probably work just fine with bash, though, too)

#!/usr/bin/zsh
# Author: @sxan@midwest.social
# 2025-02-23

final=(xargs echo)
count=6
while getopts d opt; do
	case $opt in
		d)
			final=(tr 'A-Z' 'a-z')
			;;
		*)
			printf "Password generator based on the correcthorse algorithm from http://xkcd.com/936//n/n"
			printf "USAGE: %s [-d] [#]\n" "$0"
			printf " -d  make the result all lower case; otherwise, each word will be capitalized.\n"
			printf " #   the number of words to include. Defaults to 6."
			exit 1
			;;
	esac
done
shift $(($OPTIND - 1))
[[ $# -gt 0 ]] && count=$*

shuf -n $((count * 2)) /usr/share/dict/american-english | \
	sed 's/'"'"'.*//; s/^\(\w\)/\U\1/' | \
	sort | uniq | shuf -n $count | xargs echo | \
	tr -d ' ' | $final

What's going on here:

Nearly 30% of the American dictionary (34,242) are words with apostrophes. They could be left in to help satisfy password requirements that demand "special characters," but correcthorse isn't an algorithm that handles idiot "password best practices" well anyway. So, since every word with an apostrophe has a pair word without one, we pull 2·N words to make sure we have enough. Then we strip out the plural/possessives and capitalize every word. Then we remove duplicates and select our N words from the result. Finally, we compact that into a space-less string of words, and if the user passed the -d option, we downcase the entire thing.

Without the user options, this really could be a 1-liner; that's how it started:

alias pony="shuf -n 12 /usr/share/dict/american-english | sed 's/'\"'\"'.*//; s/^\(\w\)/\U\1/' | sort | uniq | shuf -n 6 | xargs echo | tr -d ' '"

So, obviously not a real owl, but germane.

This was taken in Paris, in one of the side streets around Sacre Coeur, in 2010. It is a decoration set into a wall; the alcove was probably around 30cm high, so the owl figurine is small. I have no idea how long it'd been there, or why it was there; there was no plaque or other marking, and no other decorations on the wall.

I do recall that I took it from across the street and without telephoto, so this is massively cropped and this is the best resolution I have. The paint was more white and it was a brilliantly sunny day; I made it more warm in post-processing.

Sadly, this was before digital cameras came with GPS to stamp locations; I'm not sure if I could find this anymore.

cross-posted from: https://lemm.ee/post/55039423

I normally go for odroid for these sorts of things but have had a bad run recently.

What I want is a bare minimum computer I can hook to some externally powered speakers and run snapclient on. That's it; nothing else will run on it. It's part of a project to get audio casted into every room.

Arch, because I'm most comfortable with Arch; I don't have to learn any new peculiarities; Alpine would also work. deb and rpm-based distros aren't options.

It needs WiFi, or the ability to take a module. And of course an RCA out jack for the audio plug.

Cheap would be nice.

I have no experience with Pis, but there's a bewildering variety of them with varying capability; many don't come with WiFi, and some not even with audio out. It's frankly hard to tell what's the minimum Pi I can get away with for my use case, and what components I need to add on. I don't want to have to become a Pi expert just to get one device for this.

IME getting Arch running on odroid is a bit of work, and Mint or whatever they sell on the micro SD cards may be the worst distro I've had to deal with in recent years.

I'd love to try a RISCV board, but I feel like that's just asking for a whole different level of protracted tinkering to get what I want.

Basically, if I could get a plug-and-play Arch SBC with WiFi and audio out, even if I had to boot it first on ethernet the first time to set it up, for a good price, that'd be ideal.

What are good options here? So many Pis are for tinkering or as project components. Odroid seems like they're only half-heartedly doing business. RISCV is bleeding edge and still sounds fussy and iffy except for very specific problem domains. Micro PCs like Trigkey or Beelink are full desktop replacements and are both overkill for my use, and too expensive.

What do y'all advise?

This is an opinion. Not even a shower thought, but something that I just realized I could express succinctly.

I'm a TUI/CLI person. I look first for CLI programs, and only if I don't find a way to do it in a shell do I look at GUI alternatives.

I'm also a tiling WM person. I used i3 for several years, and then bspwm for a hot minute, and for nearly a year now have been in herbstluftwm. I'm at a point where hlwm not running on Wayland is the main reason I'm not on Wayland.

But at one point, before discovering the joys of tiling, I was a big KDE fan. So it's been interesting to find myself skipping Qt apps in favor of GTK apps when I have to use GUI apps; and just now I realized why:

When you pull a GTK app, only rarely does it link in a bunch of Gnome dependencies; when it does, it's usually pretty obvious in the name or description... "X for Gnome" or some such. But Qt apps are really bad about hooking in and pulling a bunch of KDE dependencies, launching KDE services, and generally trying to turn your WM into KDE, that I've learned to just avoid them. There's no reason for them to, unless it's because the KDE libraries provide so much functionality that isn't in the core Qt libraries.

Anyway, it just occurred to me why I have such a negative knee-jerk reaction to apps with Qt dependencies; I literally just filter them out as I'm scanning package lists.

I like Qt; I don't like that most Qt apps also depend on KDE libraries.

I have a situation where generics would be useful: a server (that I do not control or influence) with many API endpoints that each returns very similar json. There's an envelope with common attributes and then an embedded named substructure (the name differs in the return value of each call) of a different type.

Without generics, you could do something like:

type Base struct {
   // common fields
}

type A {
   Base
   A struct {
      // subtype fields
   }
}

type B {
   Base
   B struct {
      // subtype fields
   }
}

but then you'd need to either duplicate a bunch of API calling and unmarshalling code, or consolidate it and do a bunch of type casting and checking.

Generics to the rescue: subtypes become specific types for a general type:

type Base[T any] {
   // common fields
   Subfield T
}

type A struct {
  // subtype fields
}

type B struct {
  // subtype fields
}

It even looks cleaner! Ah, but the rub is that the marshaled field name Subfield is the same for every type: there's no way to specify a tag for a struct type so that Subfield is un/marshaled with a name specific to the type.

https://go.dev/play/p/3ciyUITYZHk

The only thing I can think of is to create a custom unmarshaller for Base and use introspection to handle the specific type.

Am I missing a less hacky (introspection is always hacky) way to set a default tag for any field of a given struct type? How would you do this?

This pattern - APIs using envelopes for data packets - is exceedingly common. I can't believe the only way to solve it on Go is by either mass code duplication, or introspection.