Paulo Laureano's Writefreely

Reader

Read the latest posts from Paulo Laureano's Writefreely.

from Paulo Laureano (EN) posts

I have been a client/user for a long, long time

I have been an Microsoft Office user since there was an Office package. I have been an Office365 user for half a dozen years (the company I work for is all-in into the Microsoft ecosystem) and use Microsoft Teams for eight hours daily.

I have been a Gmail user since the service was created. In addition, I have been a reseller for many years and have helped several companies take advantage of their ecosystem of apps.

I started using Nextcloud five years ago. I was looking into replicating some of the features I found in both Google and Microsoft in my personal life. So I self-hosted Nextcloud and started sharing it with friends and family. Much to my surprise and wonder, I found it to be an equally capable alternative to the previous two commercial options. It can be self-hosted or used hosted by a third-party as a service (SAAS) like the Microsoft and Google alternatives.

I like LibreOffice and OnlyOffice. Used both extensively for years. They both have a much better security track record than the Microsoft equivalent, and I honestly don't see the point of paying for a less secure proposition. While I understand some individuals have some limitations that make them have difficulty adapting to slightly different interface options, I never met a single one that could not make the transition. For many years the Microsoft offering was head and shoulders better than anything else on the market; I don't think that has been the case for years now.

I have personal biases... so take my opinions with a BIG grain of salt.

I have administered Linux and *BSD systems for 30 years. While I have no system administration responsibilities in my current job, I never stopped doing it.

While I understand the rush to cloud hosting, mainly when scalability is an issue, it is not a silver bullet solution and creates some problems. Price is one of those issues, and latency is another (if you have a mix of on-cloud and on-premises systems that are mutually dependent)—not even going to touch on issues like security, optimization, and backups. In addition, good system administration is not cheap and does not scale down well for small and medium-sized organizations. Also, it's hard even to grasp the concept of micro-companies and individuals being able to self-host projects with anything that resembles sound system administration practices. It is just too expensive and risky.

As a former professional with 30 years of experience, I have some options that most people don't have. For example, I self-host my social media (Mastodon, Writefreely, and Publii servers), Nextcloud, and Bitwarden services. The option to host the services makes me favor them compared to alternatives.

What about big(ger) companies?

If random scaling (up or down) is an issue, there is no alternative to the cloud. Organizations with thousands of employees have options regarding email services, group calendars, video/audio conferences, and contact management. Running email services internally and using Nextcloud may be a better fit. There are a lot of hurdles to doing it right, but keep an open mind because it can be done, and you can save a small fortune.

Email, in particular, would benefit significantly from (eventually being self-hosted and) changing paradigms: ensuring every internal email is at a bare minimum digitally signed and ideally end-to-end encrypted (using either S/MIME or PGP/GPG), and information should never leave the company systems. Impersonation (identity theft) would be a thing of the past; instead of the number one spear-phishing weapon in every hacker's arsenal. You need to self-host the servers to implement rules to reject every non-encrypted email message between internal emails, signed with recognized keys.

Encryption keys and client certificates should be hardware-based, locked, and centrally managed, and users should have zero capability to transmit them to third parties. Thus ending phishing attempts to steal credentials. In addition, requiring user touch (or biometric authentication) makes life much harder for attackers, even if the device is compromised.

I am a big fan of zero-trust environments and protected VPN tunnels to critical services, and all those should be hardware locked. You cannot exploit 0-days vulnerabilities in the software you cannot access.

 
Read more...

from Paulo Laureano (EN) posts

Mrnet.pt

At some point, I knew I had to write my version of the “new to mastodon” user guide. Plenty of good ones cover the basics well, so start by bookmarking this page to get back to it later and then explore.

Want a video introduction? The Linux Experiment has a good one: “How to use MASTODON: the COMPLETE GUIDE (join, use, find people to follow, etiquette...)”:

Picking a server (you can switch later effortlessly)

The “official guide to Mastodon” suggests that you should “somewhat carefully” pick up a Mastodon server to join from the “joinmastodon.org” list. That's fine as long as you find one that looks like a good fit for you.

  • Pay special attention to the instance allowed languages (i.e., some are “English” only, while others may cater to some specific language).

  • Some servers are themed around a particular interest (i.e., ones that only allow a specific topic or are filled with people that want to focus on it). There are “generic” instances where every issue is allowed.

  • Every server has a particular set of rules. The owner or moderators enforce these rules. Please read them carefully because it is easy to be expelled from a Mastodon instance. Some restrictions may be obnoxious and, for example, forbid users to use certain words or letters or promote or even talk about a particular topic.

  • There are many pros and cons to joining a big server. I want a server that is as fast as possible. On the other hand, I am not interested in “local” and “federated” timelines; I look forward to seeing the people I follow and their interactions with others. So for me, it's a personal server I self-host at mrnet.pt for friends and family.

  • You can have your own server, entirely administered by professionals, even if you don't know a thing about servers. For example, check out masto.host. NOTE: I have no relation with the company and never hired them, but their track record of hosting Mastodon servers is outstanding.

  • If you feel like looking at random strangers and don't mind being in crowds with a server that sometimes is not exactly the fastest, mastodon.social is probably your best bet!

  • If you want, you can switch to a different server later. So, don't worry too much. Just don't get expelled; that will complicate migration to a new server, assuming you want the people you follow and those that follow you to move along with your account.

Congrats on having created a Mastodon account!

Make a nice profile for your new account!

No one likes interacting with a faceless profile. Let people know who you are and what topics (hashtags) you are interested in. You will be surprised by how many people will want to follow you and interact with the content you post.

Now, follow people!

You need to follow at least 100 people; otherwise, your Mastodon feed will look deserted, and you will feel like you hear crickets. Since in Mastodon, there is no algorithm attempting to guess which posts you probably like to see; you need to populate your feed by following people. Some suggestions:

  • Look on the web for “Mastodon accounts worth following” (use Google or whatever search engine you like). The search engine will give you some suggestions.

  • From time to time, visit followgraph.vercel.app to find who the people you follow are following. It gives you some excellent suggestions of people you will likely find interesting.

  • Visiting other mastodon instances and looking at their “local” and “federated” timelines will probably help find exciting people.

One of the many five stars reviews on the App Store If you are on iOS (or an Apple Silicon Mac) ice cubes has an amazing super-power: you can follow “local” timelines from multiple instances, making small instances feels exactly like big ones. It's the App killer feature! Download and install it, even if you primarily use some other App (it is free and open-source).

  • Install Streetpass for Mastodon in your browser. This plugin will check for author links in articles you read on the web and suggest you follow the authors.

  • interact with people. Favorite (it tells the author you liked it and has no effect other than that) the post their best posts, and share (boost) the ones you find helpful or entertaining to your followers.

If you have a feed that feels too quiet, follow some wrong people. Over time you will make a better selection, but do build a network.

Post!

Give people stuff to read!

Set the language correctly in every post. You can set a default language on your Mastodon. Set it correctly when you switch to another language occasionally. Some instances have automatic translations, but for them to actually work, it is important that you inform them of what language you are using for each post.

Use hashtags in your posts! They do wonders for the discoverability of your content! Some people follow certain hashtags, not necessarily the authors that write on those topics, so give them something to work with.

Mobile Apps

If you are on iOS, you will be spoiled with fantastic paid Apps from top-rated authors; look at app store reviews, and you will find one good fit. The best free option is, by far, “ice cubes”.

On Android, I have no idea what your options are. Sorry. I am sure there are some. I heard about “Tusky for Mastodon” being good but never used it.

Desktop user?

Roam with Mastodon plugin

I use the instance site with the “Roam with Mastodon” browser plugin. This plugin gives you the equivalent of quoted retweets on Mastodon.

I heard wonders about “Elk” but never tried it.

Sometimes I use “ice cubes” (the iOS App) on my Apple Silicon Mac... but I am still waiting for a decent native Mac App that beats the web interface...

Are you have a blog or a website?

If you want banners to link to your mastodon account or timeline, look at fo.llow.social.

 
Read more...

from Host admin announcements

Hello there! Nice to meet you!

You are likely reading this because you attempted to deliver some emails to mail.plaureano.com and failed miserably. Assuming you are not a spammer or a hacker, and that is a big assumption, let's go with it: I have some recommended reading for you: https://snov.io/blog/how-to-avoid-spam-filters/

It's a jungle out there! Unfortunately, email is the most abused Internet service, so you must be careful about what mail you accept on your server and what you discard. However, there are some basic rules I have set on this server that you must follow; otherwise, I will not accept your messages:

Your DNS name must point to your IP. Your reverse DNS must point to your name. Easy pizzi, right?

DNS lookup and reverse

If you can write to me, I must be able to respond, meaning I will try to call you back (send you an email), and if you are using an open relay or refuse my email, I will not accept any of your messages. I will look up your DNS MX records for the domain you are using to message me and try to message you. It is only fair; after all, you contacted me first.

This should not bother you if you are a legitimate email sender. However, if you are a spammer, it forces you to set up at least an account that receives mail to the address you are using to spam people.

Your DNS must have a valid DMARC, SPF, and/or DKIM. Head to mxtoolbox.com and test your domain name. The report should look similar to the image below.

MX Supertool

While you are at it, check your status on blacklists for the domain. You see, people talk to each other, and some friendly folks compile and maintain lists of email servers that distribute spam/malware.

If all of this is too much for you to handle, set up an account with some professionally administered mail provider. Mail administration can be a pain; it is not for everyone.

Have fun, happy emailing, and take care.

Paulo Laureano

 
Read more...

from Paulo Laureano (EN) posts

Ring video doorbells

Basic concept: When someone presses the doorbell button, you get a video link to answer on your smartphone (iOS/Android), even if you are not home.

Extras: motion detection – you can find out who is at the door even if they don't push the doorbell button. Doorbells can be charged with solar panels (sold separately) or batteries (spares sold independently). Don't forget to buy a Doorbell chime (sold separately) to hear the doorbell ringing even without a phone.

Buy them at Amazon. I use the Spanish/Portuguese store.

Ring Cameras

Basic concept: Indoor and outdoor cameras (with floodlights) that report movement to your phone (and Doorbell chimes) if someone enters your house or yard. You get a live video link for each event.

Extras: Alarm sound, loudspeaker. Some models support solar panels, while others are wired.

Buy them at Amazon. I use the Spanish/Portuguese store.

Garage door opener

Basic concept: open garage doors with your phone/watch (even if you are away from home)

Note: the particular one I use is no longer available. However, there are several replacement options.

Buy them at Amazon. I use the Spanish/Portuguese store.

HUE Phillips lights/switches/sensors/etc

Basic concept: Led lights you can control remotely, dim, use to set a particular mood, etc.

Extras: too many to even mention.

Note: These things are expensive and addictive, which is a terrible combination.

Buy them at Amazon. I use the Spanish/Portuguese store.

 
Read more...

from Host admin announcements

The virtual machines

Both Mastodon (short-form blogs) and Writefreely (long-form blogs) servers are virtual machines (VMWare) running on my home network. Bandwidth is limited (1000/200Mbits), and I use Cloudflare Argo tunnels to expose the servers.

The virtual machines have plenty of memory (8Gb each), CPU (4 cores, 8 threads), and disk space (1Tb) to spare.

This should be fine (and faster than most Mastodon servers) for a few users. The servers are primarily for my personal use, so I will not let an excessive amount of guests fill them to capacity.

Backups

VMWare snapshots are used daily (this allows me to roll back to a previous machine state easily if something goes wrong during upgrades). Databases and server configurations are backed up daily. Every other day they are copied to another machine on my network. I make an offline copy of the backups monthly. There are no offsite backups.

This is enough for my personal data; I will give your account data the same level of protection I use for myself. If I die, become unable/unwilling to administrate the server, the house burns down, or something along those lines, you will lose your account. There is an obviously awesome solution to achieve different/better data security: host your own server!

Security

The only non-visible publically data is your e-mail address. I'll try my best (effort) to keep the servers updated and patched to the latest versions; however, I give no warranty of any kind against someone eventually getting to it.

You should use a unique password on these servers and (if supported) two-factor authentication. At the time I am writing this, Mastodon supports 2FA, Writefreely does not. It's your call to use two-factor authentication, but identity theft (of these social media accounts) is the most severe risk you are taking here.

it is essential you understand the risks as I have presented them to you. While I care about this, bad things beyond my control may happen. A terrific strategy to avoid/mitigate these risks is to delete your account or set up your own server to protect your personal data/identity.

My commitment to keep these servers running

I will keep them running for as long as I want or can do so. I do not plan to shut them down without notice, but shit happens. You will have the servers running for as long as I have them for myself. You can always run the servers yourself; if reliability and longevity are essential to you, that is the way to go.

Sometimes stuff will happen that I do not control, like electricity failing, computer components dying, etc. That's life. Again, you can achieve a different result if you host your own servers.

Being perfectly blunt: you are a guest, and the party may end at any time. There are no warranties of any kind that you will find a working server the next second after you read this.

 
Read more...

from Paulo Laureano (PT) posts

Upgrades em várias máquinas de linux (ubuntu servers e Mint desktops) fizeram a minha tarde. Correu tudo normalmente, com um par de horas de puzzles à mistura no caso dos upgrades para o Mint 21.1, mas não mais complicado que o expectável.

Pelo meio nasceu este novo servidor de Writefreely, muito pelo charme minimalista da plataforma. Eu adoro este tipo de abordagens. Tinha de experimentar a plataforma, gostei do que vi e vou manter a instalação.

Espreitei também o micro.blog, que é muito na linha do Mastodon, e de que não gostei particularmente. Em particular a ideia de não haver crosspostings (boosts), porque alguma coisa ser viral é forçosamente “negativa” decididamente não me agrada.

Gostei (muito) de ver em ambos os casos as respectivas comunidades a pagar hosting. O modelo de que uma coisa que custa dinheiro (a alguém) pareça ser gratuito é insustentável no médio/longo prazo. É claro que pode haver sempre malta super-generosa a pagar a festa de todos, mas duvido que escale ou dure muito tempo.

Eu não me sinto confortável como “convidado” dessas pessoas. Esse é um dos motivos que me levam a fazer hosting dos meus próprios servidores. Partilho os mesmos com familia e amigos, como partilho a minha casa quando recebo pessoas. Toda a gente sabe que a festa acaba quando não me apetecer pagar mais copos ou perder a pachorra para andar a limpar a casa. Há zero compromisso meu de manter a festa indefinidamente. É porreiro e divertido enquanto durar e quando acabar ficam as memórias.

Um amigo perguntou-me se não era uma situação precária usar o meu servidor de Mastodon. Se não era melhor ir para um que fosse mais estável e tivesse um compromisso de longo prazo com utilizadores... é. É melhor. Se isso for real. Talvez esse servidor seja mais lento em determinados momentos, mas fora isso, só vejo vantagens. Boa sorte a descobrir a base desse compromisso entre quem estiver a pagar as contas e quem estiver só a gozar o prato. É só uma questão de perspectiva e fé, se um servidor aleatório de Mastodon tem (de facto) um compromisso maior que qualquer outro.

É por isso que eu gosto do contexto de servidores pagos. Porque há uma relação contratual e o crescimento é sustentável, equilibrado e, se calhar, até apetecível para ambas as partes. Se por outro lado a aposta é de “ter fé” que quem paga as contas continuará a pagar, porque sim, e quem faz manutenção continuará a fazer, também porque sim... não me parece uma situação confortável. Pelo menos não é confortável para mim.

Prefiro mesmo pagar as minhas próprias bebidas, estar em minha casa, e receber por cá apenas as pessoas com quem gosto de partilhar o oxigénio. Se isso dura um dia ou anos? Sei lá. Estar vivo é uma condição precária e com um péssimo diagnóstico de longo prazo. Não sei se terei a mesma capacidade financeira que tenho hoje no futuro. Nada é certo, excepto que o destino das minhas contas está nas minhas mãos, depende apenas de mim, e em nada da boa-vontade de terceiros.

É exactamente como gosto que seja.

 
Read more...