cross-posted from: https://lemmy.ml/post/26304038

from the OpenSSH 9.9p2 release announcement:

This release fixes two security bugs.

Security
========

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Password is right in compose and config. Idk what else to do.

A distributed streaming platform that can run on Raspberry Pi 5.

Last October, at a conference we shared a demo running Fluvio and Stateful DataFlows on a Rasperry Pi 5 running an object recognition pattern.

Fluvio is a distributed streaming runtime for building event driven analytical applications.

Relevant for Builders who are writing applications in Rust. Software & Data Architects who are building intricate data processing workflows to build intelligent applications using Rust, Python, or JavaScript, and of course SQL.

Fluvio currently is version 0.15.2, closing towards version 1 steadily. The past release notes and features are here - https://www.fluvio.io/news/

Documentation updated as of last release - https://www.fluvio.io/

We released a benchmarking utility in v0.15 and a blog showing some basic benchmark runs here : https://infinyon.com/blog/2025/02/kafka-vs-fluvio-bench/

Would love for you awesome people to try it out and share your experience.

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting

Within the past couple months, I saw someone's pet-project where they were cobbling together a self-hostable FOSS app/service to allow people to collaborate on travel planning. It included note taking, images, possibly some functionality around dates, and a map to drop pins and see a route (I'm not sure which backend but I would guess OSM).

Now I can't find it. :(

Does anyone use an app like this? Does anyone have any recommendations? My needs are loose - my only requirements are a FOSS license and to be self-hostable.

Thanks for ideas/suggestions.

Would you be able to host instances for stuff like mastodon and peertube on a raspberry pi more specifically the raspberry pi 5

Hello, I have set up a synapse homeserver with email support, but i get one of two errors, depending on what smtp port i'm using:

465:Unable to add email address
MatrixError: [500] An error was encountered when sending the email (https://tanuki.gay/_matrix/client/v3/account/3pid/email/requestToken)

587: fetch failed: NetworkError when attempting to fetch resource

anyone know of a solution to this? can provide configs on request.

i created a browser-based tool for p2p file transfer where it doesnt use any backend for storage. instead, it relies on storage provided by the browser.

https://file.positive-intentions.com/

• my methods have been:

• use trilium for any detailed notes and documentation

• memos for random thoughts especially if shorter

• pen and paper when offline or on mobile because mobile trilium and moememos both suck

• zotero for citation and bibliography manager

• backed up to nextcloud

• i have paperless-ngx but found it randomly errors a ton of things and zotero is fine.

• considering if it’s worth it to have so many different spread out methods

• theyre fun to use but it creates more chaos then needed

When I first set up my web server I don't think Caddy was really a sensible choice. It was still immature (The big "version 2" rewrite was in beta). But it's about five years from when that happened, so I decided to give Caddy a try.

Wow! My config shrank to about 25% from what it was with Nginx. It's also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I'm not like "into" configuring web servers. Caddy made this very easy.

I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That's great. But what's even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.

I've been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what's necessary for Nginx.

https://jellyfin.org/docs/general/networking/nginx/#https-config-example

In Caddy that became

jellyfin.example.com {
  reverse_proxy internal.jellyfin.host:8096
}

I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you're not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.

🌟 Self-Hosting Journey Update! 🌟

After weeks of work, I'm excited to share my self-hosted setup! 🎉 I'm running everything on a Raspberry Pi 500 with Stormux (Arch Linux ARM-based), 8 GB RAM, and a 512 GB SD card (planning to upgrade to SSD or NAS as soon as I can afford it). Here's what I’ve built so far:

🔧 Services in Action:
- Development: Forgejo, Code-Server, Woodpecker CI
- Productivity: Joplin Server, Monica CRM, Homepage dashboard
- Monitoring: Prometheus + Alertmanager, Grafana, Netdata, Uptime Kuma
- Networking: AdGuardHome + Unbound, Tailscale VPN
- Tools: MiniFlux, Linkding, TheLounge
- Management: Portainer, Cockpit, Watchtower

🔒 Security & Access:
- Caddy + Cloudflare Zero Trust/Access for reverse proxy & SSO
- FirewallD + Fail2ban for extra protection

📧 Emails Powered by Zoho ZeptoMail:
All email-capable services (e.g., Forgejo, Joplin) are configured for reliable notifications.

💾 Backups: Using IDrive's 5 TB plan for peace of mind.

This journey has been challenging yet rewarding! 🚀 I'd love to hear your thoughts—especially tips on scaling storage or optimizing performance. Let's chat! 💬

#SelfHosting #RaspberryPi #Linux #ArchLinuxARM #Stormux #Tech #OpenSource #DIYTech #HomeLab #CloudComputing #AdGuardHome #Grafana #Prometheus #CodeServer #Portainer

@selfhost @selfhosted @selfhosting

I've gone handwritten, obsidian, onenote, and now Trilium. Considering switching to something else because there is no offline mobile support.

I use memos and trilium together but since neither offers mobile offline support considering switching both. No reason to run two services when I could run one.

Considering:

• Joplin
• Logseq
• SiYuan
• ?

Just wanted to share in case others encounter this dumb issue.

I've noticed that with time, my homelab is growing and with this comes complexity and time required to maintain. A big challenge is keeping on top of updates of firmware and key components (router and NAS, with pfsense and Truenas Scale respectively). What area people doing to ensure they keep on top of their homelab?

I have LMS at its latest version (8.5.3) installed on a VM. I hadnàt updated for a while and so decided to do so. To my surprise, I learnt that Logitech Media Server is now called Lyrion Music Server. Has anyone migrated from one to the other in a non-painfull way? I did a quick search. There are some guides for Synology and QNAP servers but I was after a more generic guide for pure docker. Anyone come across any?

I recently update pfBlockerNG on my pfsense box and after login in several days after I have loads of messages saying: "pfBlockerNG ASN - To utilize the ASN functionality, you must register for a free IPinfo Account. Review IP Tab for more information." Once I register are they going to start collecting data every time pfSense querries their ASN database?

cross-posted from: https://lemmy.world/post/24674369

I have some downtime at the moment so I'm thinking of reviving my personal blog again. I have enough experience with managed services that I'm reasonably confident to self-host. I'm aware that WordPress / Drupal / Joomla will most likely do what I want, but they're way overkill for my needs and I don't need the extra headaches.

Currently I'm leaning towards ghost, even though activitypub is only in alpha as far as I know. Plume isn't actively maintained any more, which is a shame. WriteFreely is a great project but doesn't suit my aesthetics and doesn't support themes as far as I know. I know connecting a flat-file CMS to activitypub is possible, but seems like way more trouble than I'd like to go to.

Is there anything I've missed that I should be looking at?

I'm new to self-hosting and struggling to get my services accessible externally. I'm using Traefik as a reverse proxy on a Raspberry Pi 500 running Stormux (Arch Linux ARM-based). My public IP resolves correctly via Dynu DNS, and ports 80 and 8444 are forwarded in my router. I've configured Traefik to use port 8444 for HTTPS, but external connections time out. I’ve tried:
• Forwarding ports 80 and 8444 in my router
• Allowing ports in iptables and FirewallD
• Setting my router's firewall to low security
• Verifying Traefik is listening on port 8444 locally (works with curl)
• Using Authelia for authentication (middleware configured in Traefik)
Internal access works fine, but external access fails. Could this be an ISP block or something I’m missing? Any advice is appreciated! 🙏
#SelfHosting #Traefik #RaspberryPi #DynuDNS #ReverseProxy #Networking #Help #Tech #Technology #Linux
@selfhost @selfhosting @selfhosted @linux

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

• Open Source
• Cross platform
  • PWA
  • iOS, Android, Desktop (self compile)
  • App store, Play store (coming soon)
  • Desktop
    • Windows, Macos, Linux (self compile)
    • run index.html on any modern browser
  • Decentralized
• Secure
  • No cookies
  • P2P encrypted
  • No registration
  • No installing
• Messaging
  • Group Messaging (coming soon)
  • Text Messaging
  • Multimedia Messaging
  • Screensharing (on desktop browsers)
  • Offline Messaging (in research phase)
  • File Transfer
  • Video Calls
• Data Ownership
  • Self Hosting
  • GitHub pages Hosting
  • Local-Only storage

Check it out!

• App: https://chat.positive-intentions.com/
• More info: https://positive-intentions.com/blog/introducing-decentralized-chat
• GitHub: https://github.com/positive-intentions/chat