Actionable

Ideas found online, where I’ve defined an action to be taken.

Alter Ansible's output on debugging

If you’ve used Ansible, you’re likely very familiar with this default output when a playbook runs a few tasks: the green indicates “ok” and unchanged, and the yellow indicates that a task has reported a change on the remote node.

Basic Ansible output

When we invoke ansible-playbook with a -v or two, the output becomes more verbose, and simultaneously quite difficult to read:

Debugging output

Serge tweeted something last night which I first looked at on a small mobile screen and didn’t really “see” as being interesting, but when I gave it another look this morning it made a lot of sense, and I want to demonstrate what that does.

Serge's tweet

I typically use a shell-script “wrapper” to invoke Ansible playbooks, and I keep that ./a shell script alongside the playbook. As “lazy” as I am, I typically alias a to ./a to further simplify my life. (And while we’re at it, I am not a friend of hash bangs and YAML files made executable because YAML isn’t executable.)

From today, as per what Serge suggests, my wrapper script looks like this:

#!/bin/sh

echo -n "$@" | grep -q -- "-v" && export ANSIBLE_STDOUT_CALLBACK=yaml

ansible-playbook test.yml "$@"

What that does is to detect I’ve invoked my wrapper with one or more -v (the grep is quiet) and then sets the stdout yaml callback , which produces much more readable output:

Debugging output with YAML

Thank you, Serge.

Need help setting up systemd-resolved for the first time

I want to switch to using systemd-resolved on my computer but having trouble setting it up the way I would like. This is the output of resolvectl (x.x.x are the DNS servers from my ISP).

Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 127.0.0.1 DNS Servers: 127.0.0.1 8.8.8.8 Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888 Link 2 (enp2s0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 59 (wlan0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: x.x.x.1 DNS Servers: x.x.x.1 x.x.x.2 Link 72 (wg0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 10.0.0.25 DNS Servers: 10.0.0.25 DNS Domain: ~. 

I have 3 DNS servers. One is 10.0.0.25 which is a dnsmasq server running behind the wireguard vpn (on wg0 interface). This dnsmasq server has mappings for "single label domains" like address=/host1/10.0.0.30. If I do ping host1 on my computer I want it to return 10.0.0.30. It's a corporate vpn not a privacy vpn so not all domains need to go through it, just single label ones (anything without a dot).

Then I have another dnsmasq server running locally on my computer at 127.0.0.1. It has mappings for a few local TLD's like address=/test1/127.0.0.1. I want this DNS server to only be used if the DNS request ends in one of those domains like .test1 or .test2. So if I do ping x.y.z.example.test1 the request should go to this dnsmasq server and return 127.0.0.1.

Finally there's 8.8.8.8 which is google's public DNS. Anything that isn't ending in .test1 or isn't a single label domain like host1 should go there (instead of through my ISP's DNS server of x.x.x.1 and x.x.x.2 shown in the output).

First of all is what I want even possible? Especially with the single label domains?

I've been reading the documentation for systemd-resolved but am still a bit lost. Could you please tell me what the output above would have to look like for me to get the behavior I want? Or what config files I need to change to make it work?

submitted by /u/nowboarding to r/linuxadmin
[link] [comments]

I was desperately learning DevOps. Please give 2 minutes to my this post.

I haven't made a lot of smart choices. Nearing 40, I am nowhere near the standing I wanted to be when I was young. A raging introvert who was content with where life was just taking me. I had no real drive, purpose or motivation to plan out my path.

What made me realized how impactful this career choice was losing something I really loved and cared so deeply for. It made me realize that the one solid choice I've ever made in my life that could actually help me redefine myself and give me a purpose. That's when I sat my ass down, opened YouTube, Google and find the best playlist tutorial for learning DevOps. It was my decision to sit down, open up a playlist for DevOps, Docker tutorials suggested somewhere and start taking notes.

I'm trying to give as much to community as I can. It took me over two years to create this (Free) DevOps Docker Courses (https://www.youtube.com/channel/UCoOq-DtESvayx5yJE5H6-qQ/playlists?view=1&sort=lad&flow=grid)

I put a lot of effort into making this series for SysAdmin and Fullstack beginners. It covers the basics of CICD, how your apps are deployed in live environment using Containers, Kubernetes Pods, Deployment, Services, Jenkins Setup, Docker, Podman, Minikube, Ansible, ELK, Git, most used commands, Tools pipeline with Sonarqube quality testing, Artifactory to manage binaries, playbooks, real life use cases, deploying docker containers using ansible, how to convert your playbooks into roles, Zone monitoring contains docker, windows and linux server etc! .

I want to thank each and every person here who has taken, and continue to take the time to support me. Everyone who knows the struggle and the fear of failing and keeps supporting those who are struggling and afraid. I am eternally grateful for all of you guys.

I am excited to hear from you, folks.

submitted by /u/PastHippo3585 to r/linuxadmin
[link] [comments]

An Ansible reference sheet

The idea for an Ansible reference (or cheat) sheet was reborn last week at the Linuxhotel; a few students who knew they would be receiving a tmux mug as a gift when leaving asked why we don’t give out Ansible mugs.

One person approached me and said mugs are impractical: most people already have their favorite beverage mug, mugs have little space for information, and they typically find their way into the back of some kitchen cabinet. Why don’t we consider a nicely-printed DIN A3 sheet on good (plastified) paper? I thought that a good idea.

Ansible cheat sheet

And so began the work of gathering the information I wanted to present and packing it onto a double-sided A3 page. I’d have very much liked to add details for our advanced course, but there’s simply not enough space on these two pages. (If your eye sight is very good you might be able to read it when printed on A4.)

So, here’s the reference card, and please let me know if you have feedback.

DNSViz at home

One of the most useful DNS and DNSSEC debugging utilities I am aware of is DNSViz – a tool for visualizing the status of a DNS zone:

it provides a visual analysis of the DNSSEC authentication chain for a domain name and its resolution path in the DNS namespace, and it lists configuration errors detected by the tool

It has enabled me to to “see” issues with domains which are otherwise very difficult to determine, and it is a site I strongly recommend in DNS/DNSSEC courses.

a small portion of a domain visualization

DNSViz presents a domain on a Web page and I can hover over individual elements to see details about them, as the example above demonstrates. (See the full output here.) Domains are typically visualized from the root down to the domain I wish to test. DNSViz keeps a history (which was unavailable for a long time) so I can “walk back” in time looking at previous analyses.

DNSViz is also exciting to use on your own DNSSEC-signed domains, and note that this excitement extends to a possible requirement for smelling salts: will the page display portions in red (i.e. bogus or kaputt)?

That was not a joke. :-)

I wanted to try DNSViz in a self-hosted environment, as the software is open source, and opted for the easiest mechanism: a docker image.

I also cloned the dnsviz/dnsviz repository as I later discovered the program can produce the “HTML format”, i.e. exactly the view we see on at DNSViz, and I copied the required CSS and JS files into their own directory:

$ ls -1 web/
dnsviz.css
dnsviz.js
jquery-1.11.3.min.js
jquery-ui-1.11.4.custom.min.css
jquery-ui-1.11.4.custom.min.js
raphael-min.js

Then I assembled the commands (probe, graph) needed to produce the PNG, and HTML (SVG is also possible), and massaged the HTML to use the assets from the web/ directory:

#!/usr/bin/env bash

z=jpmens.net

docker run --network host -v "$PWD:/data:rw" dnsviz/dnsviz \
	probe -A -a . --nsid --pretty-output -o $z.json $z

docker run -v "$PWD:/data:rw" dnsviz/dnsviz \
	graph -r $z.json -T png -O

docker run -v "$PWD:/data:rw" dnsviz/dnsviz \
	graph -r $z.json -T html -O --rr-types SOA,NS

sed -I "" -e 's,file:///usr/share/dnsviz/css,web,' \
	  -e 's,file:///usr/share/dnsviz/js,web,' $z.html

And I have the program generate the visualization:

$ ./run.sh
Analyzing .
Analyzing net
Analyzing jpmens.net

The resulting PNG and HTML differ here, because for the HTML I’ve limited the RR types to SOA and NS, but otherwise they contain the same information. The probe phase produces a JSON file containing serialized responses to queries for the specified domain.

I can specify my own resolvers, ask the program to query authoritative servers only, and use the “print” subcommand to assess specified domain names based on the content in the JSON file. If need be, I can also use an alternate trust anchor, permitting the tool to be used in private roots as well.

I thought interesting what Guillaume-Jean Herbiet mentioned to me: they use a self-hosted version of DNSViz to test the semantic validity of signed zones before publication.

I then install the program so that I no longer need docker.

$ brew install dnsviz graphviz

Peter DeVries points out that the tool also has a “query” command which gives textual results which are relatively easy to understand. In the following example I query for a domain and we see then chain of trust from the root (.) down through (net) to the zone I’m interested in:

$ dnsviz query jpmens.net
. [.]
  [.]  DNSKEY: 8/951/256 [.], 8/18733/256 [.], 8/20326/257 [.]
  [.]    RRSIG: ./Algorithm.RSASHA256/20326 (2022-12-20 - 2023-01-10) [.]
net [.] [.]
  [.]  DS: 8/35886/2 [.]
  [.]    RRSIG: ./Algorithm.RSASHA256/18733 (2022-12-22 - 2023-01-04) [.]
  [.]  DNSKEY: 8/57635/256 [.], 8/35886/257 [.]
  [.]    RRSIG: net/Algorithm.RSASHA256/35886 (2022-12-20 - 2023-01-04) [.]
jpmens.net [.] [.]
  [.]  DS: 13/37440/2 [.]
  [.]    RRSIG: net/Algorithm.RSASHA256/57635 (2022-12-19 - 2022-12-26) [.]
  [.]  DNSKEY: 13/17125/256 [.], 13/37440/257 [.]
  [.]    RRSIG: jpmens.net/Algorithm.ECDSAP256SHA256/37440 (2022-12-15 - 2023-01-14) [.]
  [.]  A: 185.26.156.73
  [.]    RRSIG: jpmens.net/Algorithm.ECDSAP256SHA256/17125 (2022-12-10 - 2023-01-09) [.]

Did I mention DNSViz is a brilliant tool?

Notes to self: KeePassXC

More and more frequently, when I ask friends and family (people with a mainly non-computing background) how they manage their passwords their eyes cloud over, and I then feel the need to tell them that they ought to apply good password hygiene. (I tend to mensplain a bit.) As such I’ve been looking much more deeply into KeePassXC as a multi-platform, Open Source, and very decent password manager.

I ran away from 1Password many years ago when, IIRC, forced cloud upon their users and also converted to a subscription model and settled for EnPass at the time. Aside from a number of UI quirks in EnPass I’ve been happy enough with it, and I got it at the time when they had a purchase model; I believe that has meanwhile also changed to a subscription model. I want to be able to recommend a program which has a fixed price (Open Source is fine) and a UI which will hopefully remain somewhat consistent. I think KeePassXC matches the requirement.

These notes are intended as a reminder to myself of the features and possibilities I discovered in KeePassXC. (Start with some screenshots if you like.)

the database

KeePassXC databases (*.kdbx; file format explained) are protected with either a password or a key file or both. The desktop app and the CLI program can optionally create these key files, and they contain 128 byte of random data which is used to augment the password. These key files can also be an image, a love letter — any file which doesn’t change. Think of it as a really complicated password that is read from a file, so you don’t have to remember or type it into your master password field.

I would likely suggest a key file created with random data and have a backup of the key file printed on paper (using a font with which I can easily differentiate zero and oh and one and ell …):

$ keyfile=kp.key
$ dd if=/dev/urandom bs=128 count=1 status=none of=$keyfile

$ openssl dgst -sha1 $keyfile
SHA1(kp.key)= f4e8b1dca0f2833d0596ba60664999fc0ca99a09

$ openssl enc -base64 -in $keyfile
MShDxixExQGpQpnoXrby0DI7lVpAr+zLuqg8P3FYOpBpRwVT+hrViMcc+tV0DMWB
nSh7ar8n4f3H5WNbT3pqI8zMJNZj23XwMc1NakzjzcZuiMxbwUK8LDuzkh2NXtjQ
464jy83ECfvomjBTQVo9B64+qeDSuaM1IHTvCYuGH3A=

$ openssl enc -A -base64 -in $keyfile |
       qrencode -l Q -o $keyfile.png

QR-code of base64 of the key file

In order to recover the binary key file I could scan the QR code, copy the resulting text (or even enter it manually from the base64 representation if necessary), and decode the base64 back into the key file’s data with

$ openssl enc -d -A -base64 -in /tmp/paper -out kp-new.key

$ openssl dgst -sha1 kp-new.key
SHA1(kp-new.key)= f4e8b1dca0f2833d0596ba60664999fc0ca99a09

KeePassXC databases can be synchronized via, say, syncthing, Dropbox, or a file share, etc., but the key files ought to be kept separately. Key files are also supported by KeePassium on iOS and possibly also by other apps such KeePassDX and KeePass2Android on Android, and Strongbox on iOS.

Hardware key chooser when opening database

In addition to password and/or key file, the desktop apps can use a supported Yubikey (I chose a 5c nano) with HMAC-SHA1 to add additional entropy to the chosen password. While this works very well it has the disadvantage of not being supported by the mobile apps I looked at, meaning it would be a desktop-only feature. Also, it’s important to have a backup Yubikey (5c NFC here) for the feature; I wouldn’t want a lost/broken Yubikey to lock me out of the database!

Sadly, KeePassXC relies on external file synchronization, which might not be trivial to set up. As Alexander notes, the original Keepass2 (and Keepass2Android) are able to open database files directly from a WebDAV URL, and merge changes that have been made from a different device, but KeePassXC is likely the more modern choice with more features.

Python module

The Python pykeepass module interacts with KeePass databases (supports KDBX3 and KDBX4), and as such also works with KeePassXC. I can create a database (this is how I created the jane.kdbx database for the examples on this page), create and find entries, add entries, change / add passwords and entry details, etc.

#!/usr/bin/env python3

from pykeepass import PyKeePass, create_database
import secrets
from xkcdpass import xkcd_password as xp

kp = create_database("jane.kdbx", password="tt", keyfile="kp.key", transformed_key=None)

g_work = kp.add_group(kp.root_group, "Work")
g_play = kp.add_group(kp.root_group, "Play")
g_social = kp.add_group(g_play, "socialmedia")

wordfile = xp.locate_wordfile()
mywords = xp.generate_wordlist(wordfile=wordfile, min_length=5, max_length=8)

password = xp.generate_xkcdpassword(mywords, acrostic="tonic", delimiter="-")

entry = kp.add_entry(g_work, "gmail", "myusername", password)
print(entry)  # Entry: "email/gmail (myusername)"

e = kp.add_entry(g_social, "Mastodon", "janej", secrets.token_urlsafe(32))

e.url = "https://mastodon.example.com/@janej"
e.tags = [ "fediverse", "mastodon" ]
e.notes = "account created in 2018 with 2FA"

emails = [ "janej@example.com", "jane@example.com" ]
e.set_custom_property("mail", "\n".join(emails))    # custom property expects newline-separated
e.set_custom_property("uid", "12345678")            # pykeepass > 4.0.3 will have: protect=True

# there doesn't appear to be a way of exiting cleanly without the .save()
kp.save()

keepassxc-cli

keepassxc-cli is a command-line tool for KeePassXC from which I can manipulate its databases.

$ kpc open -k tt.key jane.kdbx
Enter password to unlock jane.kdbx:
Passwords> help


Available commands:
add                 Add a new entry to a database.
analyze             Analyze passwords for weaknesses and problems.
attachment-export   Export an attachment of an entry.
attachment-import   Imports an attachment to an entry.
attachment-rm       Remove an attachment of an entry.
clip                Copy an entry's attribute to the clipboard.
close               Close the currently opened database.
db-create           Create a new database.
db-edit             Edit a database.
db-info             Show a database's information.
diceware            Generate a new random diceware passphrase.
edit                Edit an entry.
estimate            Estimate the entropy of a password.
exit                Exit interactive mode.
generate            Generate a new random password.
help                Display command help.
ls                  List database entries.
merge               Merge two databases.
mkdir               Adds a new group to a database.
mv                  Moves an entry to a new group.
open                Open a database.
quit                Exit interactive mode.
rm                  Remove an entry from the database.
rmdir               Removes a group from a database.
search              Find entries quickly.
show                Show an entry's information.
Passwords> generate
vbPf4p9VmxwhkyDehiQDQNR2XiiMUbjf
Passwords>

Using the --yubikey option, I can also unlock a Yubikey-protected database from the command-line:

$ kpc ls other.kdbx -y 2
Enter password to unlock other.kdbx:
Please present or touch your YubiKey to continue.
...

In the example which follows, I attach an image to the database and then display all details (also the protected fields) of an entry.

$ alias kpc=/Applications/KeePassXC.app/Contents/MacOS/keepassxc-cli
$ kpc attachment-import -k kp.key jane.kdbx Mastodon mascot mastodon-mascot.jpg
Enter password to unlock jane.kdbx:
Successfully imported attachment mastodon-mascot.jpg as mascot to entry Mastodon.

$ kpc show jane.kdbx -k kp.key --show-protected --show-attachments Mastodon
Enter password to unlock jane.kdbx:
Title: Mastodon
UserName: janej
Password: REH1I0xz_iEM2VYvhiwfah5Rt1RROxqErmejlaoKY6A
URL: https://mastodon.example.com/@janej
Notes: account created in 2018 with 2FA
Uuid: {95275776-9a50-11ed-add7-f01898ef9fe7}
Tags: fediverse,mastodon

Attachments:
  mascot (3.0 KiB)

It’s not actually documented anywhere that I could find, but keepassxc-cli actually reads passwords from stdin. (tt is the database password and the dice ware subcommand creates four words as in ”subpar amusement crayfish footrest”.)

$ (echo tt; kpc diceware -W 4) | kpc edit -k tt.key jane.kdbx -p gmail
Enter password to unlock jane.kdbx:
Enter new password for entry:
Successfully edited entry gmail.

I could add -q to the command to completely silence prompts for database and entry’s new password.

the UI

screenshot of KeePassXC with the programmatically-created entry shown

  1. favicon downloaded from within the entry (add URL, hit download), but there is a menu for downloading URLs automatically, not possible here b/c it’s a fake address
  2. I didn’t understand the color square, but it’s a password-quality indicator
  3. Additional attributes. In future the Python module will be able to add protection (such as shown in the comment for 4.)
  4. Attachment names
  5. Group folders as created within Python

SSH agent

KeePassXC implements support for an SSH-agent, and I find it works very well. What I particularly appreciate is the possibility to override the agent socket path as I have a bit of a convoluted setup here which sets a specific path on login.

KeePassXC’s implementation can add SSH keys when unlocking a database, it can automatically remove keys from the agent after a selectable time, and it can optionally remove all keys it’s added when the database is locked (i.e. closed). Note there’s a setting with KeePassXC which can optionally ask for confirmation before using a key, but that requires the separate SSH ask-pass utility — this is not something that KeePassXC can implement as there’s no feedback from the agent itself.

There’s a very good writeup of how to manage SSH keys with KeePassXC.

TOTP

KeePassXC has built-in support for Time-based One-Time Passwords (TOTP). These are passwords which use the current time as a source of uniqueness. I prefer to use an app which does TOTP than to use SMS for two-factor authentication (2FA).

I have some doubts about the security of having TOTP within the password manager (I use Authy and not the support built-in to EnPass), so I asked on Mastodon:

Is there a consensus on whether it is better/safer to have TOTP generation done within the password safe (e.g. KeePassXC) or rather externally using a separate program (e.g. Authy)?

I think I’m summarizing correctly when I quote Thomas, who responded:

It’s better to have it on a separate device. But it’s also better to have it in any place than to not have it at all.

That’s probably very good advice.

Further reading

Over the past 11 months, I’ve been lucky enough to travel to six beautiful countries - here are my thoughts:

Over the past 11 months, I’ve been lucky enough to travel to six beautiful countries - here are my thoughts:

Seville (Spain): Absolutely stunning, relaxed atmosphere, amazing food, amazing weather, lots to see and do. 10/10.

Athens (Greece): So much culture and history in every direction, amazing food, great weather, some parts of the city a little dirty which takes you out of the magic. 8/10.

Oslo (Norway): Beautiful environment, but not much culture. People also not the friendliest and everything extremely expensive. 3/10.

Istanbul (Turkey): Rich in culture, lots to see and do, food is amazing, but people constantly trying to harass you on the street. 4/10.

Munich (Germany): Beautiful city, lots of culture and history, great weather, friendly people, good food. 9/10.

Innsbruck (Austria): Absolutely stunning scenery, friendly people, good food, lots to see and do. 9.5/10.

submitted by /u/Spiritualrose98
[link] [comments]

Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs

Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs

Need a quick way to send a randomly generated password? How about a important file or URL? Password Pusher is the tool for the job!

What is Password Pusher?

Password Pusher is an opensource application to communicate passwords over the web. Links to passwords expire after a certain number of views and/or time has passed.
Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs

Password Pusher Features

  • Easy-to-install: Host your own via Docker, a cloud service or just use pwpush.com
  • Opensource: No blackbox code. Only trusted, tested and reviewed opensource code.
  • Versatile: Push passwords, text, files or URLs that autoexpire and self delete.
  • Audit logging: Track and control what you've shared and see who has viewed it.
  • Encrypted storage: All sensitive data is stored encrypted and deleted entirely once expired.
  • Host your own: Database backed or ephemeral, easily run your own instance isolated from the world.
  • JSON API: Raw JSON API available for 3rd party tools or command line via curl or wget.
  • Command line interface: Automate your password distribution with CLI tools or custom scripts.
  • Logins: Invite your colleagues and track what is pushed and who retrieved it.
  • Internationalized: 28 language translations are bundled in. Easily selectable via UI or URL
  • Themes: 26 themes bundled in courtesy of Bootswatch. Select with a simple environment variable.
  • Unbranded delivery page: No logos, superfluous text or unrelated links to confuse end users.
  • Customizable: Change text and default options via environment variables.
  • Light & dark themes: Via CSS @media integration, the default site theme follows your local preferences.
  • Rebrandable: Customize the site name, tagline and logo to fit your environment.
  • Custom CSS: Bundle in your own custom CSS to add your own design.
  • 10 Years Old: Password Pusher has securely delivered millions and millions of passwords in its 10 year history.
  • Actively Maintained: I happily work for the good karma of the great IT/Security community.
  • Honest Software: Opensource written and maintained by me with the help of some great contributors. No organizations, corporations or evil agendas.

With Password Pusher, you can push passwords, text, files, or URLs that autoexpire and self-delete. This means that you can set a specific time for the link to expire, or determine the number of times it can be viewed. This ensures that the password or sensitive information can only be accessed for a limited period, providing an additional layer of security.

Not only can you share passwords with Password Pusher, but it can also generate passwords based on pre configured options built into the app. You control how strong the password is based on the options you choose.

Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs

Password Pusher is an open source application. There is a demo you can try before you install it to see if it suits your needs. It's very simple to install using one Docker run command.

Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs
🚀
Run your own instance of Password Pusher for as little as $1.2/Month with PikaPods! – Start free with $5 welcome credit 🤗

Install Password Pusher with Docker

First, you will need a host machine with Docker installed and running. If you need help getting Docker installed, see our guide on installing Docker on Debian.

Run the following command to install Password Pusher using Docker.

docker run -d -p "5100:5100" pglombardo/pwpush-ephemeral:release

After you run the Docker command, wait a couple minutes then navigate to your host machine IP on port 5100 to start using it.

Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs

Sign up for Noted

Maximize Your Homelab Potential with Self-Hosting and Open-Source Solutions.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Final Notes and Thoughts

Password Pusher has been around for a decade, and has securely delivered millions of passwords in that time. It's actively maintained and developed by a passionate open source community.

I'm genuinely curious if any of you have used this or any other tools like Password Pusher? I myself don't have a use for tools like this but if you have a high communication remote job, I could see this coming in great handy.

If you find Password Pusher useful or want to find out more information, hop over to the Password Pusher Github repo and give it a star!

5 Self-Hosted Document Management System Applications

5 Self-Hosted Document Management System Applications

Imagine you have a collection of important papers, documents, and files scattered all over your home. They're in different drawers, folders, and cabinets, and you often struggle to find the one you need when you need it. It's frustrating, time-consuming, and can even lead to stress. It's time to get organized with a self-hosted document management system.

What is a Document Management System?

Think of a document management system (DMS) as a fancy digital filing system. It's a tool that helps you store, share, and keep track of all your important documents. You might hear people mention DMS when they talk about systems for managing content. It's a piece of the bigger puzzle called enterprise content management (ECM), and it connects with things like sorting digital files, scanning papers, organizing work, and taking care of records.

Self-hosted DMS solutions are often chosen for their data privacy, customization options, and the ability to maintain control over sensitive documents. Here are a few DMS options you can try self-hosting yourself!

5 Self-Hosted Document Management System Applications

Teedy

Lightweight document management system packed with all the features you can expect from big expensive solutions.

Try with Docker

Teedy proves to be quite practical in keeping digital documents well organized. It's straightforward, free from unnecessary complexities and simply does its job effectively. The open source nature of Teedy makes it accessible to individuals seeking digital file organization and small businesses in need of an efficient document management solution. It's a tool worth considering for your document organization needs.

5 Self-Hosted Document Management System Applications

Docspell

Docspell assists in organizing your piles of digital documents, resulting from scanners, e-mails and other sources with minimal effort.

Try with Docker

Docspell takes a unique approach by focusing on automatically extracting and attaching metadata from your documents, such as correspondent information, dates, and tags. You can just toss your documents into a digital pile without worrying about where to place them. Later on, you can easily create different organizational structures based on this metadata, making it a breeze to locate any document you need. Docspell even uses OCR (Optical Character Recognition) to analyze text and find information within your documents, further simplifying the process of keeping things organized.

5 Self-Hosted Document Management System Applications

Paperless-ngx

Paperless-ngx is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.

Try with Docker

Paperless-ngx stands out as a popular choice in the self-hosted community when it comes to managing personal documents. Paperless-ngx has two main components: one that monitors a designated folder and adds your documents automatically, and another that offers a simple web interface for efficiently managing and locating your scanned documents. Each document can be labeled with details like its source, content, and tags for convenient grouping. Unlike traditional folders, Paperless-ngx offers flexibility, allowing a single document to have multiple tags. It also handles date tracking automatically, making document organization effortless and ensuring that it remains a popular choice in the community.

5 Self-Hosted Document Management System Applications

Myan EDMS

Mayan EDMS is a Free Open Source Electronic Document Management System, coded in the Python language using the Django web application framework and released under the Apache 2.0 License. It provides an electronic vault or repository for electronic documents.

Try with Docker

Mayan EDMS was originally a project to store PDFs but has grown into a complete document management system. You can easily upload documents from different sources, organize them with tags, and find what you need using a simple search. Features include customizable metadata, batch uploading, document preview, and version control. It's a resourceful tool for organizing and retrieving your digital documents.

5 Self-Hosted Document Management System Applications

Papermerge

Open Source Document Management System designed for scanned documents.

Try with Docker

Papermerge is all about collaboration and flexibility. Being open source, it prioritizes transparency and community input, allowing anyone to enhance its source code. It supports multiple users with tailored permissions, and its OCR technology extracts text from scanned documents for easy searching. With a user friendly REST API, you can customize the system to your needs and import documents from various sources. Its efficient full text search lets you find documents effortlessly, and it preserves document versions to prevent data loss.

💡
Quick tip: If you're thinking about getting a scanner for your documents, here's a tip: auto feeding scanners can be a bit more challenging to keep clean compared to flatbed ones. This is especially important if you're scanning pages with stuff like waxy crayons that could leave marks on the scanner sensors. In situations like that, you might want to consider going for a flatbed scanner instead. I learned this the hard way when I was scanning my kids' artwork. Hope this saves you some hassle and money!
5 Self-Hosted Document Management System Applications

Sign up for Noted

Maximize Your Homelab Potential with Self-Hosting and Open-Source Solutions.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Final Notes and Thoughts

I've given all the options above a try, and in the end, I found that Paperless-ngx really suits my personal needs the best. What I appreciate most about it is how easy it is to organize my documents using tags, and the fact that it can automatically keep an eye on my documents folder is a game changer. That's not to say the other choices are without merit, but Paperless-ngx just seems to click better with how I like to manage my documents. It's all about finding the right fit, and for me, Paperless-ngx is the one.

The WITI Recommends Edition

Noah here. We are coming up on our fifth birthday (!!!), and for about four of those years, we’ve been thinking about building out a recommendations site off the back of our nearly 1500 editions. Well, we are finally making it happen. I’m happy to announce Why is this interesting? Recommends, which pulls together over 1,000 products, books, software, and other kinds of recommendations from across our many emails from the past five years. 

Check out WITI Recommends

alt

Why is this interesting?

WITI is a long-term experiment. We are never quite sure where things are headed, and we continue to do it because we really enjoy it. This year, we brought on an amazing editor in Louis Cheslaw and have been thinking about some other new ideas to extend the concept and community. This is one of them. We have a bunch of thoughts on where we’d like to take this, but in the spirit of launching early, we wanted to get it out into the world. As you might expect, there are affiliate links where possible, and we will make a buck or two if you buy something, so click and purchase away. (Making WITI more financially sustainable is another goal for the year.)

The core of it is pretty simple: we sucked the product recommendations out of all the emails, scraped the product pages for descriptions and images, and categorized the whole thing. Most of the manual work was made possible thanks to AI, which, while taking lots of heat these days in the world of media and beyond, is amazing at solving stupidly annoying problems like how to pull the recommendations out of some 1,000,000+ words.

If you’re interested in the nitty-gritty, I wrote a bit about it in a recent BrXnd newsletter (that’s where I write about marketing and AI stuff). The gist is that AI makes a fantastic fuzzy interface: a simple way to transform unstructured data (like many essays in HTML) into structured product recommendations. This process isn’t overly complex (minus the scaffolding to set up the pipelines). Mainly, it’s asking the AI to extract product recommendation links from a given post. I posted the full prompt over on BrXnd Dispatch, as well as a bunch of other execution details if you’re interested.

Back to the site, I particularly like the pages that pull together many tips, like this one from our most popular post, The Go-Bag Edition. This points to a direction I generally would like to head with things, which is to pull together multiple recommendations into a list of sorts. I didn’t quite get it done for this release, but the idea is that if you’re looking for a great pen or a novel, you could find it easily. (For now, search does work pretty well.)

alt

It’s also fun to see all the various things I’ve linked to over the years.

alt

There’s much more work to do, and we’re open to feedback. So click around, buy some stuff, and let us know what you’d like to see.

Thanks for reading,

Noah (NRB) & Colin (CJN)

Why is this interesting? is a daily email from Noah Brier & Colin Nagy (and friends!) about interesting things. If you’ve enjoyed this edition, please consider forwarding it to a friend. If you’re reading it for the first time, consider subscribing.

Introducing selfh.st/apps, a Directory of Self-Hosted Software

Introducing selfh.st/apps, a Directory of Self-Hosted Software

One of the more common requests for content I receive from This Week in Self-Hosted subscribers is a browsable list of applications and software that have been featured in the newsletter's Content Spotlight section.

Today, I'm taking this request one step further and publishing the entire list of self-hosted software projects I follow and track in a browsable format – which can be accessed at selfh.st/apps.

Self-Hosted Applications and Alternatives
A directory of self-hosted software and applications for easy browsing
Introducing selfh.st/apps, a Directory of Self-Hosted Softwareselfh.stEthan Sholly
Introducing selfh.st/apps, a Directory of Self-Hosted Software

The list of software covers a wide range of self-hosted projects (both open- and closed-source) and includes filters for tags and popular hosted alternatives as well as sort options based on the number of repository stars, date of last development activity, and alphabetical order.

On the backend, the page is populated by a database I've maintained over the past year as a way to track relevant projects for the newsletter. And while it took several weeks to build the webpage and functionality to populate the tiles (with help from AI), the entire process is now automated and the details will update daily as I add new projects for my own tracking moving forward.

Additional details and anticipated questions about the list can be found here. As usual, feel free to reach out if you'd like to connect about any aspect of this project.

Thanks, and happy selfh.st/ing!

Created an extensive site for short men. Looking for testers and feedback.

Good evening r/shortfashion . I recently created a rebranded site for short men and would love for some of you to check it out, maybe test it out if you are interested and give some feedback. The vision is a community centered around the short male experience and those who "show love to them" (i.e. friends, relatives, mentors, colleagues, girlfriends, wives, etc). It is open to all. There is some more work to be done, but it is officially live. Free to join and use.

The Site HAS a:

  • Community Forum (with category tags)
  • Experience Blog (with category tags)
  • Fashion Blog (with category tags)
  • Marketplace (Buy/Sell/Trade - Clothes, Shoes, Outerwear, Accessories for shorter men)
  • Store Links (stores which cater to or are popular with shorter men with ability to review)
  • Famous Short Men Gallery (searchable, ability to leave comments)
  • Merch Shop
  • E-Book Area (eBooks coming, free and non-free titles)
  • Members can collect cool badges and gift badges
  • Members can award standout posts
  • Members can react to posts with emojis to show where they stand

The Site is NOT for:

  • Supporting Defeatism (though honesty and constructive language is encouraged)
  • Hate (though being HONEST about life experiences and feelings are ABSOLUTELY supported)

A lot of work went into creating this. You could call it a passion project. But as with all sites, maintenance will be its own endeavor. As it is rebranded, there is some more cleanup and some content adjustment to be done. New features will be added over time when I am able to do so. There will be some critics and that's fine, but I felt an independent community like this is missing online. Thanks to anyone who checks it out!

submitted by /u/shortkingz_ to r/shortfashion
[link] [comments]

Estadounidense Esab International Holdings concretó adquisición del 100% de colombiana de soldaduras Sager: le aportará US$10 millones en 2024 a su facturación consolidada

North Bethesda, Estados Unidos. – Esab International Holdings LLC finalizó recientemente la adquisición del 100% del capital suscrito de Sager S.A.S., que es una compañía con domicilio principal y factoría en Cali (Colombia).

Como reveló Primera Página el pasado 13 de julio, la transacción originará una integración económica horizontal entre Soldaduras West Arco Colombia S.A.S. (también propiedad de Esab) y Sager S.A.S., concretamente en el segmento de reparación y mantenimiento.

Esab International Holdings

Ejecutivo colombiano Derek John Tibble Sager, gerente general y exsocio de Sager S.A.S.

Lo anterior dado que la participación de mercado sumada de las dos compañías estará por encima del umbral del 20% en el negocio de consumibles de soldaduras.

Sin embargo, con la integración dicha participación no aumentará sustancialmente.

Y aunque la participación de West Arco es significativa en el segmento debido a su fábrica en Colombia, en el mercado agregado existe una oferta importante proveniente de las importaciones, que representan 46% del negocio y  permitiría atender la mitad de la demanda nacional, con potencial que ingresen nuevos comercializadores y distribuidores.

La movida tampoco tendrá efecto material en el negocio de soldadura de reparación y mantenimiento, ya que, en el sentido más estricto, los productos ofrecidos por las partes no son necesariamente sustitutos entre sí, sino más bien complementarios.

Ambas empresas además operan en el segmento de la reparación y el mantenimiento, pero Sager fabrica aplicaciones especializadas de reparación y mantenimiento que responden a necesidades específicas de los clientes en función de la industria en la que operan, suministrando productos que no se encuentran habitualmente en ferreterías.

Por otra parte, las actividades de Soldaduras West Arco se centran principalmente en los consumibles para fabricación (no para reparación y mantenimiento) y en líneas de reparación y mantenimiento; pero que no están destinadas a utilizarse en un sector específico y son una solución de venta libre para reparación y mantenimiento (sin aplicaciones especializadas).

Shyam Kambeyanda, presidente de Esab Corporation

En el 2022, Soldaduras West Arco registró ingresos operacionales por $249.781 millones, mientras que Sager facturó el año pasado $24.158 millones (tiene 84 empleados).
Acerca de Esab Corporation

Es un proveedor de equipos y consumibles de soldadura y corte, que ofrece una línea de soluciones de fabricación para múltiples aplicaciones.

Se trata de una de las principales empresas mundiales de fabricación y tecnología de control de gases especiales, centrada en tecnología de soldadura, equipos avanzados, consumibles, control, robótica y soluciones digitales.

Con 9.000 asociados (que atienden a clientes en 147 países) y 26 plantas, en el 2022 la empresa registró ventas netas por US$2.775 millones.

Acerca de Sager S.A.S.

Es una sociedad comercial constituida, en 1947, en Santiago de Cali, en el departamento del Valle de Cauca.

El objeto de la sociedad se desarrolla, entre otros aspectos, en la fabricación, distribución y venta de soldadura y elementos afines; la importación y exportación de materias primas y mercancías en general.

Fue fundada por Gerhard Sager, empresario de origen alemán, quien llegó a Colombia como representante de varias compañías extranjeras de distribución de productos importados.

En 1954, se convirtió en la distribuidora exclusiva de los productos Eutectic + Castolin, que, por su lado, había instalado una fábrica de producción de electrodos de soldadura de mantenimiento en Colombia, la cual fue adquirida por Sager en la década de los años 70.

En la década de los 90, Sager obtuvo la representación exclusiva de Eutectic + Castolin para Perú, Ecuador y Venezuela.

En el 2024, las ventas de la empresa se estiman en US$10 millones ($39.000 millones).

Acerca de Soldaduras West Arco S.A.S.

Los negocios de la empresa se desarrollan en el sector metalmecánico en la producción, fabricación, manufactura, distribución, transformación, compra y venta de toda clase de productos relacionados con dicho sector; y en particular, con el ramo de soldaduras.

En el 2022, la empresa registró  utilidades netas de $33.018 millones.

Ir a inicio

La entrada Estadounidense Esab International Holdings concretó adquisición del 100% de colombiana de soldaduras Sager: le aportará US$10 millones en 2024 a su facturación consolidada se publicó primero en Halcones y Palomas.

How To Clean White Sneakers the Right Way

How To Clean White Sneakers the Right Way

by · Sneakers | May contain affiliate links (what's this?)

Nothing’s worse than dirty shoes, especially previously white ones. Today, we’ll discuss how to clean white sneakers properly.

Photo by hdcaputo / Depositphotos.com

Remember when you first took those beautiful white sneakers out of the box? They were made of pristine, classy ivory-toned leather. Or, perhaps, an immaculate light beige canvas — the way you always wanted them to look.

And that’s why it’s important to know how to clean white sneakers properly.

Remember, they’re white sneakers — not gray sneakers, not white with spots. Keeping them clean is a big part of ensuring their versatility. And besides, nothing looks less grown-up than dirty sneakers.

Whether you’re sporting retro-cool Converse high-tops or luxurious Common Projects (or any cool alternatives), keep them clean. Here’s how. 

How To Clean White Sneakers — Any Kind

The two most common and classic types of white sneakers are canvas shoes and leather sneakers. We’ll discuss how to clean both kinds, starting with leather.

Cleaning White Leather Shoes

Here’s what you’ll need to get your white leather shoes squeaky clean:

  • Saddle soap. Fiebings saddle soap for white leather is a cost-effective option
  • Horsehair dauber brushes (you’ll likely need two)
  • Warm water
  • Leather conditioner. I like Venetian shoe cream because it is neutral and works on all leather colors.
  • Undyed microfiber cloths. You can also use paper towels or old white clothes.
New Republic Kurt Leather Sneakers frontNew Republic Kurt Leather Sneakers front

Alright, let’s get cleaning!

First, Remove the Laces and Get Any Excess Dirt Off

By removing the laces, you can clean the eyelet stays more thoroughly. Trust me, dirt loves to get into those areas.

Moreover, you don’t want your leather-specific ingredients getting into your laces.

To remove excess dirt, start by clapping the outsoles of both shoes together. You can do this by holding each by their collar, then literally banging them against each other.

This ensures that bigger dirt particles don’t scratch the surface of the leather while you’re cleaning. Even more, your soap can focus on more important dirt particles. It can tackle those teeny tiny ones trying to imbed themselves onto the shoe surface.

Lather Up!

As with cleaning your own body, you’ll want to create soap suds to clean your leather. This allows the soap molecules to disperse effectively, dividing and conquering the dirt and grease.

Open your saddle soap and fill the top up with warm water. Take your brush and dip it into the soap. Then, dip it into the water-filled top and make circles until you start to see a healthy, thick lather.

Soap up Your Shoes

Take your lathered-up brush and apply it to the first shoe you’re cleaning. Make sure to go one shoe at a time.

Go in small circular motions all throughout the surface of the shoe. If there are darker, stained areas, start there, then move outwards.

You’ll want to be pretty aggressive when you get to the eyelets, the outsoles, and any other seams and stitches. There are loads of nooks and crannies for dirt to get into in these particular places.

Make sure to lather up the entire upper.

Wipe the Lather Off of the Shoes

Now, take your cloth or towel and gently wipe off all of the suds.

Once all of the lather is gone, take another dry cloth and start drying off the surface. 

You want to be liberal about your cloth usage here. If you continue to use a cloth that’s at capacity, you’ll just end up reapplying water and soap to the surface.

This is why it’s a good idea to use cloths over paper towels. Clothes are more economical and better for the environment.

Clean Up the Other Shoe

Repeat all of these steps on the other shoe. Leather him up, then wipe him down.

This way, one shoe isn’t sitting in suds longer than the other.

Use a Leather Conditioner

I know this is a gross comparison, but remember that leather is skin at the end of the day. Your skin needs moisturizer, and your hair needs conditioner.

So, your white leather shoes do as well.

Apply your leather conditioner to another clean cloth.

Then, apply it to the shoe in small, circular motions, just as you did with the soap. 

Once you’ve got the cream on the entire surface, take a horsehair brush to the eyelet stays and seams. This ensures the conditioner gets into the tightest spots.

Buff the Surface

Last but not least, take your horse hair brush and swipe the surface of the leather once or twice. This way, you get rid of excess conditioner.

How To Clean White Canvas Sneakers

Now that you know how to clean your white leather, let’s get into how to clean white canvas sneakers.

Cuffed chino pantsCuffed chino pants

 Of course, you’ll need a slightly different arsenal for this.

  • Again, microfiber cloths, paper towels, or old white clothes
  • A toothbrush
  • Warm or cool water. Just make sure it isn’t hot 
  • Laundry detergent
  • Baking soda

Again, You’ll Start by Removing the Laces and Clapping Your Shoes Together

Get that excess dirt off! 

Canvas is more absorbent than leather. If you leave loose dirt on it, it will find crevices to cling to when it gets wet.

Once you’ve banged the shoes together, give the surface a quick toothbrushing.

Create a Solution Using Laundry Detergent

Take a teaspoon of detergent and one cup of water. Mix them up with a stirrer to create suds.

Remember, suds are key.

I also like to shake the solution up in a mason jar.

Apply Your Solution to Your Shoe (Again, One at a Time)

Dip your clean cloth into the solution. As you did with your leather cleaner, make small circular motions all throughout the shoe’s surface. 

And just as you did with your leather shoes, feel free to rub more vigorously on seams, the eyelet stays, and the outsoles. 

If your shoe has a rubber toe cap, like Converse Chucks do, feel free to take the toothbrush to it.

Wipe Up and Let Dry

Now, take a dry cloth or paper towel and soak up any excess soap and water from the canvas surface. 

Again, be liberal with your clothing usage. Once the cloth is fully saturated, use a new one.

Once you’ve dried each shoe as much as possible, keep them in a dry, cool room with ample ventilation for 24 hours.

Baking Soda Spot Treatment

If, after all of that, you still see stains on your shoes, baking soda is your friend.

You can create a stain remover by mixing one part baking soda and two parts water. Take your toothbrush, dip it into the mixture, then gently brush the stain out.

Be patient. For stubborn stains, I’ve noticed that I’d often have to brush for a good ten minutes, then wait for another 20 to see the stain fade.

Are you wondering how to clean white cloth sneakers or even white mesh sneakers? You’d do it exactly as you would with canvas shoes.

With mesh, I’d make more use of the toothbrush since there’s more topography on the surface.

Cleaning the Laces of Your White Sneakers

If your laces are over-the-top grimy, falling apart even, just get rid of them. There’s no point in wasting energy on a lost cause.

Otherwise, cleaning shoelaces is an easy process.

Start by taking your toothbrush and brushing it off. Again, it’s important to get rid of excess dirt. 

Then, take bleach and water (three tablespoons of bleach to a gallon of water) and submerge the laces. This should take about ten minutes.

New Republic Kurt Leather Sneakers with cuffed pantsNew Republic Kurt Leather Sneakers with cuffed pants

Hang them in a cool, dry area, or simply take a hairdryer to them. Don’t throw them in the dryer.

If they don’t need bleaching, you can just throw them in the washing machine with your other clothes. Just make sure to put them in a mesh bag so they don’t unravel or get caught on anything. 

FAQs

Here are some commonly asked questions about cleaning white sneakers!

Can You Wash White Sneakers in the Washing Machine?

Usually, no, but some new models are built to withstand the washer and dryer. However, they often have special instructions. For example, many come with a special washer bag to throw them in before tossing them in the machine.

What’s the Best Way To Clean White Shoes?

White leathers need leather soap and conditioner, while you can clean canvas and cloth shoes using laundry detergent. Clean them one by one.

Conclusion: Keep Your Whites White

Looking good (and put together) is all in the details.

White sneakers are menswear classics, but they won’t look particularly classic if dirty. Even more, knowing how to clean white sneakers ensures they last longer.

Have you ever cleaned your white sneakers, or do you prefer to send them to a professional? Would you try doing it yourself now that you know how? Let me know in the comments! We love hearing from you!

Send emails to spaces in Google Chat

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing

We’re introducing a new way to manage your communication, including emails, in Google Chat. 

After a space manager generates an email address for a space, members (or anyone in your domain with the email address) can send or forward any email to that space. This provides a great way for teams to easily triage or discuss email content with stakeholders within the space. The email will appear as a clickable card showing a snippet of the email in the designated space. 
Generate email in space settings

Generate email in space settings
Email card in the space

Email card in the space



Who’s impacted 

End users 


Why you’d use it 

Email integration into spaces allows you to choose the communication style that works best for your team. Once the email content is present, members can discuss content or take various actions like triaging and assigning them to different members of the space. 


Getting started 

  • Admins: There is no admin control for this feature. Visit the Help Center to learn more about sending emails to spaces in Chat.
    • Note: existing Google Group policies are respected. For example, if you have restricted group creation in your organization, those users will also be restricted from generating emails for spaces in Chat.
  • End users: 
    • As a space manager, you can create the space’s email address by clicking the name of the space in the top left corner > Space settings > Email section > select Generate email 
    • Once the email address is created by a space manager, all space members can send/forward emails to the space 
    • To send an email to the space, include the space email address in the “to” field of your email composer (in Gmail, Outlook, etc.) 
    • Click on ‘View message’ to view the entire email message in Google Groups 
    • You can change the email address for your space by going to advanced settings. 
    • Visit the Help Center to learn more about sending emails to spaces in Chat. 

Rollout pace

Availability 

  • Available to all Google Workspace customers 

Resources