This very much depends on the app which api you want to access. Often apps use accessTokens for this instead of login sessions. OpenID Connect is a subset mostly doing the authentication, but not the authorization here, so for REST API usage, I would prefer tokens.

RESOLVED: I updated WP dev to 3.8.0 just now and re-triggered a WF scan. File issues are gone.

Edit: so updating 3.8.0 had nothing to do with it. WF must have updated their list on their end as my other site is still on 3.7.2 and a new scan comes up clean too.

image.png

@humptydumpty I've been using Hetzner Storage Boxes for my backups for the past 5 years or so pretty much without issue. There has been the occasional issue with CIFS mounts, but I think that was more Cloudron related than Hetzner and mostly it's been totally fine.

@LoudLemur gold list, thank you!

so a new update it seams.
something tells so not much of an update, but I decided to try something.
so I work with a product called bitdefender.
I don't know why I didn't think of this earlier...
so I basically told bitdefender scamio to look at this image, which was obviously an email, that same email...
and it actually gave me this...
It's a scam
You're dealing with an extortion scam. Scammers might falsely accuse you of illegal activities or threaten to release embarrassing information. Often, they claim to have explicit photos or your passwords. Don't panic—these threats are usually baseless. They're just trying to scare you into acting without thinking.
Safety tips:
Verify sender: Check the sender's information to ensure it is from a legitimate source.
Protect personal data: Be cautious when sharing personal info online.
Use security measures: Keep computer security up to date and avoid clicking on unknown links.
so that was good...
if any of you wonna take a look, here it is!
it's a product I used for a while, and i'm surprised I didn't use it for this purpose earlier...
it's been 1 of my favorite scam detection products

Thank you all for sharing. I also read some comments on Reddit. Nobody likes Contabo.
To be fair, Contabo should probably add "No" to their marketing claims, like "No Germany Quality, Always".

image.png

@doodlemania2 What kind of services are you running? Just curious, as a newbie developer. Anything that you can share publicly?

@jayonrails the other thread was a mautic meetup. But yes, @luckow is the right guy for this 🙂 He has an office in Berlin .

@girish That's sad. Their Discord has been inactive for a few years now, though. Shame, very innovative and useful product. I still don't think anyone's really solved elastic hosting setups as well as they did.

@ntnsndr said in A list of Cloudron-like services/ competitors:

A friend just told me about Start9, which makes both hardware and an OS for self-hosting:

https://start9.com/
https://github.com/Start9Labs/start-os
Nice!
brave_fQ8Ay088pN.png

Hi is this question Cloudron related? This forum is only for https://www.cloudron.io/ specific questions.

this guy actually sounds stupid

They are license-agnostic, I'd say. They focus on security.

The press release in full:

As part of the project on “Code Analysis of Open Source Software” (CAOS 2.0), the German Federal Office for Information Security (BSI) has examined the security features of the Matrix communication software and the Mastodon social media micro-blogging software.

In most cases, cyber attacks can be traced back to errors in the program code of the affected applications. The CAOS project helps to identify and eliminate common vulnerabilities and risks. The BSI worked with mgm security partners GmbH to check the source code of the Matrix communication software and the Mastodon social media micro blogging software for possible defects. The BSI immediately notified the affected developers of critical vulnerabilities. They analyzed the vulnerabilities and have already responded. Further deficiencies were addressed as part of a responsible disclosure procedure. The results that have now been published are a combination of source code review, dynamic analysis, and interface analysis in the areas of network interfaces, protocols, and standards.

In cooperation with mgm security partners GmbH, the BSI launched the “Code Analysis of Open Source Software” (CAOS) project in 2021. The project's task is to analyze vulnerabilities with the aim of increasing the security of open source software. The project is intended to support developers in creating secure software applications and to increase trust in open source software. The focus is on applications that are increasingly used by public authorities or private users. This new publication is the results of the follow-up project “Code Analysis of Open Source Software” (CAOS 2.0).

Further code analyses are planned to increase the security of open source software in the future. The project on “Code Analysis of Open Source Software” will be continued under the name CAOS 3.0. The results will also be published on the BSI website after a responsible disclosure procedure. This procedure allows developers a reasonable period of time to fix security vulnerabilities before they are published.*

"We also don’t believe that a large corporation that is joining in as late should be the one defining the iconography for the fediverse." `Right on! I'm going to use this in my own instance.

I’m going with both suggestions by setting up rpi nas and stashing it somewhere out of sight. I can use syncthing to sync the media in case SMB share doesn’t work. It shouldn’t affect my internet speeds if it’s on the same network I think.

I changed the format to h265 instead of h264 and played with the bitrate a bit. I’m still trying to find the image-quality-to-file-size sweet spot.

I was thinking of using LUKS to encrypt the CR server, but I read that you would have to manually type the key each time the machine is restarted which wouldn’t be ideal since it’s at work and I usually run the manual reboots at night. I moved all the apps with sensitive info to another Cloudron just to be safe.

The windows machine with blueiris has bitlocker turned on so I’m set on that front. I also got a UPS from Costco in case electricity is out and I have a non-BI backup security camera running as an extra precaution.

@amoslipara this is a Cloudron forum . Not a Minecraft forum or a Linux help forum. Did you intend to post it here?

@humptydumpty said in What's The Best Backup Solution Provider For Cloudron?:

@jdaviescoates it’s nice not to have all your eggs in the same basket. I didn’t consider that you didn’t have to have the vps with hetzner to use the storage box.

I do actually have a dedicated server with hetzner too, but it is at least at a different location. Still, looking forward to being able to have multiple backup locations so I can spread those eggs around! 😛

The storage box needs remounting after a CR update, right?

That does seem to happen, yes. At least with the CIFS mount that I think I'm still using.