CouchPotato

For once, this post is not really to request an app, but to announce that my package for it is ready ^^

https://git.cloudron.io/mehdi/couchpotato-app

http://couchpota.to/

I am strongly against replacing the server in the current OpenVPN app.

However, it totally makes sense as a new, separate, app.

Slowly rolling-out automatic updates, but allowing manual updates immediately, seems a great idea to me.

@fbartels said in 2FA for all LDAP apps:

and rotate them regularly

(Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security, rather than enhance it : if encourages users to chose simpler passwords, because they're gonna have to remember more passwords)

@girish @nebulon My Transmission app is done, tests and all https://git.cloudron.io/mehdi/transmission-app

In my opinion, it's ready to push to store. It may need a bit more doc, but other than that it's good to go

BTW, the proxyAuth addon rocks !

@lonk It combines Jellyfin (for which there's already an app now), Transmission, SickChill, Couchpotato (the 3 I just mentioned), a custom file manager (built before Cloudron had one), and a custom TV Shows and Movies streaming interface (built before I integrated Jellyfin). Plus a few custom things, like a script to auto-remove finished torrents on transmission, and a script to auto-convert videos to MP4 for easy streaming in the browser (for my custom streaming interface. I disabled it now that I mainly use jellyfin, which handles this automatically).

Personally, from a security standpoint, I would totally not recommend Cloudflare. Their model is literally performing a (authorized) man-in-the-middle attack on your traffic. They have access to all your data.

I'm not saying they're nefarious. I'm just saying that for the minute benefit they offer, I don't think it's worth it to add yet another entity to the chain of trust.

Oh, I just had to go to my profile settings and enable it ! I am officially not jealous anymore

@ruihildt said in Why not make Cloudron fully open source again?:

I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.

I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.

And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.

TLDR: I am 100% in favor of switching back to an open source licence.

(As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)

@Lonk Here's the code : https://git.cloudron.io/cloudron/box

I think the cloudron team still accepts Merge Requests, even if it's not Open Source, as long as you sign a contributor's agreement (https://cla.cloudron.io/)

@marcusquinn said in 2FA for all LDAP apps:

I wonder if a global solution would be for all Cloudron packaged apps to use a Cloudron login screen with 2FA instead of the app's native logins?

This idea would definitely break a lot of stuff, at least for any app which is not strictly limited to a web front-end only. Off the top of my head : nextcloud's desktop apps, anything git, mobile/TV apps for Jellyfin/Emby ...

The cleanest way to support 2FA would be to go back to OAuth login, instead of only LDAP. Then, it would be normal to have a Cloudron-controlled page to log in. The problem is that many apps don't support it, and don't really want to.

The other way clean to do it is to support it at the app level, like Gitlab. Again, many apps don't support it, but I think it would be easier to convince app developers to support it.

The "ugly" way would be to customize the password-verification process for apps, so that in the normal login screen of the app the user can type something like PASSWORD;OTP or something. Bonus: no support from the apps themselves required, only on the platform level. Problem: educating users is gonna be hard. And it's not really neat ^^

@marcusquinn said in What's coming in 6.0:

If I can add File Permissions management to the Wishlist for the nice new File Manager please.

Seeing the screenshot in girish's post here (more precisely the icons of the actions on the right), I think it's already done for the next version

I'm the co-founder and CTO of a startup specialized in data encryption : https://seald.io if anyone's interested

@jdaviescoates I would love that too It has been awaiting review for a while You can go ahead and try it right now !

@marcusquinn said in Best privacy chat apps:

Telegram seems good but Signal being open-source seems better.

Security professional opinion : Telegram is . It's no better than facebook messenger. No encryption by default. I don't know how they managed to create the public perception that they are privacy-focused.

@atrilahiji I have a Dockerfile with a working build

FROM cloudron/base:2.0.0

ARG MORNIN_FM_VERSION="master"
ARG NODE_VERSION="10.22.1"

RUN mkdir -p /usr/local/node-${NODE_VERSION}
RUN curl -L "https://nodejs.org/download/release/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.gz" \
    | tar -xz --strip-components=1 -C /usr/local/node-${NODE_VERSION}

ENV PATH=/usr/local/node-${NODE_VERSION}/bin:$PATH

RUN mkdir -p /app/code/morninfm

# copy code
ADD start.sh /app/code/

RUN curl -L "https://github.com/fox-one/mornin.fm/archive/${MORNIN_FM_VERSION}.tar.gz" \
    | tar -xz --strip-components=1 -C /app/code/morninfm

WORKDIR /app/code/morninfm

# install packages
RUN npm install yarn -g
RUN yarn
RUN yarn build

CMD [ "/app/code/start.sh" ]

This file does not rely on "forking" the original app, but rather downloads its code from the upstream github repo, to make updates easier.

Also, I have only fixed the build, I have not even tried starting the app ^^

@marcusquinn From a security and privacy standpoint, I would only consider Signal and Matrix. Both are pretty usable in my opinion.

I also heard good things, from a security perspective, about Olvid. No idea how good is the interface though.

@atrilahiji said in How do you monitor your VPS ?:

@girish I mean, users don't typically crash for about 69 years on average so thats already better than any monitoring app. Unless theres an unexpected hardware failure due to poor maintenance of course.

Are you kidding me? They crash every single day! At roughly the same hour each night, usually. The up-time is ridiculous

@rmdes I don't think the rate limit is less than once every 30 minutes ^^

However, the check could indeed be done at intervals depending on the situation. Like do the check immediately when the config is changed, do it every 30 minutes or so until it succeeds once, then only once every day, and try 3 times before printing a warning (it could just be a random network timeout)

I'm actually working on it, in a package with a bunch of other stuff in the same app so it can actually be useful (Transmission to download stuff, SickChill to auto-download TV Shows, and a custom file manager). I'd love feedback if you want to check it out : https://git.cloudron.io/mehdi/river/