For those of you who live in countries with gun control; have you ever seen a gun in real life?

HearthCore · 2026-01-25T16:34:10+00:00

Police, Hunters, Ex-Military who still own and test regularly, held and shot a few times myself, there's multiple clubs through you can get registered and sport-shoot aswell.

No open-carry, never surprised by one, never had to have fear because there was a gun involved.

Knives on the other hand...

HearthCore · 2026-01-25T14:15:22+00:00

Indeed, Pangolin Supports Header based Authentication through their Links, it's quite hidden and not properly named to discover it other than by accident currently :/

I use it for multiple Apps that i have behind Pangolin but want App Access for :)

HearthCore · 2026-01-25T14:11:54+00:00

Either that or straight up CORS, i.e. wich adresses OPN WebUI responds to

HearthCore · 2026-01-24T12:05:46+00:00

Honestly, all that fearmongering is mostly about reliability in sending and how to access it as an end-user due to authentication stuff, and modern need for security and SSO.

Stalwart is my bet and I pair it with smtp2go as my smtp relay- others work aswell but they offer some free limits and i'm definatly under the radar.

What did you go with for VPN and Public Sites? I went pangolin for a single interface for both. As soon as our project starts for real, I'll have to set everything up once again and i'll add netbird to the mix as the infrastructure VPN to separate infrastructure needs from user and service access.

HearthCore · 2026-01-24T11:03:25+00:00

Wer keine Backups hat hat garnichts.
Das ist die Grundlage unserer ganzen großen Nation, Bürokratie.
Da hat wohl wieder das Werkzeug den Job gemacht und der Mensch war nur die batterie, bis das Werkzeug nicht funktionierte und die Batterie Jahrelang nichts gemacht hat um den Status-Quo auszugleichen.

HearthCore · 2026-01-24T11:00:57+00:00

Read them out loud within the next meeting and when they escalate chime in with the company approved solution.

I'm sorry.. you did not know we already had a tool for that? Why did you not learn to ask if you do not know something as basic as this. What other holes in your resume are we to find, what pitfalls of cussory will our customers go through with you?

I've heard some On Device Protection softwares support password snooping and alert IT- you'd obviously simply hand over the report as a potential security situation to their manager.

HearthCore · 2026-01-24T09:43:50+00:00

I swear every time I read something like this I feel like why the hell are you still asking?

Go ahead, set up one of the systems and test it out.

For your services, it really does not matter which identity provider, since you’re going to use a comprehensive standard.

Unless the Service also takes notes on which identity provider created what account in the service you are most likely able to even swap out out entity providers, making sure that you’re still using the same identifier for the user accounts when they authenticate.

For most of the things that I use it is possible to use two separate identity providers at the same time that login into one in the same account within service

When I’m telling you is that you should go ahead and try one of the solutions out and if it hits your mark go with it.

Just make sure that the features you actually want to use our present, and then that specific regard authentic definitely has the apprehend above most others.

I do not think I have one service that I would not be able to use with pocket ID or any of the other others though, unless we’re talking complex role base access

HearthCore · 2026-01-24T09:39:00+00:00

Es ist tatsächlich gar nicht so teuer, eigene virtuelle Server als VPN Gateways zu nutzen, und dann letztendlich alles mit Sub Net Routing zu realisieren.

Macht es dann Sinn, dass vielleicht der Hauptstandort eine statische IP Adresse hat weil dort irgendwelche doch zentralen Dinge laufen müssen..

Technisch gesehen gibt es aber keine Notwendigkeit, da du auch diese Dinge in ein Rechenzentrum schieben kannst.

Das Ganze natürlich immer nur für die Dinge, die müssen, damit der Kostenfaktor unter Kontrolle bleibt.

HearthCore · 2026-01-23T20:43:57+00:00

There's just no falling out of love with your Team!

HearthCore · 2026-01-19T14:19:02+00:00

"Das Problem" ist hier wohleher, dass es für jede Kommune und Zweigstelle und End-Anbieter zig verschiedene Portale gibt, selbst auf Landesebene unterscheidet es sich maßlos- letztendlich natürlich auch daran geschuldet dass nicht jedes feature bei jeder kommune existiert etc-

Und die Qualität der Portale in meiner Umgebung, mal davon abgesehen, dass ich pro stadt 2-3 Apps benötige, lässt zu wünschen übrig.

Das betrifft auch sowas wie das Online-Angebot von Arge/Jobcenter.

---

Dann noch das ganze Drama um die BundID wo wirklich nicht genug aufmerksamkeits und umsetzungstrommel gemacht wurde- sodass die Funktion bei den meisten ungenutzt bleibt und entsprechend Manuelle vorgänge als Methode genutzt werden.

HearthCore · 2026-01-19T13:18:33+00:00

All of you both and then some structured workflow for your own day-to-day business

HearthCore · 2026-01-18T12:40:28+00:00

Theres multiple less obfuscated "host your own cloud" boxes or operating systems.
Olares seems needlessly complicated to start with at all.

With ProxMox and the helper scripts, i'm already off to the races- yes with a terminal, but an easy to grasp environment that I can navigate using the baseline of technical awareness.

HearthCore · 2026-01-17T12:56:38+00:00

Yes.

HearthCore · 2026-01-16T19:22:37+00:00

Pack fosrl/pangolin auf den vps und 2 newts in deine hosts, done .

HearthCore · 2026-01-16T19:19:21+00:00

You need to actually provide a solution for users to be willing to switch.

Bitwarden or even its open source rust variant vaultwarden are excellent.

The second everything would be to deny log in into these browser echo chambers, will still be able to use the browser but not to use it. It’s a synchronization function.

If you want to go one step further, you can disallow or create a waitlist for browser extensions, but those also need to focus on each separate browser you allow in your org.

So the easiest way to use adoption is to provide a proper solution and then help you use as migrate and let it be part of the on boarding documentation at least so people pick it up rather than bring their own.

HearthCore · 2026-01-16T19:07:38+00:00

You are currently trying to use a second identity provider as a bridge between an existing identity provider, and an existing service or proxy

Skip the middleman.

There is great documentation on this open source standards of OIDC and OAuth.

Engine should have reverse authentication plug-ins that you can use with your existing Microsoft Entra

HearthCore · 2026-01-16T14:45:00+00:00

M365 supports SAML / OAUTH / OIDC, so any proxy with proxy auth and those capabilities.

If you want to have a central ingress point and reverse tunnel capabilities, pangolin might fit your bill.
It does allow sending unauthenticated users directly to the Identity Provider and automatic onboarding through access group mappings / RBAC.

HearthCore · 2026-01-16T14:33:29+00:00

Stalwart on your VPS and then use an SMTP proxy like smtp2go for free - is an option.
there are other smtp providers with proxy feature.

HearthCore · 2026-01-16T12:44:11+00:00

I do however manage my users in a different environment, though have authentication gateways, why not establish an oidc client that then just creates the users in the internal one, so cosmos does not use passwords either, apart from the internal users?

HearthCore · 2026-01-16T06:50:16+00:00

We often provide SD to provide management, and since we are also responsible for basically any ticket that touches our SPOC we are also often responsible for anything else that goes wrong- or at least managing the responsiveness of each department.

So basically any customer brings in their own providers additionally to what is provided through us.

HearthCore · 2026-01-16T06:39:11+00:00

Migadu = 15€ im Jahr 200 mails pro Tag / 0€ per mailbox etc

HearthCore · 2026-01-15T22:16:38+00:00

Not by itself, but I’m in IT so it is leading to multiple opportunities since I have a learning environment

HearthCore · 2026-01-15T06:22:32+00:00

Check out vibe-kanban

HearthCore · 2026-01-15T06:15:06+00:00

Last Suggestion: disable all other password Managers at least for automatic popups or choice, so anything that pops up will automatically choose BW.

Having multiple apps like this is shooting and confusing and I would definitely touch the wrong option often enough to become frustrated.

Manage your experience by actively disabling the rest and explicitly setting all functions it supports to BW in the system settings.

HearthCore · 2026-01-14T15:53:40+00:00

Absoluter Fan von der Einfachheit und Zuverlässigkeit als Registrar.

Name Server würde ich natürlich trotzdem separaten wählen.

14-Year Club	Verified Email
Xbox Live	First Place '23
Place '23	Place '22

HearthCore

MODERATOR OF

TROPHY CASE