With regards to the backup key, Yubikey recommends to save (screenshot) the QR code that is generated during 2FA setup to setup the backup key later on. Maybe that is also a workaround for services that only allow a single 2FA device. https://support.yubico.com/hc/en-us/articles/360021919459-How-to-register-your-spare-key

Just looking back at my purchase history, I got my Yubikey’s back in January 2020, it appears that I never read this doc about scanning the QR code for the backup key, or maybe I did? I don’t really remember it all too well. Regardless In certain circumstances my keys do the exact same thing and I’m quite sure I followed some guide to create one primary and one secondary key but it’s possible that guide has gone outdated.

Similar to something like Keepass, the database is local and you are in charge of making backups and such.

I can totally respect the folks who opted to self host, I’m horrible when it comes to backing up data and such and self hosting wasn’t really my thing back in 2020 so it never really was on my radar.

In the end this comes always down to an optimization problem between security and convenience that everyone has to decided for themself.

Couldn’t agree with you more, everybody has that dial between convenience and security and should adjust accordingly.

Doesn’t cover Traefik, plus the docker-compose.yml contains 4 separate images and researching into them didn’t provide much info. snicket_proxy, snikket_certs, snikket_portal and snikket_server. All four of these images bind to the host but if I am supplying my own reverse proxy then both snikket_proxy and snikket_certs are redundant right? Or do they serve another purpose? And if I wanted to take them off the host network, follow their firewall guide and expose the necessary ports manually behind a docker bridge network what images do I bind those ports to? When I tried binding them all to snikket_server that’s when my docker service crashed and I gave up.

Snikket locked my docker service up, their documentation sucks for when you want to use your own reverse proxy or bind it behind a docker network and not the host.

Can you explain a little more how you handle them in your daily life? I always liked the idea if Yubikeys, but I am a bit worried that I just would switch back to my phone (Aegis) for convenience.

I have two Yubikey 5 NFC’s, one I keep majority of my 2Fa auth codes on and keep on my keychain the other I leave at home mainly for backup 2Fa setups or desktop/WebAUTH/Single Sign-On logins, most websites won’t let you setup 2 2Fa keys so the second one mostly handles the plug-in and touch key portion of my setup.

Are they inconvenient? Yes, the amount of times where I got annoyed because I’ve had to grab my keychain to sign in has gotten annoying but not enough to switch back to online providers. I prioritized security over convenience in this circumstance. The Yubikey that I keep on my keychain also handles my work 2Fa codes, doesn’t feel necessary to have a dedicated key for that unless my company is willing to pay for it.

Do you just have it on your keychain a plug it in whenever you need it? Because always plugged in keys in your phone or laptop doesn’t really make sense.

It actually works out quite nice having it plugged in all the time, especially if you’re doing multiple 2Fa authentications, the keys won’t authenticate until you enter the password of the key (if you set one up) and touch the key, so even if your computer is compromised they still need to physically touch the key to generate the authentication codes.

As far as I know you can’t just clone a key.

So no you cannot clone a Yubikey to another Yubikey, which I think is dumb, but they have their security reasoning behind it I believe. Like I mentioned earlier all my 2Fa codes/keys are on my keychain so if I break that key I am in a horrible position as I lose access to a lot of accounts that I couldn’t setup multiple 2Fa’s for.

How easy is it to setup a backup key?

While Yubico does recommend having two keys as I mentioned certain services only let you setup 2Fa once and not multiple times. However, Linux (and I want to assume Windows as well) let you setup as many 2Fa keys as you want, so both the Yubikey on my keychain and the one I leave at home both grant Root access to my desktop and server.

I try to not use my phone for critical stuff, but there are times I have to just check an account. Do you use your phone with Yubikeys?

So I don’t have a USB C Yubikey ironically both my iPhone and iPad are USB C so I have the option to use a dongle or NFC, both have worked great, I have had a couple scares where the app will error and say “No response from key” but it seems that error is due to bad contact/connection. I’ve attached a few images of the iOS app to help get an idea of the layout.

Yubikey for 2Fa codes also works well for sudo and su (2Fa) or if you still use Windows I think it supports single sign on there. Absolutely worth the purchase have had my keys for years.

If you can make your own like I did I would highly recommend it.

Honestly I could, metal fabrication comes in handy, get it shop issued and laser or water cut send it through the machinists, I would have to supply the material myself which would be difficult but certainly doable.

I’ll have to consider this! By chance do you have drawings or dimensions of your rack as a starting point, looks like you’re using Aluminum HSS for the frame? Completely understandable if you rather not share the details,

Who needs padding on the stock when you got steel wire!

Was eyeing a 52Pi rack for a good little while this post inspired me to get one, but then I saw the shipping cost.

Because of SSID location mapping

People really out there mapping SSID’s? I fail to understand how that data is at all valuable, changing an SSID takes seconds and a gram of brain power.

Apparently the folks from the rreading-glasses repo accuse Chaptarr of being vibe coded, can find it directly in their README.

For the unaware rreading-glasses is a rebuilt metadata server for Readarr, also happens to be endorsed by Readarr/Servarr, just switch it out and you’re good to go. However, Readarr won’t receive anymore feature updates or bug fixes it seems.

It’s comic strip, not a meme.

Everyone here is telling you to ditch Arch for Debian and I absolutely agree with them however, if you’re so hell bent on having an Arch server than install Proxmox VE to the host and run both Debian and Arch, build your server up and get it working in Debian first then try to replicate it with Arch, compare the differences.

If you’re already familiar with BASH then making the switch from Arch to Debian won’t be a hassle, just got to learn the Apt package manager.

Sheesh, you’re whipped.

My “whining” is because of people like /u/dickalan@lemmy.world. This is what makes Lemmy mentally draining, they’re hellbent on their political ideology and if you don’t conform you get ousted, fed to the fishes so to speak.

You do realize you just proved me right.

god forbid anyone say anything that can be seen as conservative because a barrage of insults are certain to come your way.

I also don’t like that politics seems to spill into every community

Yes! This right bloody here, not everything needs to be political!

Honestly Lemmy gets mentally draining, constant political drama that is guaranteed to lean left, barely any non-partisan or neutral discussions happen here and god forbid anyone say anything that can be seen as conservative because a barrage of insults are certain to come your way.

While I support the Lemmy project there are quite a few communities that I had subscribed to on Reddit that are missing here.

As the end use my biggest gripe with Matrix is with voice communications, it’s almost as if you sneeze wrong you’ll lose connection to the voice group, screen sharing is horrible, no audio and the window is not adjustable, cant even make it full screen.

Now they’re reducing people’s usage by putting in a subscription and locking certain features, at least on the home server.

While I am disappointed they did at least take my advice and prevent Windows Recall from capturing people’s messages.

Respectfully I disagree with your view, get a device suited for them, install relevant software & apps that work locally, enable parental permissions or some other policy manager and disable internet access out right.

Ease off that restriction as they age, use a DNS sinkhole to prevent access to certain sites.

Times are changing especially with technology, kids should be able to at least learn the basics otherwise they’ll struggle later.

if you use the Netflix application chances are they’ll detect the virtual network on your system and if it’s in use, most people don’t seem to realize that applications have direct access to your hardware unless it’s containerized, virtualized or explicitly restricted by some policy.