Section 1 says you’re using freedns.afraid.org though.

Aye - that’s another reasonable use of the phrase.

Ugh really? I haven’t seen that myself but that’s frustrating.

Non-containerized applications. Not in a container. It’s not complicated. Running “on bare metal” sounds cool but it’s a wildly inaccurate description. Containerized applications run on the system natively just like non-containerized applications. So if one of them runs “on bare metal” then then others do as well.

But historically “on bare metal” is used for embedded or micro-controllers where you don’t have an OS.

• Users will stop referring to non-containerized applications as “running on bare metal”

What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?

You know what? Rather than over-complicate things you can probably just check that filenames only contain a small set of white-listed chars. [a-zA-z-._] (and != ‘…’ or ‘.’) or something.

And one other nit-pick if you’re up for more code-review - your authentication logic should probably be inverted:

if !ok || user != session.config.username ||
				pass != session.config.password

I’d change that to be something like

if ok && user == session.config.username && pass == session.config.password {
   // do login
} else {
   // not auth
}

There’s a whole category of security errors where an exception in logic like that causes the code to skip the “you’re not allowed” logic and go right to the “you’re allowed!” block. It’s more of an issue with languages that support exceptions but it’s still considered a best practice generally (it’s also typically easier to read).

“Security” is not just “ssl”…

Ah - I missed that other parms were keys. Still - best practice is to sanitize all user inputs. Try throwing lots of file-path-like args at it to see what it does. it’s a historically tricky problem so there should be some libraries that help with it.

Happy 2026! And happy hacking!

You try using “…/…/…/…/…/etc/passwd” as the filename in your requests? I don’t see anywhere where ‘…’ is escaped or removed from file strings. Sending untrusted filenames directly to file operations without scrubbing and sanity checking is very dangerous and potentially allows a malicious user to read and overwrite any files the application has permissions for.

I think you should make it more clear in your docs that this is wildly insecure and should be restricted to “tinkering” usage only.

That said it seems like a fun project to write.

Ssh port forwarding and socks proxying. Unless they block port 22.

Edit: If they do block port 22 run ssh on port 443.

AI is so much faster than reading docs. And you get context specific responses that you can drill into. When used correctly it’s very useful.

This was using it… incorrectly though…

The drive got whipped [sic]

Oh, it was just sitting there and “got wiped”? Not because of a command you ran?

Sorry to be snarky but when asking for help you need to provide what you did, what error message you see now or what you expect to happen and what is actually happening. Also what OS you’re using would be helpful.

Presumably you should be able to get the drive back into a usable state - but I’m not familiar with SAS drives.

Am I the only one who has no idea what their problem is now? Just that there was an error about DIF but… What’s the issue now?

Links to lms, navidrome, gonic, ampache, nextcloud, airsonic, the previous post… But none to the thing you posted about?

I’ve run a publicly accessible low-legitimate-traffic website that has been indexed by Google and others from my home network for >20 years without anything buckling so far. I don’t even have a great connection (30mbps upstream).

Maybe I’m just lucky?

I ran a fairly popular RTCW server back in the day… Insta-gib and sniper rifles only. Good times.

They’re good at different things.

Terraform is better at “here is a configuration file - make my infrastructure look like it” and Ansible is better at “do these things on these servers”.

In my case I use Terraform to create proxmox VMs and then Ansible provisions and configures software on those VMs.

Terraform and ansible. Script service configuration and use source control. Containerize services where possible to make them system agnostic.