@nlnetlabs @nextcloud @terts happy to see you moving, hope other follow like nextcloud, as a major piece in many's freedom from US and Big Tech Golden Jail, see them on an US monopolistic platform is dangerous if said monopolistic corporation try to shut them down.
Post
Replies:
22
@nlnetlabs I've heard stories with Hetzner dat you can just lose your access and data because of "terms violations" with no option to resolve. And, for my liking way too active on the US market, so I just wouldn't trust them and absolutely not feel happy to be dependent on them.
They are big, but just too big in America!
They may be Germany based, but they have way to much interests in America.
I like the list, really nice.
For DNS and domain registration, have you checked out DeSec 🇩🇪? I use them for quite a while and I am very happy.
Also, for Hardware security keys, ... I know Yubikeys are the most promoted ones. But check out Token2 🇨🇭. They support all the fido2 features with 300 passkeys, openpgp, totp, .... And the price is nearly half of a Yubikey.
* https://blog.tinned-software.net/framework-expansion-card-for-token2-t2f2-security-key/
* https://blog.tinned-software.net/fido2-security-key-login-for-id-austria/
@tinnedsoftware Thanks for the tips! The Yubikeys were a gift from Yubico for the #OpenSoiurce work we do.
deSec is a great suggestion. We know them well from the @dnsoarc community, as well as the IETF.
Will look into Token2! Nice.
@nlnetlabs check out a self hosted wire server if you want e2e, or discourse, which is an opensource discord clone
@Viss Thanks! I'm happy to tell you we already have Discourse sorted: https://community.nlnetlabs.nl/
@nlnetlabs theres a chat variant of it, right? i could swear discourse has a discord-chat-like end of things
@nlnetlabs yeah thats the thing! I guess i had no idea it was a plugin, i thought discourse 'was that'. oops
@nlnetlabs Top! A good next step towards true sovereignty is to have either a second alternative ready for every line (including a migration path), or doing it yourself (ideally some steps down the stack too). I moved many of my “home dependencies” into “home hosting/home cloud” (with offsite backup, of course….)
@nlnetlabs Can you ask @nextcloud to also move to codeberg ?
they seem to always say they think about it, yet they don't act on those tough
@lexinova @nextcloud To be fair, we have also ‘thought about it' for a long time. The ongoing AI enshitification has accelerated this process though.
Yet, reworking our extensive use of GitHub Actions and achieving feature parity for all the runners on our various platforms only became viable recently. See this post for context https://hachyderm.io/@alexband/115961574869660535
@nlnetlabs @nextcloud yeah of couse i never asked to move everything if not possible.
but moving out source code, issue management etc (making codeberg default) while maintaining github as "backup" + Github action + account for donation i have nothing against it.
What annoy me is the fact they maintain on github some feature that would work perfectly on codeberg.
I think we must start thinking that temporary hybrid system (github/codeberg) is a valid migration strategy
@lexinova @nextcloud
The process has begun slowly: https://codeberg.org/NLnetLabs
@terts is currently the first one on his way to fully migrate with the Roto repo. It will likely take us all of 2026 to get this sorted for all other 100+ repositories: https://github.com/orgs/NLnetLabs/repositories
Example CI: https://github.com/NLnetLabs/routinator/blob/main/.github/workflows/ci.yml
@nlnetlabs #TransIp has become a terrible bad actor with lots of foreign venture capital and insane prices. Don’t use their services! Mijn.host is a great and 50%+ cheaper alternative.
@nlnetlabs btw TransIP is owned by a Belgian company Team.Blue and the primary large investors are non-European: mostly UK and Canadian based. So even a seemingly EU company... isn't.
@nlnetlabs Don't do Mattermost, they are pushing enshittification into the "free" product.
@nlnetlabs What do you use for Identify Management? Or is that simply handled per service?
@graaff Given the amount of people we have and services we depend on, this is all handled per service. Personal and shared credentials are handled in 1Password. For critical credentials and software signing we have a Yubikey-based process.
"Fun” fact: our security posture is pretty strong, but we don’t have a formally documented and verified process and thus no ISO27001 certification. This is becoming increasingly problematic dealing with (potential) customers. #DigitalSovereignty #OpenSource
