This is your regular reminder to make and check your backups.

I run weekly verification of my backups, and this week brought a surprise: some of my honeymoon photos were silently corrupted. When the disk tried to read the data and failed, SMART triggered an alert for Uncorrectable Sectors, but if I hadn't been verifying, it never would have tried to read that data.

I have a second local copy and an offsite copy. Hard disk was 6.6 yrs old, but only 16TB written (used for archiving), 2386TB read (weekly verification).

#backup #verify #homelab #selfhosting

The bottomline rule is this: Never ever trust anyone asking you to #verify or reset your keys and/or passwords. Ask first if you really need to confirm.

Yes, even if it is coming from what appears to be a legitimate email domain name because it can be spoofed!

Absolutely no one will ever ask you to verify your account in the #Fediverse network. It is not part of the experience. Sure, there were third-party services who did this a few years back during the Twitter Migration 2.0 but those were primarily targeted to well-established accounts from Twitter (and usually journalists), not to random people. Not you. Not me. And was definitely not in a spammy way.

Always remember, if you are not sure, just ask. There is nothing wrong with asking. If people laughed at you or ridiculed you for asking about a "simple" or "common sense" thing, block them (maybe one day you'll have the last laugh too).

You know what "askx means?

A-sk, and it shall be given = intelligence
S-eek, and you shall find = knowledge
K-nock, and it shall be opened = wisdom

Remember, A.S.K.

People (rightfully) are up in arms about the #id #verification but most don't realise they do it already.

What do you think #captcha systems like #recaptcha are?

They #fingerprint your device and collect data about your connection and set persistent #cookies on your system to identify you.

They cover over 90% of the internet in some form and are one of the worst anti #privacy measures out there.

#Verify is short for #identify

#webgl #canvas #cssexfil #useragent

CNI nephrotoxicity (tacrolimus/cyclosporine): Immunosuppression – 2 classes: CNI, mTORi (sirolimus), GC (prednisone), purine synthesis inh (azathioprine, MMF) | Calcineurin inhibition → afferent arteriolar vasoconstriction → ↓ renal blood flow → ↑ Cr/BUN + HTN | Histo: Acute → tubular vacuolization; Chronic → obliterative vasculopathy, striped fibrosis, tubular atrophy | Rx: Dose ↓, switch to mTORi (sirolimus)

#Transplant #Pharmacology #MedEd #ClinicalPearl #DeepSeek #AIGenerated #2025 #Verify

HCM: AD (MYH7/MYBPC3) → asymmetric septal hypertrophy → LVOT obstruction (↑ murmur stand/Valsalva) → exertional angina/syncope (normal coronaries) + diastolic dysfxn (↑filling P, LAE) | ECG: LVH + deep Qs (lat/inf) | Dx: Echo (septum ≥15 mm; ≥13 mm + FHx) | SCD risk (ESC 5y): <4% no ICD | 4–6% consider | ≥6% ICD
#Cardiovascular #Pathology #MedEd #ClinicalPearl #DeepSeek #AIGenerated #2025 #Verify

Pemphigus vulgaris: Flaccid bullae + oral erosions + Nikolsky/Asboe-Hansen sign; Patho: Anti-Dsg3/Dsg1 IgG → acantholysis (suprabasal); DIF: Chicken-wire IgG/C3 between keratinocytes; Rx: High-dose steroids ± rituximab
#Pathology #dermatology #MedEd #ClinicalPearl #DeepSeek #AIGenerated #2025 #Verify

A privacy VPN you can verify

https://vp.net/l/en-US/blog/Don%27t-Trust-Verify

#HackerNews #privacyVPN #verify #onlineSecurity #digitalPrivacy #trustButVerify

If a website insists on two-step verification, the least it can do is offer text instead of email.

#verify #2step #annoying

@VerifyBot@mstdn.party omg sorry I've to #verify my #account 😱😱😱 Oh sh*t thank you very much wait… let me get my verification gif out here quick.

This is the secret verification gif it is linked below in the cw thank you for getting my attention 🖕#accountverificationscam

How to Verify Your WordPress Site with Pinterest Using AIOSEO Plugin? ✅ https://www.youtube.com/watch?v=lzq-19GKV-o 🎬💡 #Verify #WordPress #Site #Pinterest #AIOSEO

Has anybody received this bullshit?
They expect you to enter #CreditCard details to #Verify "your account"

Wie föderiert #Mastodon eigentlich die Information über einen verifizierten Link?

Über die #Client-#API liefert #Mastodon im [fields]-Array neben [name] und [value] ein [verified_at], was null sein kann... oder einen TimeStamp enthält, z.B. "2019-11-10T10:31:10.744+00:00".

Frage ich aber einen Account direkt über seine URL ab und frage nach JSON, erhalte ich eine Struktur, wo dieses [verified_at] offenbar nicht enthalten ist.

Für die Felder (Name/Wert-Paare) ist ein [attachment]-Array enthalten. Diese liefert Felder wie [type] ("PropertyValue") sowie [name] und [value].

Und damit sind wir wieder bei meiner einleitenden Frage...

#Fediverse #ActivityPub #Verify #Verified

Wat moet ik hier nu mee? #verify #identiteitsverificatie #help

A quotation from James Burgh

Be sure of the fact before you lose time in searching for a cause.

James Burgh (1714-1775) British politician and writer
The Dignity of Human Nature, Book 1, sec. 5 “Miscellaneous Thoughts on Prudence in Conversation” (1754)

Sourcing, notes: wist.info/burgh-james/26851/

#quote #quotes #quotation #qotd #cause #data #effect #issue #measurement #problem #research #science #validate #verify

Noise Not Borders: Saturday Night

toscadura, Saturday, August 2 at 07:30 PM EDT

Noise Not Borders Saturday Night at Toscadura:

Abyecta, Chile

Peace Talks, PGH , US

Pearl, BAL, US

De Rodillas, PGH, US

Pests, TO, ON

Wasted Age, HA, ON

Verify

Doors @7:30 show @ 8

Advance tickets day tickets: 30 CAD. 35 @ door.

After covering fest expenses. We will be donating money to Atelier Tlachiuak, A grassroots workshop community organization and platform for Inuit and Indigenous Artists.

https://tickets.venuepilot.com/e/nnb-2025-08-01-la-toscadura-montreal-ed3e10

https://montreal.askapunk.net/event/noise-not-borders-saturday-night

The #socialmediaban for u16's in #australia will just turn into another google data point.

If you #verify for youtube, you give goolag a biometric identifier or ID. That will be linked to your device which is interrogated on every #recaptcha "protected" website, which is most of the net.

I can randomise many data points, I can't randomise biometrics!

No more youtube for me then.
Get f'ed #ausgov

https://www.npr.org/2024/12/19/nx-s1-5231020/australia-top-regulator-kids-social-media-ban

#FactCheck: Old war #videos recycled as #FakeNews

Many viral videos claiming to show #Israeli and #Iranian bombings are #fake and include #AI-generated clips as well as 2003 Iraq war footage.

Learn how to spot #disinformation and #verify #content yourself.

https://www.dw.com/en/fact-check-ai-chatbot-grok-wrongly-identifies-old-iraq-footage-as-2025-iran-israel-conflict/a-72950293

#AI #FakeVideo #video #photos #News #SocialMedia #AI

Pocket-ID: Bare Metal Installation on Debian

After using PocketID for several months with an LXC installation and Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you on installing Pocket-ID as a non-root service on Debian.

Presentation

First, if you’re not familiar with Pocket-ID, it’s a modern and lightweight OIDC client designed for managing authentication for services like Authentic and Aurelia. Its unique feature is that it exclusively supports passkeys. I use it with several self-hosted services, including Proxmox, Proxmox Backup Server, Komodo, Betszel, Karakeep, and, of course, Headscale/Headplane. For more details, the official website will surely answer many of your questions. If a Docker installation is more suitable for your environment, I invite you to visit BlackVoid’s excellent post. It also details the configuration for using Pocket-ID to connect to Synology DSM.

Preamble

Since I’m not short on memory on my Proxmox node and I’m very particular about the security of my home lab, I set about installing a VM. This was laborious, as up to version 0.53, there were two services, numerous dependencies, and required compilations. Despite the many obstacles, I succeeded in my mission! Then, a few hours later, without even having time to savour my small victory, version 1.0 was released. This major revision greatly simplifies things, as it’s an executable. Here is the procedure for a streamlined installation as a service with a non-root user in a Proxmox Debian VM. This procedure should be relatively easy to adapt to other types of configurations. There are many other methods for installing Pocket-ID; I invite you to consult the installation page on the Pocket-ID website.

Preparing the VM in Proxmox

If you are in Proxmox, I invite you to install a Debian VM using the Proxmox Helper Scripts. It is also possible to do this with a lighter Alpine, but I have not yet embarked on this adventure. Choose the advanced mode and adjust for your situation, and change the hostname to “pocketid”.

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/debian-vm.sh)"

QEMU

It’s a good practice to install the QEMU Guest Agent on your VM. You can follow these steps in the Proxmox console of the VM.

Update your package list:

sudo apt update && sudo apt upgrade -y

Install the Proxmox QEMU Guest Agent package:

sudo apt install qemu-guest-agent -y

Start and enable the service:

sudo systemctl start qemu-guest-agentsudo systemctl enable emu-guest-agent

Verify that the service is running:

sudo systemctl status qemu-guest-agent

This will ensure that the Proxmox QEMU Guest Agent is successfully installed and running on your Debian system.

Installing Pocket-ID

Get Debian ready

apt update && apt upgrade -y

Create a dedicated user

useradd -r -s /bin/false -m -d /opt/pocket-id pocketid

Install curl needed for the installation

apt install -y curl

Downloading and Installing Pocket-ID

cd /opt/pocket-idARCH="amd64"LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest | grep "browser_download_url.*pocket-id-linux-${ARCH}" | cut -d '"' -f 4)sudo curl -L -o pocket-id "${LATEST_RELEASE_URL}"sudo chmod +x pocket-idsudo chown pocketid:pocketid pocket-id

Creating directories for Pocket-ID data

sudo mkdir -p /opt/pocket-id/data/uploads

Pocket-ID configuration file. To locate visitors’ IP addresses, I invite you to create an API key on the Maxmind website.

sudo nano /opt/pocket-id/.env

APP_URL=https://id.xxxx.xxPORT=1411# Database: SQLite, file located at /opt/pocket-id/data/db.sqlite# (relative to WorkingDirectory=/opt/pocket-id)DB_CONNECTION_STRING=file:data/db.sqlite?_journal_mode=WAL&_busy_timeout=2500&_txlock=immediate# Optional: Maxmind License Key for IP GeolocationMAXMIND_LICENSE_KEY="YOUR-MAXMIND-LICENSE-KEY"# Optional: Logging level (debug, info, warn, error)LOG_LEVEL=info

Make sure all Pocket-ID files have the correct user permissions.

sudo chown pocketid:pocketid /opt/pocket-id/.envsudo chmod 600 /opt/pocket-id/.env

Setting up the Pocket-ID service

sudo nano /etc/systemd/system/pocketid.service

[Unit]Description=Pocket ID Application ServerAfter=network.target[Service]Type=simpleUser=pocketidGroup=pocketidWorkingDirectory=/opt/pocket-idExecStart=/opt/pocket-id/pocket-idEnvironmentFile=/opt/pocket-id/.envRestart=alwaysRestartSec=10NoNewPrivileges=truePrivateTmp=true[Install]WantedBy=multi-user.target

sudo systemctl daemon-reloadsudo systemctl enable pocketid.servicesudo systemctl start pocketid.servicesudo systemctl status pocketid.service

If everything goes as planned, you should receive a confirmation.

● pocketid.service - Pocket ID Application Server     Loaded: loaded (/etc/systemd/system/pocketid.service; enabled; preset: enabled)     Active: active (running) since Sun 2025-06-01 07:12:57 EDT; 7s ago   Main PID: 28699 (pocket-id)      Tasks: 8 (limit: 2309)     Memory: 8.7M        CPU: 65ms     CGroup: /system.slice/pocketid.service             └─28699 /opt/pocket-id/pocket-idJun 01 07:12:57 pocketid systemd[1]: Started pocketid.service - Pocket ID Application Server.Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Starting job schedulerJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Server listening on 0.0.0.0:1411Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 GeoLite2 City database is up-to-dateJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "UpdateGeoLiteDB" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SyncLdap" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SendHeartbeat" run successfully

Caddy Reverse Proxy

Here is my Caddyfile with the /robots.txt file in case it is respected (it’s nice to dream).

# Snippet for robots.txt(common_robots_txt) {handle /robots.txt {# Set the Content-Type headerheader Content-Type "text/plain; charset=utf-8"# Respond with the body and status code 200respond `User-agent: *Disallow: /` 200}}# Pocket-IDid.xxxx.xx {import common_robots_txt# Fallback to reverse proxy for other requestsreverse_proxy 192.168.x.yyy:1411 [xxxx:xxxx:xxxx:xxxx::yyyy]:1411}

systemctl reload caddy.service 

For the first setup of your Pocket-ID instance, I invite you to create your administrator account at https://id.xxxx.xx/login/setup.It is strongly encouraged to have two passkeys since this is the only way to authenticate. I have one in Bitwarden/Vaultwarden and another in iCloud Keychain (via Safari).

Update

Since we’re not using Docker, updating can be a bit more complicated. However, it’s nothing insurmountable, especially since version 1.0 is already compiled. Here’s a small update script that allowed me to move from version 1.0 to 1.1.0 without a hitch.

nano /root/update-pocketid.sh

#!/bin/bash# update-pocketid.sh# --- Configuration ---INSTALL_DIR="/opt/pocket-id"SERVICE_NAME="pocketid.service"USER="pocketid"GROUP="pocketid"VERSION_FILE="${INSTALL_DIR}/version.txt" ARCHITECTURE="amd64" # Change if needed (e.g., arm64)# --- End Configuration ---echo "Checking for the latest version of PocketID..."LATEST_TAG_JSON=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest)LATEST_TAG=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') # Version without 'v'LATEST_TAG_WITH_V=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') # Version with 'v'if [ -z "$LATEST_TAG" ]; then    echo "Could not retrieve the latest version from GitHub."    exit 1fiecho "Latest version available: v${LATEST_TAG}"CURRENT_VERSION="0" # Default to 0 if no version fileif [ -f "$VERSION_FILE" ]; then    CURRENT_VERSION=$(cat "$VERSION_FILE")fiecho "Currently installed version: v${CURRENT_VERSION}"if [ "$LATEST_TAG" = "$CURRENT_VERSION" ]; then    echo "PocketID is already up to date (v${CURRENT_VERSION})."    exit 0fiecho "New version v${LATEST_TAG} available. Updating..."DOWNLOAD_URL=$(echo "$LATEST_TAG_JSON" | grep -E "browser_download_url.*pocket-id-linux-${ARCHITECTURE}" | cut -d '"' -f 4)if [ -z "$DOWNLOAD_URL" ]; then    echo "Could not find the download URL for linux-${ARCHITECTURE} and version v${LATEST_TAG}."    exit 1fiecho "Stopping service ${SERVICE_NAME}..."sudo systemctl stop "${SERVICE_NAME}"echo "Backing up the old binary..."BACKUP_NAME="pocket-id_backup_v${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"sudo cp "${INSTALL_DIR}/pocket-id" "${INSTALL_DIR}/${BACKUP_NAME}"echo "Old binary backed up to ${INSTALL_DIR}/${BACKUP_NAME}"

Make the script executable

sudo chmod +x /root/update-pocketid.sh

Create an alias

alias update='/root/update-pocketid.sh'

Consider updating the system before updating Pocket-ID.

sudo apt update && sudo apt upgrade -y

If you are using Proxmox, I encourage you to take a snapshot just before the update and have regular backups (you never know :-).

Conclusion

Now, you are ready to step into the future with OIDC and Passkey. You can visit the Client Examples page to easily configure your services with Pocket-ID. I wish you a safe journey into the exciting world of self-hosting!

Pocket-ID: Installation Bare-metal sur Debian

Après avoir utilisé PocketID pendant de nombreux mois via une installation dans un LXC avec les Proxmox Helper Scripts, j’ai constaté que le service tourne en tant que root. De plus, j’ai lu qu’une installation dans une VM s’avère davantage sécurisée qu’un LXC.

Présentation de Pocket-ID

Avant toute chose, si vous ne connaissez pas Pocket-ID, c’est un client OIDC moderne et léger pour gérer l’authentification de vos services tels qu’Authentific, Aurelia, etc. Sa particularité est qu’il ne prend en charge que les passkeys. Je l’utilise avec de nombreux services auto-hébergés tels que Proxmox, Proxmox Backup Server, Komodo, Betszel, Karakeep, et évidemment Headscale/Headplane. Pour davantage de détails, le site officiel répondra sûrement à beaucoup de vos questions. Si une installation via Docker est plus adaptée à votre environnement, je vous invite à visiter l’excellent billet de BlackVoid en anglais. Il détaille également la configuration pour utiliser Pocket-ID afin de se connecter à Synology DSM.

Préamble

Étant donné que je ne manque pas de mémoire sur mon nœud Proxmox et que je suis très attentif au niveau de sécurité de mon homelab, je me suis lancé dans l’installation d’une VM. Cela a été laborieux, car jusqu’à la version 0.53, il y avait deux services, de nombreuses dépendances et des compilations nécessaires. Malgré les nombreux obstacles, j’ai réussi ma mission ! Puis, quelques heures après, sans avoir même eu le temps de savourer ma petite victoire, la version 1.0 est sortie. Cette révision majeure simplifie grandement les choses, car c’est un exécutable. Voici la procédure pour une installation simplifiée en tant que service avec un utilisateur non root dans une VM Debian de Proxmox. Cette procédure devrait pouvoir s’adapter relativement facilement à d’autres types de configurations. Il existe beaucoup d’autres méthodes pour installer Pocket-ID, je vous invite à consulter la page “installation” sur du site de Pocket-ID.

Préparation de la VM dans Proxmox

Si vous êtes dans Proxmox, je vous invite à installer une VM Debian en utilisant les Proxmox Helper Scripts. Il est également possible de le faire avec une Alpine plus légère, mais je ne me suis pas encore lancé dans cette aventure. Choisir le mode mode advanced et ajuste pour votre situation et changer le nom du host à “pocketid”.

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/debian-vm.sh)"

QEMU

Il est recommandé d’installer l’agent invité QEMU sur votre machine virtuelle. Vous pouvez suivre ces étapes dans la console Proxmox de la machine virtuelle.

Mettre à jour la liste des paquets :

sudo apt update && sudo apt upgrade -y

Installer le paquet Proxmox QEMU Guest Agent :

sudo apt install qemu-guest-agent -y

Démarrer et activer le service :

sudo systemctl start qemu-guest-agentsudo systemctl enable emu-guest-agent

Vérifier que le service est en cours d’exécution

sudo systemctl status qemu-guest-agent

Cela garantira que l’agent invité Proxmox QEMU est correctement installé et exécuté sur votre système Debian.

Installation de Pocket-ID

Préparation du système

apt update && apt upgrade -y

Créer un utilisateur dédié

useradd -r -s /bin/false -m -d /opt/pocket-id pocketid

Installer les dépendances nécessaires à l’installation

apt install -y curl

Téléchargement et Installation de PocketID

cd /opt/pocket-idARCH="amd64"LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest | grep "browser_download_url.*pocket-id-linux-${ARCH}" | cut -d '"' -f 4)sudo curl -L -o pocket-id "${LATEST_RELEASE_URL}"sudo chmod +x pocket-idsudo chown pocketid:pocketid pocket-id

Création des répertoires pour les données de Pocket-ID

sudo mkdir -p /opt/pocket-id/data/uploads

Fichier de configuration de Pocket-ID. Pour obtenir la localisation des adresses IP des visiteurs, je vous invite à créer une clé API sur le site de Maxmind.

sudo nano /opt/pocket-id/.env

APP_URL=https://id.xxxx.xxPORT=1411# Database: SQLite, file located at /opt/pocket-id/data/db.sqlite# (relative to WorkingDirectory=/opt/pocket-id)DB_CONNECTION_STRING=file:data/db.sqlite?_journal_mode=WAL&_busy_timeout=2500&_txlock=immediate# Optional: Maxmind License Key for IP GeolocationMAXMIND_LICENSE_KEY="YOUR-MAXMIND-LICENSE-KEY"# Optional: Logging level (debug, info, warn, error)LOG_LEVEL=info

Assurez-vous que tous les fichiers de pocket-ID soient avec les bonnes permissions d’utilisateur.

sudo chown pocketid:pocketid /opt/pocket-id/.envsudo chmod 600 /opt/pocket-id/.env

Mise en place du service Pocket-ID

sudo nano /etc/systemd/system/pocketid.service

[Unit]Description=Pocket ID Application ServerAfter=network.target[Service]Type=simpleUser=pocketidGroup=pocketidWorkingDirectory=/opt/pocket-idExecStart=/opt/pocket-id/pocket-idEnvironmentFile=/opt/pocket-id/.envRestart=alwaysRestartSec=10NoNewPrivileges=truePrivateTmp=true[Install]WantedBy=multi-user.target

sudo systemctl daemon-reloadsudo systemctl enable pocketid.servicesudo systemctl start pocketid.servicesudo systemctl status pocketid.service

Si tout se passe comme prévu, vous devriez recevoir une confirmation.

● pocketid.service - Pocket ID Application Server     Loaded: loaded (/etc/systemd/system/pocketid.service; enabled; preset: enabled)     Active: active (running) since Sun 2025-06-01 07:12:57 EDT; 7s ago   Main PID: 28699 (pocket-id)      Tasks: 8 (limit: 2309)     Memory: 8.7M        CPU: 65ms     CGroup: /system.slice/pocketid.service             └─28699 /opt/pocket-id/pocket-idJun 01 07:12:57 pocketid systemd[1]: Started pocketid.service - Pocket ID Application Server.Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Starting job schedulerJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Server listening on 0.0.0.0:1411Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 GeoLite2 City database is up-to-dateJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "UpdateGeoLiteDB" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SyncLdap" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SendHeartbeat" run successfully

Reverse Proxy avec Caddy

Voici mon Caddyfile avec le fichier /robots.txt au cas où il serait respecté (c’est beau de rêver).

# Snippet for robots.txt(common_robots_txt) {handle /robots.txt {# Set the Content-Type headerheader Content-Type "text/plain; charset=utf-8"# Respond with the body and status code 200respond `User-agent: *Disallow: /` 200}}# Pocket-IDid.xxxx.xx {import common_robots_txt# Fallback to reverse proxy for other requestsreverse_proxy 192.168.x.yyy:1411 [xxxx:xxxx:xxxx:xxxx::yyyy]:1411}

systemctl reload caddy.service 

Pour la première configuration de votre instance Pocket-ID, je vous invite à créer votre compte administrateur sur https://id.xxxx.xx/login/setup. Il est très fortement encouragé d’avoir deux passkeys vu que c’est la seule manière d’authentification. J’en ai une dans Bitwarden/Vaultwarden et une autre dans le trousseau iCloud (via Safari).

Mise à jour

Puisque nous ne sommes pas dans Docker, la mise à jour peut être un peu plus compliquée. Cependant, rien d’insurmontable, surtout depuis la version 1.0 déjà compilée. Voici un petit script de mise à jour qui m’a permis de passer de la version 1.0 à 1.1.0 sans encombre.

nano /root/update-pocketid.sh

#!/bin/bash# update-pocketid.sh# --- Configuration ---INSTALL_DIR="/opt/pocket-id"SERVICE_NAME="pocketid.service"USER="pocketid"GROUP="pocketid"VERSION_FILE="${INSTALL_DIR}/version.txt" ARCHITECTURE="amd64" # Change if needed (e.g., arm64)# --- End Configuration ---echo "Checking for the latest version of PocketID..."LATEST_TAG_JSON=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest)LATEST_TAG=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') # Version without 'v'LATEST_TAG_WITH_V=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') # Version with 'v'if [ -z "$LATEST_TAG" ]; then    echo "Could not retrieve the latest version from GitHub."    exit 1fiecho "Latest version available: v${LATEST_TAG}"CURRENT_VERSION="0" # Default to 0 if no version fileif [ -f "$VERSION_FILE" ]; then    CURRENT_VERSION=$(cat "$VERSION_FILE")fiecho "Currently installed version: v${CURRENT_VERSION}"if [ "$LATEST_TAG" = "$CURRENT_VERSION" ]; then    echo "PocketID is already up to date (v${CURRENT_VERSION})."    exit 0fiecho "New version v${LATEST_TAG} available. Updating..."DOWNLOAD_URL=$(echo "$LATEST_TAG_JSON" | grep -E "browser_download_url.*pocket-id-linux-${ARCHITECTURE}" | cut -d '"' -f 4)if [ -z "$DOWNLOAD_URL" ]; then    echo "Could not find the download URL for linux-${ARCHITECTURE} and version v${LATEST_TAG}."    exit 1fiecho "Stopping service ${SERVICE_NAME}..."sudo systemctl stop "${SERVICE_NAME}"echo "Backing up the old binary..."BACKUP_NAME="pocket-id_backup_v${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"sudo cp "${INSTALL_DIR}/pocket-id" "${INSTALL_DIR}/${BACKUP_NAME}"echo "Old binary backed up to ${INSTALL_DIR}/${BACKUP_NAME}"

Rendre le script exécutable

sudo chmod +x /root/update-pocketid.sh

J’ai ajouté dans mes alias.

alias update='/root/update-pocketid.sh'

Pensez à faire une mise à jour du système avant celle de Pocket-ID.

sudo apt update && sudo apt upgrade -y

Si vous utilisez Proxmox, je vous encourage à faire un snapshot juste avant la mise à jour et à avoir des sauvegardes régulières (on ne sait jamais :-).

Conclusion

Vous êtes maintenant prêt a entrer dans le futur avec OIDC et Passkey. Vous pouvez visiter la page Exemples de clients pour configurer facilement vos services avec Pocket-ID. Je vous souhaite un bon voyage dans le monde captivant de l’auto-hébergement !

#Verify your #bicycles to sell faster and for higher offers on Sprocket! We're working to end #bicycle theft eith software and we're the best at serial number verification

Note: serial number #verification via our partnerships is not a guarantee the items are not stolen. We are continuously reinvesting our earnings into additional layers of security such as our recent integration with @Strava ride history data 😀

www.sprocket.bike/app