I'm just copy pasting my reddit writeup since that's where the creator is active. For those curious the basic idea of cosmos (https://cosmos-cloud.io/) is home server with a push towards default safety stuff. Reverse proxy over your docker containers configured to not see beyond their world sort of thing so you can safely control access. I believe it's a one person project and still very much in development, but given that so many people just drop "roll your own, you just need to learn...." as the solution I find this to be vastly preferable, and maybe better than things like CasaOS

Post:
I've had less time than I hoped to really poke at this, so it's a bit rambly/stream of consciousness. Figured I'd put this up as a data point for anyone either considering cosmos, or maybe as some feedback. If anyone wants more detail on a specific part I'll gladly dive in, but for now if I don't put this up I never will. A very large thanks to the various people who guided me on the discord.

Techstack/layout/hardware:

1. Cloudflare domain with proxy active
2. Ubiquiti UDM Pro router
3. MS01 on Unbuntu, in default DMZ vlan
4. Client devices on other vlans(a secure VLAN, technically not the default but similar) or external to network

Personal skill level: I code for a living, but that's probably overstating my skill. Mostly light CRUD apps. Network is a MASSIVE blindspot that I know very little about. This project was in part to help fix that by getting me some practical experience. It's also GROSSLY overspecc'd for my skill level with some hope I can eventually do some more ambitious stuff.

Setup: I had installed Cosmos before and run it locally unsecured/self signed (as provided by just clicking on the button in cosmos), just to make sure I understood "intended" behavior.

My initial hiccups mostly revolved around me setting up port forwarding incorrectly in the router, so i'll skip most of that. Short version is misread something, went down the out of date documentation rabbit hole and then doubled down with some AI hallucinations. In the end it's MUCH easier than I was making it.

All i needed to do was setup a 443 port forward to the static IP of my Cosmos box. It's even limited to cloudflare IPs only, which was just taking the list provided by cloud flare and copy pasting it in. There's a section in ubiquitis network interface for this and it's very straight forward.

From there it was configuring the right tokens so I could do the cloudflare DNS Challenge, which is well documented (went the double token route rather than full key.) Once I found the right pages for that it was simple.

Made my tokens, but was confused as hell because in Comsos it says "you don't need to fill everything out" for cloudflare, and there's CLEARLY duplicate entries, so I wasn't sure if I needed to fill out both.

From what I can tell, you need to fill out the duplicates (so you will double enter your email and your key/tokens). You can leave blank things like timeouts or whatever you're not using (key if using tokens, token if using key). Some clarity on the dupe thing might help.

I do think a small guide on bare minimum DNS config would also help. I was using a root A record and a CNAME wildcard record, and I never got it to working with cosmos. Unsure if that's my fault or not, but when I changed the wildcard to another A record (so A record for root and A record for *), it started working. For someone like me who knows fuck all about any of this, there was a lot of stumbling around with DNS.

Of note I did select allow wildcard domains and .local domains on all attempts. No insecure http local access.

From there it, mostly, started working. Https enabled and everyone can connect....exceeeept .local domains.

This is the part i'm still struggling with. There's not a lot of documentation on .local, just "it will work if you check the box". I'm not sure if it clashes with https, or if i need to self sign, or if it really should be that easy.

My understanding is I just make new url for an app, call it whatever.local, and boom I should be able to connect so long as i'm one the same network.

In practice, I see no traffic hitting the server when I try this(unless on the server itself), and get timeouts from local clients (server does work). I got it to work once from a client on another vlan after trying to curl the https://whatever.local, but the next morning with nothing changed (went to bed right after and just left the machines running), it no longer worked.

I did 100% confirm this worked because I used filebrowser to transfer some large data at speeds that NEVER would have been possible if it wasn't over my local network(everything is wired, no wifi, hence the desire for .local access). Also worth noting that I CAN ping the server locally and ssh to it from my other network, so i'm confident the firewall/vlans are configured correctly for that.

Even for that brief moment when it was working, I STILL couldn't hit domain.local. It clearly exists, but if I can hit it (again from the server box or for that one moment from my other machine) I get the "you should use your domain address" text and cannot continue.

I suspect router shenanigans (i do have mdns enabled on all VLANS), but I'm having a hard time finding logs and what not for this. I'm also unsure if I don't know enough and am doing some config that obviously shouldn't work. I have toggled the "allow insecure local access" option in testing once or twice, but it doesn't seem to change anything. Not sure how long the delay should be.

Small things I noticed that might need fixing/expanding: 1. The initial admin account creation "your passwords do not match" help text is not in English. 2. Small thing but while browsing the market it seems there's a few configs that no longer work or aren't supported. EmulatorJS was the main one that seemed clearly done. 3. Hitting the domain, after logging in but not having touched it since forever, just gives you a "user unauthorized" warning but still lets you putter around the setup. 4. Related to that, it does sorta suck that right now even normal users see so much. I would like to hide a LOT of the interface for some of my users(just show them installed visible apps?), and while I can hide something like a new URL, I can't hide the URL screen, or the market, or whatever. It's "fine" but several test members had to be told "yes i know you can see that, no its fine, no you can't delete or edit, yes i know it looks like you can, yes i've tested, etc, etc" 5. In my testing, I did manage to get my domain IP banned by smart shield due to all the logging in and out. Was easy enough to bounce the box and get back in, but maybe a "heavy testing" mode an admin can enable that has smart shield chill for 30 minutes? Dunno how sane that is given the security first focus and I'm sure I could've whitelisted the IP briefly/neutered smart shield somewhere. 6. When entering your license key, you instantly see a "manage your license" button pop up. I emailed about it because I was confused and thought my license was busted, but just needed to scroll to the bottom and hit save. Just a flow thing that might wan to change. 7. Maybe an early "what is your goal" question? Local only vs using a domain vs using a domain and local access with adjusted config process to skip/auto handle things that could go wrong?
8. The "make admin only" checkbox on every app i've installed, that has it, doesn't appear to work. I have to go into the URL config and manually make it admin only from there. Maybe i'm misunderstanding where/how it's doing this, but some light testing seems to confirm that non admin accounts can access until I do that.

Side issues:

At some point in all this my Ubuntu took a spirited attempt at destroying itself and would let me login and then just show me a cursor and nothing else. Couldn't get to the terminal through the recommended ways, but after sshing to the box locally and changing uhh...the display driver I think?, it's mostly been working, but I cannot restart the machine without issues until I hard shutdown (hold the power button). I doubt this is related to cosmos (either caused by, or affecting behavior), but figure I should mention it just in case. Planning a full reinstall later.

Overall:

I do love it. Cosmos is trying to be something that I think should exist and yet for some reason does not. There's so many ways to screw something like this up and the "well just roll your own" approach is hellishly easy to screw up with extreme consequences. I have a few more upgrades/tweaks to do (get .local working, maybe reinstall the OS and the thus resetup from scratch, NAS for storage of some family videos/photos we want backed up in more than one spot), and I have mostly enjoyed how clear Cosmos has been.

Edit: I've made some progress if you want to read the edits at the end.

Last year I started slowly planning out a home server setup with help from Tildes. I've gotten a few things up and running, but have been bouncing off a variety of walls trying to get to the next step.

The first goal was-
"Ok i've got Cosmos up and running for local access using self signed certs. I'd like to get it up and running using lets encrypt and a domain so I can eventually start giving a few family and friends proper logins and external access". Of note, ideally,

This led to a second goal of-
"Gosh it sure would be nice if I didn't have to be sitting at the physical server to do testing and could instead be at another computer in my house. I should probably configure ssh locally (working) and get it to forward windows so I can work in other rooms (not working...)"

"The stack":

Server - MS01 running LTS Ubuntu with Cosmos Cloud installed (well it was, but is currently not)

Router - Ubiquiti Dream Machine Pro (of note i've done some minimal guided config of this to try and harden it at a basic level so my cameras and IoT devices are better isolated. Not fully default, but the server is, for now, in the same network/vlan as the rest of my main computers so don't think this should matter.)

Clients - All local windows 10/11 machines for now, although in the off off chance it matters, i'm running nushell in the terminal

Domain Provider - Cloudflare

The SSH Problems:

I have a friend who's set SSH up for themselves with their home server, however they haven't had time to come over and troubleshoot. My rough understanding is "setup VcXsrv, change some configs, then it just works.". Windows these days has ssh built in, and I can SSH to the machine just fine with my key.

ssh -X...less so. I've read some docs, followed some guides, tried copilot, and it all leads to "yeah should work" and it just doesn't. I have configured a ssh config on both machines to allow X11 forwarding, i've started the XLaunch making sure I disable access control, made sure my unbuntu login isn't on wayland and so on. So far, no dice.

If someone has an end to end guide they trust to link, i'll gladly read and start from scratch. I've been cobbling together so many sources at this point i'm very lost. Lots of things jump quickly to "well just use WSL", which yeah ok i probably should test that next, but I was hoping I wouldn't need to (and am unclear if that'll even help).

The HTTPS/Domain Problems:

So..cosmos cloud.

I like the theory behind this software in that it helps enforce best practices so you don't blow your own head off when you screw something up. Maybe it's not the absolute best starting place, but getting it running without a domain was trivial, and more importantly, shockingly well documented. Not perfect, but for what I understand is mostly a one man show it's better than a lot of professional grade stuff i've dealt with.

And so I figured it'd be easy to just do the setup from scratch but choose https and point to my domain. There's been two attempts here, no DNS challenge and DNS challenge

No DNS Challenge Method

Per their docs it seemed easy enough. I'd never touched a DNS screen before but I configured an A record pointing at my WAN IP (eventually...) and disabled the cloudflare proxy.

Well going to that domain took me to my router login. Hmm. After screwing around with port forwarding and router DNS records I never got it to work and felt like I was playing with fire, so undid everything I'd done and decided I'd try the DNS challenge. Of note I could still access the cosmos cloud page from http directly to the IP, where it confirmed it failed to get the TLS cert, but https to the domain wasn't having it.

DNS Challenge Method

This seemed like I was close, and then nothing. I have no idea if i need to do internal routing on the router for this, it just sorta says "Do the DNS challenge, here's a form, you don't need to fill out all of it" which uh...ok.

I filled out what I think I needed to after setting up a token(not an API key) in cloudflare. I'm pretty certain I got that correct as I saw text files with keys created on cloudflare's DNS page and had I screwed that I'm guessing it couldn't have.

However from what I can tell, that's as far as it got. The files nuked themselves 2 minutes later when the TTL expired, and going to the domain locally gave me the cloudflare "our shit's fine, the server is timing out" page. From what I could tell diving into logs, cosmos had the same error, and I couldn't hit cosmos at all, even using the IP and http.

I do however wonder if maybe it did work BUT since I undid the router DNS record before trying this maybe that killed it? dunno.

Any ideas?

That's basically my situation. Figured i'd throw it here and see if anyone has some guidance or troubleshooting they'd recommend. Aforementioned friend who's done some of this before should be free one of these weekends and can probably help, and I haven't tried again since the second attempt. I've thrown some of the questions i've had on the discord and gotten minimal response(although I'm kinda using the thread as a rubber ducking spot as well). Next attempt is probably just DNS challenge again after more research on it and seeing if that works if I put back on the router DNS record, but i feel like logically that shouldn't work.

Oh also if anyone has some general recommended reading so that I can really understand what the hell it is I'm doing I'd love that. There's a ton of networking books/articles/etc, and in general I'd like to learn more about the subject, but I'm curious if there's a go to for people who are techy and trying to dip their toe in all of it the same way I am and setting up a proper home network and server.

Edit:
So after lots of testing, doc reading, and help from the cosmos discord I:

1. Got the DNS challenge to work according to the cosmos logs.
2. narrowed down that the main issue was my UDM pro router policies. Needed a firewall rule and a port forward, and had only done one of those at a time in my various attempts and not realized they were really different.

Now once that was all working and I could hit the site i was getting "likely a false cert" errors, but since i've got all the pieces I'm probably going to try another clean install later and see what we get. Hurrah for troubleshooting, good docs, rubber ducking, and helpful humans.

Edit 2:

Eventually required:

1. Port forward rule in UDM pro
2. Firewall rule in UDM pro
3. Static IP and DNS entry in UDM pro.

One I’d done those things started working. Killed it after that as now I need to think about architecture

I keep getting messages in my email inbox or LinkedIn like:

> Hi, 
> I’m seeking a genuine partnership where only a USA software engineer can truly collaborate with me. 
> I value transparency and real results. 
> Things to do are very simple and I guarantee 3K~10K/month income for you.
> I’m ready to prove my credibility and discuss a win-win business. 
> Thank you!

Hello $their_name,

Why do you need a USA engineer and what do I need to do?

- $my_name

> Thanks for reaching me out.
> 
> I run a software development team with five talented developers who specialize in frontend, backend, full stack, AI/ML and blockchain technologies. Although we have a strong team, we are struggling to find enough jobs right now. As you may know, the economy in Europe is tough and low salary as well, so we are trying to find more opportunities in the US and Canada. However, this is challenging for us because of time zone differences, language barriers, and many US clients preferring to hire local people like you.
> 
> To solve these issues, I'm actively looking for someone who can help us in getting more jobs in the US. Since you are a US citizen, you can create accounts on job platforms like Indeed, Dice, Upwork and Wellfound. I think you may have already heard about Upwork. It's a world famous freelancing platform. After setting up your accounts, if you allow me to use them, I will apply for jobs by myself. When I receive interview requests from clients, I will notify you so you can attend the meetings. During the interviews, I will support you by quickly sending you the right answers to any technical questions that come up.
> 
> Once we secure a job, our team will handle all the development work, including any test projects. We will share the profits from the work we do, with a split of 30% for you and 70% for our team.
> In short, your role would be to connect with clients and help us secure jobs, while our team takes care of the technical work. This is a great opportunity for collaboration and growth.
> 
> And there is one thing I need to tell you about using your account. Several platforms have very strict policies with ip addresses. If i use your account on my own machine, your account will be risky because ip addresses are different. And also they detect VPN, VPS, and some cloud services as well. To address this, we need to use your spare laptop. I will use your account on your spare one using a remote desktop application like Anydesk. Anydesk is a secure and safe remote desktop application.

> Greeting,
> 
> I hope this message finds you well. My name is Cuong, and I came across your information on your website ( WE need it ). I am excited to share that I have a potential long-term collaboration opportunity that I believe could be mutually beneficial.
> 
> We’re a fast-growing IT consulting company based in Malaysia, with a talented team experienced in web2, web3, mobile development, and AI. As we expand into the U.S. market, we’re actively seeking a reliable business partner—someone like you—to grow together.
> 
> Here’s how we can support you:
> - Proactively apply and schedule interviews on job platforms on your behalf
> - Optimize and refine your resume and LinkedIn profile to stand out
> - Provide technical guidance to help you succeed in interviews
> - Take care of the actual development work once new projects are secured
> 
> If this sounds interesting to you, feel free to reach out. We’d love to hear your thoughts and explore how we can collaborate!
> 
> Looking forward to connecting with you.
> 
> Best Regards
> Cuong

Some of these messages are even from people who are well-connected to former bosses and managers and other talented people that I personally know. They aren't coming out of my spam folder.

I know I'm not special in this. I'm not the only one. They are throwing spaghetti on the wall until the meatballs stick, etc.

But I thought... what if I could use this to my advantage? I would still need to do the interviews but they could do the legwork applying for jobs and reaching out to companies, connections that they already have, and then when they deliver the job contract I cut off contact with these nebulous associates? And I join the company like normal.

Thoughts?

I'm looking to see if anyone can speak to how life is (good, bad, or meh) with using one of the popular OneDrive clients on a common enough Linux distribution.

Ok, so allow me to set the context...

• My partner uses Windows laptop, and with next year's end of life on Win10, I need to make decision to advise them on whether we get them another Windows laptop (presumably running Win11), or finally get them to take the plunge on using Linux - (a laptop running some common enough linux distro).
• I run linux as my personal daily driver on my laptop for more than a decade, and on server side having been using and dabbling with linux since about 2004. So, i will add also that i'm all bought in on the linux, libre/free and open source lifestyle.
• I'm not a fan of Windows, but not judging that others like my partner use it. By the way, my partner doesn't care about tech nor computing, they simply use applications and move on with their life. (Yes, i have politely nudged them over the years to try linux, but they have been hesitant to do so without a true need, so why rock the love boat, right?)
• My partner's computing needs are quite basic, but slightly tricky...Here is what i mean:
  • They use a web browser or mobile apps for the vast majority of their compouting/app needs
  • For office suite, they use desktop versions of MS Word and Excel
  • Quite importanrtly, they use OneDrive to sync their files (and there are alot important files for them and our family)

So, from a computing needs perspective, that's pretty much it. For every other function and need (e.g. email, productivity, etc.), they simply use browser or mobile apps as noted above.

You might be thinking, well, move them to linux, and if they like Microsoft, then use the Word or Excel browser app, right? Well, they LOATH having to use the browser or mobile versions of Microsoft Office. Being of a certain age, they might be ok with LibreOffice, since it mimics close enough to desktop versions of Word, Excel desktop apps...So, I think the desktop and office suite are less of a problem to find an alternative if needed...
But, OneDrive, yeah, this is the one app that they won't let go. Not because they love Microsoft (they could careless about the company), but because they have a good trust and experience of its functions to date on Windows. Onedrive has really empowered their workflow. That is, because they jump from browser to mobile app often through their day, etc....the feature of having a file easily and reliably sync (via onedrive) between devices is probably the most important need that they have.

Now, before anyone says, well try "NextCloud"...yeah, been there and done that. Nextcloud works wonderfully for me (has for years)...but it does not conform exactly to my partner's workflow. I've tried Collabera, but could never get it to work reliably enough. I want to state again, i am a strong, emphatic open source advocate...But if my partner can't get their work done without me constantly diagnosing and fixing things....then its not proper solution for them.

So, while i have a solid linux or open source option for all of their other needs, Onedrive is the challenge here. So, can anyone advise, how things are with onedrive clients on linux? Any particular client that is worth me looking into? What about a specific linux distro that, maybe possibly works best with a particular onedrive linux client? I should add that my partner is willing to pay for file synching and does NOT want to have me self-host things for this single function since they don't want to have me kill myself in supporting it. So, if there is a valid alternative to onedrive that is awesome on linux, and that they can pay a company to reliably host, that is welcome as well.

Or, should i simply advise them to stick to Windows through EOL, get them set on Win11 along with native Onedrive, and move on with our lives?

I'm thankful for anyone's recommendations and advice. Cheers!

Recently I’ve been growing dissatisfied with my current workflow (Obsidian and iA) and looking to try something new, and someone recommended emacs, as long as I was up for the challenge. I figure it can’t hurt to try, and if I don’t implement it, well, I’ll have learned something.

I’m fairly comfortable with CLIs, but will likely use a GUI, and will be using on a Mac.

Anyone have advice for a total novice?

There isn't any public announcement yet, but they sent out this email to leadership:

Dear Women Who Code Community,

It is with a heavy heart that we write to inform you of the difficult decision to close Women Who Code, following a vote by the Board of Directors to dissolve the organization. This decision has not been made lightly. It only comes after careful consideration of all options and is due to a variety of factors that have materially impacted our funding sources. We understand that this news may come as a disappointment, and we want to express our deepest gratitude to each and every one of you who have been a part of our journey.

As a community, we are powerful. For more than a decade, Women Who Code has created a sense of belonging in tech and support for our community, thanks to the dedication and commitment of our members, volunteers, and staff. We have brought together a vibrant community of over 360,000 technologists who deeply care about building an industry that is more diverse, inclusive, and equitable. We’ve delivered more than 20K community-led events, awarded more than $3.5 million in scholarships, held developer conferences and technical summits in tech hubs around the world, logged more than one million high-skilled, leadership-building volunteer hours, given away more than $2.5 million in conference tickets for broader industry engagement, and shared more than 14K job opportunities. Even more than these trackable outputs, we’ve come together to support each other, navigate the industry as a powerful force, share both technical protips and strategies for rising in our careers, and break barriers.

While so much has been accomplished, our mission is not complete and our vision of a tech industry where diverse women and historically excluded people thrive at every level is not fulfilled. Despite our collective efforts, the challenges we face have become insurmountable and we must confront that what worked for us is no longer working. We are deeply saddened by the difficult decision to dissolve the organanization.

As we embark on the process of winding down operations, we are committed to ensuring a smooth transition and fulfilling any remaining obligations to the best of our ability. Unfortunately, we will not be able to continue offering any program services, and will be cancelling all upcoming events. We will be refunding any ticket purchases made by members for our upcoming developer conference, WWCode CONNECT 2024.

Although this chapter is coming to a close, we believe that the spirit of our community will endure and hope that the relationships and experiences you've gained through your involvement with Women Who Code will continue to inspire you in your future endeavors.

On behalf of the Board of Directors and staff of Women Who Code, we extend our heartfelt thanks for being part of the movement, and encourage you to continue to seek support from other like-minded organizations who authentically support the careers of women in the tech industry and keep inspiring each other as you navigate the industry. It has been an honor and a privilege to serve the mission, and work alongside such passionate individuals.

Thank you for your understanding and support during this challenging time.

Hey there,

I wanted to know which sets of passports grant together visa-free access to every country in the world, but I could not easily find that info online. So I figured that I could try to write a small program to determine these sets of passports myself, and then it occurred to me that it would probably be a fun programming challenge to organize, so here we go.

Here's the challenge.

1. Scrape the data you need for instance from The Henley Passport Index.
2. Design a clever algorithm to efficiently find out which are the smallest sets of passports that will grant you visa-free access to every country in the world.
3. Optional. Allow the user to specify which passports they already hold and find out which sets of passports would complement their passports well.
4. Optional. Rank the sets of passports by how easy it is to acquire citizenship in those countries.

The choice of the programming language is yours, bonus points if you write it in assembly 😂

Feel free to collaborate and share your solutions (the algorithms and the actual results) in the comments, and feel free to share your own twists to the challenge that could make it even more fun & interesting.

The person with the most clever, efficient and elegant algorithm wins!

Happy coding folks!