I'm using self-hosted Sure.am and also using SimpleFin to connect to Canadian banks. It works, but barely, since it effectively scrapes with no real API access. I have to login daily to update 2-FA on various accounts, and have suffered account lockouts a couple of times, due to "suspicious activity".
But it still beats downloading multiple exports from the bank and importing it manually...
That's fair, a VPN might've been a better approach. I've been having some weird routing issues with WireGuard, that seem to work differently based on the client, but I've not had time to sort that out.
At the end of the post I mention, that having proper separation would've helped, but again, that's a whole project...
It's not really "piling on more complexity". I already have a well-configured OIDC provider that already handles a lot of home lab software that supports OIDC natively.
For things not supporting OIDC natively there's OIDC Proxy for traefik. So in this case the solution is adding a label requesting the OIDC Proxy Middleware, and adding a redirect URL to the OIDC application.
You could argue that it's "more complexity", but routing it through a home vpn, for instance, is also "more complexity".
What, in your opinion is "simple, performant, and sane"? You casually throw that around, but never explain...
The community has managed to drastically lower hardware requirements, but so far I think only Nvidia cards are supported, so as an AMD owner I'm still missing out :(
I still can't comprehend why they implemented FIDO/WebAuthn support in Play Services. Passkeys are extremely difficult to support in apps that don't depend on Play Services client libraries.
But it still beats downloading multiple exports from the bank and importing it manually...
reply