1
00:00:00,000 --> 00:00:00,980
We've all been there, right?

2
00:00:00,980 --> 00:00:02,320
You're running a personal server,

3
00:00:02,320 --> 00:00:03,800
maybe for a small business,

4
00:00:03,800 --> 00:00:05,680
and there's that one command you need to run.

5
00:00:05,680 --> 00:00:07,200
It could be restarting a service,

6
00:00:07,200 --> 00:00:08,840
maybe kicking off a backup.

7
00:00:08,840 --> 00:00:11,240
But the command is long, it's complicated,

8
00:00:11,240 --> 00:00:13,060
and if you get just one character wrong,

9
00:00:13,060 --> 00:00:16,360
well, you could cause some serious downtime, or worse.

10
00:00:16,360 --> 00:00:19,840
It's this weird paradox of server administration.

11
00:00:19,840 --> 00:00:22,400
You need all this power, but for everyday stuff,

12
00:00:22,400 --> 00:00:25,560
you just want simplicity and safety.

13
00:00:25,560 --> 00:00:27,520
Today, we are diving deep into a tool

14
00:00:27,520 --> 00:00:29,920
that was built to solve exactly that problem.

15
00:00:29,920 --> 00:00:31,600
It's called OliveTin.

16
00:00:31,600 --> 00:00:33,560
But before we get into how this amazing tool

17
00:00:33,560 --> 00:00:37,040
balances that power with simple and safe access,

18
00:00:37,040 --> 00:00:39,120
let's thank the supporter that makes this all possible,

19
00:00:39,120 --> 00:00:40,120
SafeServer.

20
00:00:40,120 --> 00:00:42,440
SafeServer handles the hosting of this software

21
00:00:42,440 --> 00:00:44,880
and supports you in your digital transformation.

22
00:00:44,880 --> 00:00:49,320
You can find out more over at www.safeserver.de.

23
00:00:49,320 --> 00:00:51,000
So, OliveTin.

24
00:00:51,000 --> 00:00:54,440
At its core, it's a web-based control panel,

25
00:00:54,440 --> 00:00:57,000
but it's designed specifically for one thing,

26
00:00:57,000 --> 00:00:59,200
running predefined Linux shell commands.

27
00:00:59,200 --> 00:01:01,560
It takes these powerful, complex operations

28
00:01:01,560 --> 00:01:02,960
that you'd normally do in a terminal.

29
00:01:02,960 --> 00:01:04,880
Things you'd have to SSH in for.

30
00:01:04,880 --> 00:01:08,160
Exactly, and it wraps them up into these really simple,

31
00:01:08,160 --> 00:01:10,760
single-click buttons on a web page.

32
00:01:10,760 --> 00:01:12,480
It's like putting, I don't know, permanent,

33
00:01:12,480 --> 00:01:15,680
infallible guardrails around your most critical server

34
00:01:15,680 --> 00:01:16,480
functions.

35
00:01:16,480 --> 00:01:20,280
OK, let's unpack that a bit, that idea of safe simplicity,

36
00:01:20,280 --> 00:01:22,080
because that seems to be the whole point.

37
00:01:22,080 --> 00:01:25,440
For someone managing a server, how does OliveTin actually

38
00:01:25,440 --> 00:01:27,320
achieve that balance?

39
00:01:27,320 --> 00:01:30,240
Well, what's fascinating here is the dual focus.

40
00:01:30,240 --> 00:01:33,200
The developers clearly put just as much thought into security

41
00:01:33,200 --> 00:01:35,200
as they have into usability.

42
00:01:35,200 --> 00:01:36,760
I mean, shell commands are powerful,

43
00:01:36,760 --> 00:01:39,480
but let's be honest, they're often cryptic.

44
00:01:39,480 --> 00:01:41,520
And dangerous if you don't know what you're doing.

45
00:01:41,520 --> 00:01:43,000
Absolutely.

46
00:01:43,000 --> 00:01:45,080
The biggest risk is just human error,

47
00:01:45,080 --> 00:01:47,040
a simple typo, forgetting a flag,

48
00:01:47,040 --> 00:01:48,920
running a command in the wrong place.

49
00:01:48,920 --> 00:01:51,080
So OliveTin is basically mitigating

50
00:01:51,080 --> 00:01:54,440
the risk of having to remember or type things out perfectly

51
00:01:54,440 --> 00:01:54,960
every time?

52
00:01:54,960 --> 00:01:55,960
Precisely.

53
00:01:55,960 --> 00:01:58,480
The end user never even sees the command.

54
00:01:58,480 --> 00:02:02,200
You, as the admin, you define it once in the configuration file

55
00:02:02,200 --> 00:02:02,680
and that's it.

56
00:02:02,680 --> 00:02:04,640
They can't edit it, they can't change its scope,

57
00:02:04,640 --> 00:02:07,120
they can only click the button and run the exact operation

58
00:02:07,120 --> 00:02:07,840
you defined.

59
00:02:07,840 --> 00:02:10,000
I love the analogy of an engine room.

60
00:02:10,000 --> 00:02:12,320
Instead of giving your assistant the master keys

61
00:02:12,320 --> 00:02:14,680
and saying, please don't touch the big red lever,

62
00:02:14,680 --> 00:02:16,280
you just install a button outside.

63
00:02:16,280 --> 00:02:19,200
A button that says, run diagnostics.

64
00:02:19,200 --> 00:02:23,160
The outcome is predictable, the risk is totally contained.

65
00:02:23,160 --> 00:02:24,920
That's a perfect way to describe it.

66
00:02:24,920 --> 00:02:28,160
And that safety also extends to permissions.

67
00:02:28,160 --> 00:02:31,640
You can configure all of Tin to run a specific command

68
00:02:31,640 --> 00:02:34,680
as a low-privilege user, even if the person clicking

69
00:02:34,680 --> 00:02:37,440
the button has no special permissions at all.

70
00:02:37,440 --> 00:02:39,120
It handles all that on the back end.

71
00:02:39,120 --> 00:02:41,000
So it avoids that classic mistake

72
00:02:41,000 --> 00:02:43,400
of just running everything as root because it's easier.

73
00:02:43,400 --> 00:02:44,600
It completely avoids that.

74
00:02:44,600 --> 00:02:46,280
OK, so we've got the theory down.

75
00:02:46,280 --> 00:02:47,440
Safe simplicity.

76
00:02:47,440 --> 00:02:51,920
But where does this actually shine in the real world?

77
00:02:51,920 --> 00:02:53,480
Let's talk about some use cases.

78
00:02:53,480 --> 00:02:55,320
Let's start with a really common one.

79
00:02:55,320 --> 00:02:58,000
Home users, family members.

80
00:02:58,000 --> 00:03:01,040
You're the family sysadmin, and the Plex server goes down again.

81
00:03:01,040 --> 00:03:03,000
Oh, that's the perfect use case.

82
00:03:03,000 --> 00:03:05,560
You get the text, Plex is broken instead

83
00:03:05,560 --> 00:03:08,120
of trying to talk them through logging into something.

84
00:03:08,120 --> 00:03:10,280
Or telling them to just wait until you get home.

85
00:03:10,280 --> 00:03:12,320
Right, you just give them the link to a web page

86
00:03:12,320 --> 00:03:13,320
with one button on it.

87
00:03:13,320 --> 00:03:14,720
Restart Plex.

88
00:03:14,720 --> 00:03:18,240
Under the hood, that button is running, say, Podman,

89
00:03:18,240 --> 00:03:19,400
Restart Plex.

90
00:03:19,400 --> 00:03:22,640
And for anyone who doesn't know, Podman is a lot like Docker.

91
00:03:22,640 --> 00:03:24,200
It's a container tool.

92
00:03:24,200 --> 00:03:26,360
So you're restarting a complex service.

93
00:03:26,360 --> 00:03:29,200
But for your family, it's just a tap on their phone.

94
00:03:29,200 --> 00:03:31,380
Zero technical knowledge required.

95
00:03:31,380 --> 00:03:33,840
The time saving there is just massive.

96
00:03:33,840 --> 00:03:35,780
Now, what about in a professional setting,

97
00:03:35,780 --> 00:03:37,240
like with junior admins?

98
00:03:37,240 --> 00:03:38,640
It scales up perfectly.

99
00:03:38,640 --> 00:03:43,040
So imagine you have a custom backup script, BackupScript.esh.

100
00:03:43,040 --> 00:03:46,280
But it needs a customer folder name every time it runs.

101
00:03:46,280 --> 00:03:48,400
If a junior admin types that manually,

102
00:03:48,400 --> 00:03:50,600
they might forget the folder flag or misspell

103
00:03:50,600 --> 00:03:51,400
the customer's name.

104
00:03:51,400 --> 00:03:52,740
And the backup fails.

105
00:03:52,740 --> 00:03:53,400
Exactly.

106
00:03:53,400 --> 00:03:56,160
With all of the 10, you define the command as BackupScript.esh

107
00:03:56,160 --> 00:03:57,240
folder name.

108
00:03:57,240 --> 00:04:00,320
That customer name part becomes a dropdown menu or a text box

109
00:04:00,320 --> 00:04:01,960
in the web UI.

110
00:04:01,960 --> 00:04:04,880
So it forces them to provide the right input.

111
00:04:04,880 --> 00:04:06,360
It enforces correctness.

112
00:04:06,360 --> 00:04:08,000
It makes the whole procedure repeatable

113
00:04:08,000 --> 00:04:09,320
and basically error free.

114
00:04:09,320 --> 00:04:12,040
You're moving the complexity from memory to configuration.

115
00:04:12,040 --> 00:04:13,360
Let's talk security.

116
00:04:13,360 --> 00:04:15,240
The source has mentioned a really clever one

117
00:04:15,240 --> 00:04:16,840
for temporary access.

118
00:04:16,840 --> 00:04:17,560
Yes.

119
00:04:17,560 --> 00:04:19,920
Temporary SSH access.

120
00:04:19,920 --> 00:04:21,100
This is brilliant.

121
00:04:21,100 --> 00:04:23,800
Let's say you need to give a contractor access to a server.

122
00:04:23,800 --> 00:04:27,880
The command you set up is firewall CMD add service

123
00:04:27,880 --> 00:04:29,920
climb out 20 meters.

124
00:04:29,920 --> 00:04:32,000
The key is that time out part.

125
00:04:32,000 --> 00:04:32,920
20 minutes.

126
00:04:32,920 --> 00:04:35,600
So the firewall rule just disappears after 20 minutes.

127
00:04:35,600 --> 00:04:37,440
It automatically revokes itself.

128
00:04:37,440 --> 00:04:39,560
The security benefit is huge.

129
00:04:39,560 --> 00:04:42,320
You don't have to remember to log back in and turn it off.

130
00:04:42,320 --> 00:04:44,040
The button does the whole cycle for you.

131
00:04:44,040 --> 00:04:46,960
I can immediately see this being used in home automation, too,

132
00:04:46,960 --> 00:04:48,560
like with those wall-mounted tablets.

133
00:04:48,560 --> 00:04:49,120
Oh, absolutely.

134
00:04:49,120 --> 00:04:50,840
You don't want to open a terminal on a touch screen.

135
00:04:50,840 --> 00:04:51,400
No way.

136
00:04:51,400 --> 00:04:54,200
So you have a button to run wake on LAN for a sleeping TC.

137
00:04:54,200 --> 00:04:57,280
One tap, no typing an MC address.

138
00:04:57,280 --> 00:04:59,960
And what about long-running tasks, like system updates?

139
00:04:59,960 --> 00:05:01,400
That's always a pain over SSH.

140
00:05:01,400 --> 00:05:01,900
It is.

141
00:05:01,900 --> 00:05:03,200
You have to keep the session alive.

142
00:05:03,200 --> 00:05:06,800
With this, you just hit a button that runs dnfupdate.you,

143
00:05:06,800 --> 00:05:09,040
and it just runs the background on the server,

144
00:05:09,040 --> 00:05:10,120
you can close the browser.

145
00:05:10,120 --> 00:05:12,480
You can kick it off from your phone and not worry about it.

146
00:05:12,480 --> 00:05:14,280
The source has also had a great example

147
00:05:14,280 --> 00:05:17,480
of simplifying a really complex chain of commands, something

148
00:05:17,480 --> 00:05:18,240
with Docker.

149
00:05:18,240 --> 00:05:18,760
Right.

150
00:05:18,760 --> 00:05:20,080
When you're updating a container,

151
00:05:20,080 --> 00:05:22,400
you often have to stop it, remove the old one,

152
00:05:22,400 --> 00:05:24,040
create a new one, and then start it.

153
00:05:24,040 --> 00:05:25,480
That's, what, three or four steps?

154
00:05:25,480 --> 00:05:27,480
All of which have to happen in the right order.

155
00:05:27,480 --> 00:05:29,520
And it's so easy to mess up.

156
00:05:29,520 --> 00:05:33,320
With all of 10, you can chain them into one single action,

157
00:05:33,320 --> 00:05:37,760
Docker RM, and Docker Creator, and Docker Start.

158
00:05:37,760 --> 00:05:40,000
And that contained part becomes a drop-down menu,

159
00:05:40,000 --> 00:05:42,760
so the user picks from a list of approved containers.

160
00:05:42,760 --> 00:05:43,480
Exactly.

161
00:05:43,480 --> 00:05:46,440
It's such a powerful way to simplify daily operations.

162
00:05:46,440 --> 00:05:48,640
OK, this brings up a really important question

163
00:05:48,640 --> 00:05:50,280
for anyone listening.

164
00:05:50,280 --> 00:05:53,200
If this thing is so powerful, how do you actually

165
00:05:53,200 --> 00:05:54,280
configure these buttons?

166
00:05:54,280 --> 00:05:57,280
The configuration is done using YAML.

167
00:05:57,280 --> 00:05:59,200
And for anyone newer to this, YAML

168
00:05:59,200 --> 00:06:01,080
is just a way to write configuration

169
00:06:01,080 --> 00:06:03,960
in a structured, human-readable text file.

170
00:06:03,960 --> 00:06:06,520
It's super common in the cloud-native world.

171
00:06:06,520 --> 00:06:08,800
And using it here is a very deliberate choice.

172
00:06:08,800 --> 00:06:12,960
It follows this modern idea of configuration as code.

173
00:06:12,960 --> 00:06:14,640
You manage everything in a text file.

174
00:06:14,640 --> 00:06:16,880
You can track, you can version, you can audit.

175
00:06:16,880 --> 00:06:19,720
It's so much cleaner than clicking around

176
00:06:19,720 --> 00:06:21,400
in some messy admin panel.

177
00:06:21,400 --> 00:06:24,480
So in this YAML file, how do you actually define a button?

178
00:06:24,480 --> 00:06:25,320
It's pretty simple.

179
00:06:25,320 --> 00:06:28,840
Each action has three main parts, a title, which

180
00:06:28,840 --> 00:06:32,400
is what the user sees on the button, an optional icon,

181
00:06:32,400 --> 00:06:34,000
and then the shell command itself.

182
00:06:34,000 --> 00:06:35,600
The actual command that's going to run.

183
00:06:35,600 --> 00:06:36,120
Right.

184
00:06:36,120 --> 00:06:37,780
And let's look at the ping host example,

185
00:06:37,780 --> 00:06:40,400
because it shows the safety features really well.

186
00:06:40,400 --> 00:06:45,920
The command is ping host-count, ping count.

187
00:06:45,920 --> 00:06:49,620
OK, so host and count are the variables the user can change.

188
00:06:49,620 --> 00:06:50,380
Correct.

189
00:06:50,380 --> 00:06:52,360
And then in the argument section below,

190
00:06:52,360 --> 00:06:54,880
you define what those variables are allowed to be.

191
00:06:54,880 --> 00:06:58,200
For host, you might set its type to a site identifier.

192
00:06:58,200 --> 00:07:00,960
For count, you set its type to an integer.

193
00:07:00,960 --> 00:07:03,360
And that type definition is the security guardrail.

194
00:07:03,360 --> 00:07:04,960
It's one of the most important ones.

195
00:07:04,960 --> 00:07:07,840
By telling Oluften that count must be an integer,

196
00:07:07,840 --> 00:07:10,760
you prevent a user from trying to inject some malicious text

197
00:07:10,760 --> 00:07:12,840
or another command in that box.

198
00:07:12,840 --> 00:07:15,400
It sanitizes the input before it ever gets to the shell.

199
00:07:15,400 --> 00:07:16,360
That is clever.

200
00:07:16,360 --> 00:07:18,460
So you, the owner, define the sandbox.

201
00:07:18,460 --> 00:07:21,400
And the web UI makes sure the user can only play inside it.

202
00:07:21,400 --> 00:07:22,520
Pertically put.

203
00:07:22,520 --> 00:07:24,400
And it works for remote commands, too.

204
00:07:24,400 --> 00:07:26,880
The example of restarting a remote web server is great.

205
00:07:26,880 --> 00:07:30,520
The command is just source root at web server one service

206
00:07:30,520 --> 00:07:32,120
HTTPD restart.

207
00:07:32,120 --> 00:07:33,320
That whole thing is hidden.

208
00:07:33,320 --> 00:07:35,960
The user just sees a button that says restart web server one.

209
00:07:35,960 --> 00:07:37,760
You set up the complexity once.

210
00:07:37,760 --> 00:07:39,040
And it's simple forever.

211
00:07:39,040 --> 00:07:39,600
Exactly.

212
00:07:39,600 --> 00:07:42,040
What about the footprint of this software?

213
00:07:42,040 --> 00:07:44,200
A lot of people listening are running this stuff

214
00:07:44,200 --> 00:07:46,840
on a Raspberry Pi or a small server.

215
00:07:46,840 --> 00:07:48,660
It's incredibly lightweight.

216
00:07:48,660 --> 00:07:50,880
The back end API is written in Go.

217
00:07:50,880 --> 00:07:53,120
Which is known for being really fast and efficient.

218
00:07:53,120 --> 00:07:54,280
Super efficient.

219
00:07:54,280 --> 00:07:57,680
And the web interface is a modern single page app.

220
00:07:57,680 --> 00:08:00,680
The whole thing uses just a few megabytes of RAM

221
00:08:00,680 --> 00:08:02,200
and barely touches the CPU.

222
00:08:02,200 --> 00:08:04,600
It's perfect for those small self-hosted setups.

223
00:08:04,600 --> 00:08:07,260
So beyond just the tech, the source material

224
00:08:07,260 --> 00:08:09,440
talks a lot about the philosophy behind all of 10.

225
00:08:09,440 --> 00:08:12,280
They call it the no-nonsense software principles.

226
00:08:12,280 --> 00:08:13,720
Yeah, and this is really refreshing.

227
00:08:13,720 --> 00:08:15,220
It feels like a direct response to a lot

228
00:08:15,220 --> 00:08:18,040
of the frustrations people have with software today.

229
00:08:18,040 --> 00:08:21,560
First, it's completely open source and free software.

230
00:08:21,560 --> 00:08:25,520
AGPL 3.0 license, all the code is right there for you to see.

231
00:08:25,520 --> 00:08:28,120
And the second principle is inclusivity.

232
00:08:28,120 --> 00:08:29,920
This one really stood out to me.

233
00:08:29,920 --> 00:08:32,720
There's no pro or enterprise version.

234
00:08:32,720 --> 00:08:33,600
No.

235
00:08:33,600 --> 00:08:36,680
The virtue you download has every single feature.

236
00:08:36,680 --> 00:08:38,080
They're not holding anything back

237
00:08:38,080 --> 00:08:39,440
to try and upsell you later.

238
00:08:39,440 --> 00:08:40,800
That builds a lot of trust.

239
00:08:40,800 --> 00:08:41,400
It does.

240
00:08:41,400 --> 00:08:45,040
And speaking of trust, their commitment to being invisible

241
00:08:45,040 --> 00:08:46,200
is huge.

242
00:08:46,200 --> 00:08:49,880
There is absolutely no tracking, no usage tracking, no ads,

243
00:08:49,880 --> 00:08:52,040
no telemetry, nothing.

244
00:08:52,040 --> 00:08:54,560
The sources even said they removed a simple update check

245
00:08:54,560 --> 00:08:57,200
because they were worried it could be seen as phoning home.

246
00:08:57,200 --> 00:08:59,840
Yeah, that shows a real dedication to privacy.

247
00:08:59,840 --> 00:09:01,360
And finally, it's internal.

248
00:09:01,360 --> 00:09:05,360
It doesn't need an internet connection to work at all.

249
00:09:05,360 --> 00:09:07,400
It just runs on your network for your network.

250
00:09:07,400 --> 00:09:09,640
We should also quickly mention the UI is responsive,

251
00:09:09,640 --> 00:09:10,360
touch friendly.

252
00:09:10,360 --> 00:09:13,320
It has a dark mode, all the modern comforts.

253
00:09:13,320 --> 00:09:15,880
And high accessibility standards, which is great.

254
00:09:15,880 --> 00:09:17,920
Plus, it's available as a Linux container,

255
00:09:17,920 --> 00:09:19,800
which the self-hosted community loves.

256
00:09:19,800 --> 00:09:21,000
So it's easy to get running.

257
00:09:21,000 --> 00:09:22,140
Very easy.

258
00:09:22,140 --> 00:09:24,020
And because it just runs shell commands,

259
00:09:24,020 --> 00:09:25,720
you can integrate it with almost anything just

260
00:09:25,720 --> 00:09:26,960
by writing a simple script.

261
00:09:26,960 --> 00:09:28,560
OK, so to sum it all up.

262
00:09:28,560 --> 00:09:30,240
All of 10 basically bridges that gap

263
00:09:30,240 --> 00:09:33,040
between raw, powerful back end commands

264
00:09:33,040 --> 00:09:35,040
and a simple, safe front end.

265
00:09:35,040 --> 00:09:38,340
It does it by focusing on security through configuration.

266
00:09:38,340 --> 00:09:41,160
And it operates under this really refreshing no-nonsense

267
00:09:41,160 --> 00:09:42,040
philosophy.

268
00:09:42,040 --> 00:09:45,100
You get everything with no tracking and no hidden costs.

269
00:09:45,100 --> 00:09:47,560
So what does this all really mean for you, the listener?

270
00:09:47,560 --> 00:09:49,320
I guess you have to think about it this way.

271
00:09:49,320 --> 00:09:53,280
How many tiny, repetitive tasks do you do over SSH?

272
00:09:53,280 --> 00:09:55,400
How many of those could just become a single button

273
00:09:55,400 --> 00:09:57,080
on your phone, a button you could even

274
00:09:57,080 --> 00:09:58,680
safely give to someone else?

275
00:09:58,680 --> 00:10:00,840
That's the transformation all of 10 offers.

276
00:10:00,840 --> 00:10:04,000
It turns assist admin chore into a simple, secure, repeatable

277
00:10:04,000 --> 00:10:05,040
tap.

278
00:10:05,040 --> 00:10:07,280
And on that note, a big thank you once again

279
00:10:07,280 --> 00:10:08,900
to our supporter, SafeServer.

280
00:10:08,900 --> 00:10:10,860
They handle the hosting of this kind of software

281
00:10:10,860 --> 00:10:13,480
and support you in your digital transformation.

282
00:10:13,480 --> 00:10:15,360
You can find more info and all their services

283
00:10:15,360 --> 00:10:18,200
at www.safeserver.de.

284
00:10:18,200 --> 00:10:21,520
Until our next deep dive, keep digging for knowledge.