JustEnoughDucks

Watch out. A lot of controversy over rustdesk because they do some strange things and route all traffic through their server in China or something.

(Not up to date on it, just have heard it many times in passing, worth looking in to)

Syncthing also even has basic version control, just no “web file browsing” interface.

Meanwhile the EU probably pushes for the 100th time to backdoor all communication encryption backed by fascists and Spain trying to put down the Catalans…

And the UK doing the same thing and also a big surveillance state…

Sadly nowhere is great right now.

They can’t last outside of the fridge because the US strips the protective layer from the shells…

Dropping instead of blocking might technically be better because it wastes a bit more bot time and they see it as “it doesn’t exist” rather than an obsticle to try exploits on. Not sure if that is true though.

For me:

• ssh server only with keys

• absolutely no ssh forwarding, only available to local network via firewall rules

• docker socket proxy for everything that needs socket access

• drop non-used ports, limit IPs for local-only services (e.g. paperless)

• crowdsec on traefik for the rest (sadly it blocks my VPN IPs also)

• Authelia over everything that doesn’t break the native apps (jellyfin and home assistant are the two that it breaks so far, and HA was very intermittent so I made a separate authelia rule and mobile DNS entry for slightly reduced rules)

• proper umask rules on all docker directories (or as much as possible)

• main drive FDE with a separate boot drive with FDE keyfile on a dongle that is removed except for updates and booting to make snatch-and-grabs useless and compromising bootloader impractical

• full disk encryption with passworded data drives, so even if a smash and grab happens when I leave the dongle in, the sensitive data is still encrypted and the keys aren’t in memory (makes a startup script with a password needed, so no automated startups for me)

For more info, I followed a lot of stuff on: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server

HealthyPi will be a too option too. Much more fitness focused than pinetime or banglejs

I have been happy with PrivateVPN, but I can’t get a read on them.

They say no-log, but many VPNs probably lie about that. Small, based in Sweden.

I just saw on the kumo app literally just now that they got bought out by Miss Group and are no longer independent like when I started with them in 2019.

They have no strikes against them besides the not-disclosed buyout. No idea if I should switch, but they have good prices and port forwarding.

They are a massive megacorp though. It always leaves me to wonder “how much”.

Tons of capitalist companies do stock options where “technically” the employees own a share of the company, though that percentage is usually extremely small, even collectively such that they have no decision power. I can’t help but think that it is similar with huawei, but with better marketing.

That is very fair!!

But on the other hand, 99.9% of users don’t read all of the change notes for their packages and don’t have notifications for CVEs. In that case, in my opinion just doing updates as they come would be easier and safer.

Doesn’t ucore also have to restart to apply updates?

Not super ideal for a server as far as maintenance and uptime to have unexpected, frequent restarts as opposed to in-place updates, unless one’s startup is completely automated and drives are on-device keyfile decrypted, but that probably fits some threat models for security.

The desktop versions are great!

Well, I didn’t think anyone would be dumb enough to do that, but you might be right…

I am also very low. I just pretty much let someone else take credit for it so that it would actually be taken to management.

I got my company to start using bitwarden. That was a huge step and 1/4 of the company forgot their password in the first 60 days. I sent a big email detailing how to make a mnemonic device with a passphrase that bitwarden generates 😂 complete with photoshop drawings on one i generated. no forgotten passwords since

Well they don’t have to spend their issues on child trafficking anymore because the president supports it and has made extensive use of trafficked children.

And almost all of the domestic terrorist organizations support the government now, magically.

They just need something to do now singer crime is “solved” 🙃

Then the question is: what is being smart or dumb? If acting dumb in 90% of life while having the capability of being smart isn’t “being dumb” then what is?

If someone who has the capability of being 50/100 intelligent and is always acting 50/100, I would argue they are smarter than someone capable of 80/100 intelligence but acts 20/100 intelligence for 90% of their life.

You absolutely can fail. I daily drive bazzite but many things have been pretty rough:

Any coding apps that will use an external device -> you can’t use flatpak. You have to use distrobox that constantly freezes your entire mouse for 3-5 seconds upon any sort of dialog, settings, saving, anything where it has to access the filesystem. Then you have to add udev rules to directories that in the documentation says not to write to, and reloading the rules doesn’t work for testing, you have to fully restart with every minor change or it will seem like the change didn’t work.

Luckily most device drivers seem to work in the provided arch distrobox but holy dependency hell. Things will fail to install because they need a package that exists on the host but not the container so you get an unsolvable “file exists” conflict. When installing a package, it will sometimes just try to grab an old version of a dependency specifically that will 404 out instead of just grabbing the most recent version (never happened on arch itself to me)

Setting up a plasma vault with gocryptfs was not fun figuring out how. Also ran into tons of dependency problems and the fact that fedora just abandoned it specifically. Ended up just having to stick the binary in a random folder and point to it.

Any sort of document authentication/signing -> doesn’t work and will not work in the future for a long time.

You absolutely have to install rpms still for corectrl, any external devices, like drawing tablets, etc…

Some games inexplicably use <50% GPU and <40% CPU with terrible framerates and will not go any higher (or lower) no matter what, switching between low and high settings and resolution results in 0fps change.

When I have my config set and don’t have to change anything, it is super super nice to never have to manually update, but anything outside of very basic usage is weaving through nonstandard undocumented territory.

Bazzite trades maintenance headaches for configuration and installation headaches. For me, that is worth it.

That is the thing. From the business and management side, yes he made them what they are today. He got the government to give absolutely massive subsidies, changed the company culture to be a 24/7 work grind with great pay (if you ignore salary-per-hour which most people do until they get burnes out). That got a ton of shit done very fast, with enough budget to be able to just test and test and test and not need to burn as much money on trying to get it right the first few times while also having state of the art assembly capabilities. That is no small feat and most startup companies can only hope to achieve that runway and engineering power.

People then extrapolate it to “he is some tech genius who built these companies and products and he was the main engineer behind it” No, he absolutely is not, he is a steve-jobs-esque role with decent tech literacy. He is no genius, sociopath who is extremely good at manipulation and getting what he wants, yes. He is closer to an Edison than a Tesla. In the executive world, decent tech literacy and willingness to learn makes you seem like a supergenius compared to all of the other MBA CEOs.

If you ask engineers in his company, since he went crazy and stopped being willing to listen and learn from his engineers, he has been an active detriment, engineering-wise, to the companies. He is not a genius. Just ask Tom Mueller

And then I get down voted for laughing when people say that they use AI for “general research” 🙄🙄🙄

Yeah, they have a spotify connect plugin that works, but chromecast probably will not be supporter because google holds all of the cast keys and esphome/music assistant/ home assistant would have to register with them (and probably play the fees) i think

It’s done for smaller parts with peltiers nowadays. Not that efficient, but there are few options. If you sink it to a large enough surface, it will radiate away.

To be fair though. The experience of google and Microsoft online word/spreadsheets/etc… also sucks ass on a smartphone. Much better, sure, but doing spreadsheets or writing a paper on a phone is a bad experience in general.