thelittleblackbird @ thelittleblackbird @lemmy.world

Posts

4

Comments

97

Joined

2 yr. ago

Every country is sovereign in its territorial. This means that they can:

• confiscate actives in japan
• to pass fines
• to ban the access to the servers
• to ban the operations on its territory
• to jail the company's representative of the country
• etc etc

As an example the EU did exactly this when the gdpr came into play

Yeah man, this a show-a-bit-love message to encourage you to continuous. I really appreciate it specially the small text you always attach to the games.

And if yiir reviews are with the steam deck, even better so I can see what to expect from the not-yet-at-my-hands console

Keep going!

Totally overkill if you cut the specs to the half I have the feeling they are still overkill

The only point are the hdds and the mass storage, I can not decide if it is a lot or not, but for your list I would say that you can even go one order of magnitude down. But it mainly depends if the number of Linux isos you want to archive

My points are totally in the other direction:

• stable, this is critic, if the app is not able to performs its duties with. 2 weeks uptime, then it is bad. This also applies to random failures. I don't want to spend endless days to fix it
• docker, with a all-in-image, and as a nice to have the possibility to connect external docker composes for vpn, or databases
• a moderate use of resources, not super critic, but nobody likes to have ram problems

And then as a second league that lean the balance:

• integration with LDAP or any central user repo
• relatively easy to backup and restore
• relatively low level of break changes from version to version
• the gui / ease of use (in like with the complexity of the problem I want to address)
• sane use of defaults and logging capabilities

That's all from my side

Most of those moderation just step in the moment the lie enters the chat.

And no, you freedom of speech does not allow you to lie without facing the consecuences

Totally agree with the first point, it is a limitation, and the guest wifi sticking to a eth port is just a patch. One that works but still a patch.

But I don't see the point of the prefixes. What do you mean? I also have a custom domain and a local dns server y can use the domain even internally. I just simple ignore that...

True, but I would expect a soon end of life for those too

Fritzbox boxes.

They tick all the checkboxes

• good standards support (including dect protocol if you want to have an ip phone or even iot protocols)
• fast wifi speeds
• cheap (at least for the second hand in ebay)
• super stable, never had a problem with them in 5 years or more
• fast roaming support out of the box

It is a well known brand in Germany but pretty unknown outside that country. Honestly it is the best bang for buck I was able to get.

Honestly, I would spend 10 minutes checking on them

A nas is your friend.

And there is plenty is space in the Caribbean Sea

No idea at all, but I am highly interested in your experience. So it would be great if you could came here back to share it with us

This is the answer

Yes, it will be enough if your services are not exposed via port forwarding , tailscale / zerotier are super convenient for this.

Honestly, if I were you I would start thinking in having a small computer just to act like a proxy / firewall of you synology, or even better, just run the applications on that computer and let the nas only serve files and data.

It is much easier to support, maintain and hardening a debain with a minimal intallation than nay synology box just because the amount of resources available to do so. In this easy way you could extent the life of your nas far beyond the end of life of the Sw

I use the tchapi docker image for the caldav server (die to the LDAP support for the user Auth) and davx5 for the android integration.

In Desktop thunderbird already have a native integration and with iPhone is also working fine.

No problems so far in almost a year, they work reliable and smooth. The only point I somehow miss is the lack of push notifications from the server to the devices, but it is not a deal breaker from me

Another one selfhosting contacts, calendar, notes and so on with that non-interoperable protocol.

And for the shake of honesty I need to say that while doable it is true that the situation could be highly improved with a lot of non standard stuff that private apps are implementing outside of the standard compliance

Don't make it available from internet. This will solve the issue.

If it is not possible, once the cve is published and properly described, perhaps there is another way to secure it via an external proxy or even a waf.

If you have unsupported Sw, it is always a pain in the ass to keep them secure so try to figure out always the first point

Can someone be so kind to explain me what I am seeing?

Because it seems like I am not celvee enough to get it

The answer is mTLS.

But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution

This thing reduces the attack surface of the inmich installation.

If it is good, or bad or fitting to your security model can only be said by you. But honestly it sounds like a sensible thing to do

Even if you have a valid point, modern fingerprinting technics usually is done through your data and the connection dependencies of them (which accounts are activated from the sane computer and so on).

Selfhosting remove some links between your data set like the files you store in drive, the people who appear in your photos, your contact list, to whom you email... Etc etc

Suddenly all this data is vanishing from the big techs, so, in theory it would be possible to make that association process more difficult

Then follow that path, once you are comfortable with the approach you can start hosting more and more services,to the point that you can selfhost your own messenger services or ms teams services.

Once you are in that situation, you can think in accounts rotation and/or burner identities to address the services you can not pull from the big techs