I’ve set up a https://stalw.art/ server recently, and I’m quite impressed. I appreciate that the entire mail service stack is taken care of by a single unified service, except webmail but Bulwark seems really solid. It also works nicely together with Postgres and S3, so I can have the same backup strategy as most other apps I’m hosting.

First and foremost for the outgoing needs of https://nord.pub/, but I’m seriously considering moving personal domains to it as well.

For infrastructure I’m using dedicated Hetzner hosts, with extra IPs for the mail servers, so that reverse DNS is consistent.

Largest problem I’ve seen is that Outlook.com is classifying the emails as spam, even with SOF, DKIM, DMARC properly set up… which is a big reason I’m hesitant to move all personal email as well. I realised that it could be a problem if I ever want to contact companies who use Office 365, which is a lot.

Is it really that different with proof of work? In the end the control is going to end up with relatively few entities that have the resources to build large scale mining farms…

Seen a bunch of theories on this but the most likely one is that the washer ended up in a loop of failing firmware updates, downloading the same thing over and over again. It fits with the graph showing that it’s downloaded data. Could also straight up be a reporting bug in the router as someone else said.

Best option is probably to look for providers that support custom domains, so you can point your domain directly to their mail servers. This usually require a paid subscription. Upside is that you retain control over your domain without having to host any email server.

The problem is that by putting a mail relay in between, while technically possible will break the SPF and DKIM chain for all emails that you forward. I don’t think there is a good way around this since they check against the senders domain (and assuming that you can’t get the email provider to trust your relay server)

Yes, exactly. And by not paying for the subscription you agree to pay with your time.

It also comes down to whether or not it’s reasonable to expect to be able to access streaming media for free. You are making a choice: listen to advertisements, or pay the subscription.

Kind of a stretch to call it getting scammed when he didn’t pay anything…

This really has nothing to do with Smart TVs in itself though… It’s just a problem if you choose to play YouTube videos on your TV, which seems like a pretty reasonable thing to want to do.

You can bind an exposed port to a specific IP by prefixing the IP address like this “-p xxx.xx.x.360:80:80”. Should work in a compose file “ports” list as well.

For outgoing traffic it’s a bit trickier, but if you create a separate network I think it should be possible to inject an iptables SNAT rule to use a specific source IP. Might be handy to make sure you’re sending emails from the correct IP but with your setup I would just make sure to use the primary IP as email egress…

This is case in point though, there’s no way a new Linux user is even going to consider that there is a choice of desktop environment. Of course different distributions is going to be the first one comes across as the most direct analog to Windows/macOS.

I’ve been running straight Ubuntu with ZFS-on-Linux since 18.04, and it has been smooth sailing. If you’re running a lot of containerized things it’s very convenient to just be able to bind mount ZFS dataset into containers.

Normally I prefer CentOS/RockyLinux, or some other EL distribution, but in this case I really appreciate that Canonical isn’t purist enough to ship ZFS as a loadable kernel module that is guaranteed to be in sync with the shipped kernel. And don’t have to deal with DKMS.

I believe this doesn’t apply to the Linux kernel. I mean there is a lot of products that include a Linux kernel and runs proprietary code on top.

I’m not really certain about the legalities, but IIRC it has to do with Linux being licensed under GPLv2 instead of GPLv3(?)

To shreds you say?

While I would say sending MAC Addresses and Wi-Fi names is very far from tracking everything you do on the internet, this highlight another very important point: The routers that provided by ISPs are usually very cheap and crappy, and this in itself security implications.

Like this example of pulling a script from an unverified HTTP source and executing it as root 🤯… Not to mention that firewalling and port forward configuration options may be pretty simplified and limited.

It’s extremely unlikely that they are going to do any kind of deep traffic inspection in the router/modem itself. Inspecting network traffic is very intensive though and gives very little value since almost all traffic is encrypted/HTTPS today, with all major browsers even showing scare warnings if’s regular unencrypted HTTP. Potentially they could track DNS queries, but you can mitigate this with DNS over TLS or DNS over HTTPS (For best privacy I would recommend Mullvad: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)

And of course, make sure that anything you are self-hosting is encrypted and using proper HTTPS certificates. I would recommend setting up a reverse proxy like Nginx or Traefik that you expose. Then you can route to different internal services over the same port based on hostname. Also make sure you have a good certificate from Letsencrypt

Imo the biggest problem with Teamspeak is that it still requires an active connection to the server at all time… So unless your computer is on with the app opened 24/7 you may miss messages. That may or may not be an issue, but you may miss messages that your friends send to the group when you aren’t actively online.

Frankly the UI of TeamSpeak is ageing as well, and there is value in for instance being able to simply attach a screenshot directly in a Discord chat without having to upload it to some external service.

Nah man, this is just some divisive bullshit. How many people have you converted by leading with telling them they’re getting cucked? I think it’s a much greater chance that if you ’accuse’ someone of ”cuckloading” they will just become defensive.

I am also a bit impressed how quickly you brought US politics, slavery and world wars into a discussion about online privacy.

Jesus Christ this is such a toxic attitude…. If you want people to take you seriously I don’t think being an ass about it and rage-baiting people is the right strategy.

The free version is mainly just a number of user and device limit. Although the relaying service might be limited as well, but that should only matter if both of your clients have strict NAT, otherwise the Wireguard tunnels gets directly connected and no traffic goes through Netbirds managed servers.

You can also self-host the control plane with pretty much no limitations, and I believe you no longer need SSO (which increased the complexity a lot for homelab setups).

I believe something like this is supposed to be a use-case of the digital EU Wallet. A website is supposed to be able to receive an attestation of a users age without nessecarily getting any other information about the person.

https://en.wikipedia.org/wiki/EU_Digital_Identity_Wallet

Apparently the relevant feature is Electronic attestations of attributes (EAAs). I’m not really familiar with how it will be implemented though and I am a bit afraid of beurocratic design is going to fuck this up…

Imo something like this would be magnitudes better than the current reliance of video identification. Not only is it much more reliable, it will also not feel nearly as invasive as having to scan your face and hope the provider doesn’t save it somewhere.