Charging for certain services is one thing. That’s not what drove the last Plex exosdus.

Most people take umbrage at Plex offering features for free, saying they’ll never be paid features, and then removing them as options for free accounts and effectively paywalling them.

Openness. Most cameras for android phones are proprietary because it’s easier to save money by not having a common controller for cameras and just using a proprietary blob.

Simon Stalenhag! Nice wallpaper. I have a bunch of his images for mine as well.

Depends what version of the Surface, but I have a Surface Pro 6 and it still performs well. I use the Surface Linux kernel.

I’m also old and use iptables at server level as well.

But network perimeter here is the server perimeter, not the network (e.g. router).

Most ppl in my profession would not assume a host’s net controls as “network perimeter”, so I’m not sure what your context is there.

Just because you know how things work, doesnt mean everyone does.

Yeah, fair. But by the same token, we still have to chime in when these terms are thrown around and offered to newer homelabbers. And there is a lot of free security “advice” in these sub’s from folks who have a weak understanding of any of it.

Those are considered firmware, yes. And these can vary in their installation as being updated via the firmware interface itself or some other update mechanism.

Some firmwares like on certain IBM thinkpads, my surface pro 6 and others can be updated directly via a Linux command called fwupd, but the firmwares must live in specifics public repositories.

This news means we’ll all have a much better time using fwupd to update these on dell and lenovo machines, but the firmwares themselves will remain proprietary blobs.

Coreboot replaces the bios/firmware altogether, and it’s not an easy task to get new ones, unfortunately.

With certain devices, yes, it’s possible. My Microsoft surface pro 6 can update its various firmwares from the blobs extracted from the official exe.

Yeah, I’d love to see my idea book not require windows to update firmware.

This is talking about fwupdt firmware and patches, not uefi/bios replacement.

I can confirm that the information is relevant to anyone hosting stuff on the internet

You use ufw at your network perimeter? This is really basic stuff and a fair bit misleading naive.

MaxAuthTries is negated by having no password auth, so no point in having the option.

These are not complete or even accurate.

I’ve used both.

Pihole is fine for a standard replacement of DNS for record lookups with the ad blocking most ppl want. But pihole is just fancy dnsmasq, you can’t manage much more DNS than A records. (That was 4 years ago, though, things might have changed).

Technitium is a real DNS server with all the things DNS I supposed to be able to do. I use it for the zone transfers.

Performance is better than pihole, too, but that may also have changed.

It’s due to the inner workings of the Coral TPU being basically a black box, so even if the community wanted to, we can’t just reverse engineer a driver.

Sure, but with some key management. You can’t just send an encrpyted email unannounced.

I’m not sure what data center will allow you to hodgepodge a 1u cluster of consumer-grade hardware, but heat and power management alone will be a problem.

I understand what you’re saying, but Forgejo has an outdated and made-up-from-thin-air policy. From their security.md:

• You MUST disclose vulns to the author (why are we dictating instead of inviting participation)
• emails about vulns MUST be encrypted (I don’t even understand this one, this gives really strong “we don’t know how email works” vibes)

And it just goes on, like someone from 2003 wrote that policy.

Now, I’m going to agree with you that it’s a bit of a dick move to do the carrot dangle thing, but some vendors/devs just don’t respond without the pressure. And forgejo has been forced by github supporters to implement a security policy after trying to ignore it.

It seems that the author has some ongoing interactions with forgejo, and it would be great if these were disclosed in the article, but forgejo seems to need a kick in the pants, especially over an RCE, the forbidden sev 10 of vulns.

I don’t really see what is so bad here… There was disclosure of type, but no reference to the exact code. This gives the maintainer a chance to reach out for specifics before bad actors can make a pseudo-zero day.

Is it the language you object to?

I do both.

The music I like is in my collection. I pay for it where I can, but I’ll be honest some of it is pirated because I just can’t buy it anywhere.

I also use Opentune to listen to YouTube music without logging in to stream stuff like “lofi chillhop beats”.

I recently saw around here a music discovery service (self-hosted) I might try. Can’t remember the name…

No, I mean outbound. Certbot needs the acme challenge to work properly. https://certbot.eff.org/faq/#can-i-issue-certificate-if-my-webserver-doesn-t-listen-on-port-80

BTRFS and ZFS both use block compression, ZFS by default. It’s meant to increase both storage efficiency and access speed and has nearly zero impact on performance. The files aren’t compressed from the filesystem point of view, which would satisfy your requirement not to need any other tools.

I’m confused about your statement that you don’t want to save space with compression, but you indicated that you want to “make the most of your storage”. Are you looking for long-term archiving?

It’s not clear here if you mean block compression, file compression, or stream compression.