Thanks for the correction. It’s a shame that sysadmins balcklist middle nodes too, since they won’t see any TOR traffic originating from your IP address anyway.
Thanks for the correction. It’s a shame that sysadmins balcklist middle nodes too, since they won’t see any TOR traffic originating from your IP address anyway.
Make sure to not refresh the page, else it seems like all progress is lost.
I found out simultaneously that I enabled pull down to refresh the page in Firefox Android.
Edit: The survey wasn’t created by me, I just shared it.
There’s different types of relay, including exit relays, which are the legally problematic type. Middle, guard, and bridge relays don’t face the same issues with law enforcement and IP blocking.
Yes, there’s many ways to make programs unable to use other network interfaces. E.g. I’m creating a network namespace with a single wg0 interface, which I make services use through systemd NetworkNamespacePath.
That said, I’d argue gluetun is pretty much foolproof, especially with most people using docker which messes with iptables (edit: although I don’t know if this’d be an issue for this use case).
Yeah, I’m not sure whether Bitwarden always had support for exporting the vault on mobile, but it’s an awesome feature.
Transcoding and transcoded downloads does not seem to be merged yet, altough there’s a working PR.
Almost all oft their breaking changes over the last few months were about their docker-compose setup and the simplification of the same. They’ve startend out with multiple purpose-specific (micro) containers, which turned out as a Bad design decision. These changes require manual intervention but seem to be mostly finished, so I don’t expect these to be many breaking changes in the forsseeable future.
The better you plan ahead, the fewer breaking changes you have to impose on your users.
I agree. From what I’ve read, they now have (published) plans for what’s ahead.
desec.io can be used with any domain registrar and has an API with support for various ddns clients (ddclient, lego).
deSEC is a free DNS hosting service, designed with security in mind.
Running on open-source software and supported by SSE, deSEC is free for everyone to use.
Edit: To clarify, desec.io does not sell/rent domains. Desec has to be set as the authoritative nameserver on the registrar, then desec can manage domain records instead of the registrar (which usually also provides their own domain hosting for “free” by default).
It might depend on the particular bridges, but all mautrix- bridges work great for me with conduit. In a way adding bridges to conduit is easier since it’s all done through the admin room on conduit.
I’m using Proxmox with a NixOS LXC for Jellyfin/*arr. The media is stored on a single btrfs HDD, because high uptime (RAID) isn’t necessary for me and it’s media I can simply redownload.
I’m looking into switching to NixOS on bare metal, because I don’t need the UI of proxmox and most other features.
Symphonium is great for music, even though it’s closed source and paid. I’m mostly using Spotify though.
Findroid is an awesome native Android app for watching tv/movies, altough it doesn’t support transcoding.
Immich recently changed license from MIT to AGPL. As far as I understand they can’t sinply relicense to a non-free license unless they redo a good chunk of code from the last half a year.
If they still used the MIT license I’d be worried too.
I personally would be hesitant to host Immich publicly until they’ve done a security audit. The risk of accidentally exposing my photos publicly is too big for me.
That’s why I recommend using Tailscale or Wireguard directly. Personally I’m using Wireguard for me and Tailscale for other people I want to easily access my services.
The global IPv6 address is usually not directly reachable from the internet for incoming traffic. There’s still the router with a firewall which blocks all incoming connections, so having an IP for each device doesn’t make a difference for security.
With IPv6 ports still have to be forwarded on consumer routers by default, the main difference is that it doesn’t have to be translated to a different IP.
This also means I can have multiple hosts on my home network listening on the same ports, because their public IP’s are different.
Immich has breaking changes too often, so I disabled auto updates for the server and phone app. Updating every few months with backup beforehand is a good tradeoff for something as important as images.
Reading patch notes is especially important with some Immich releases requiring minor admin intervention, e.g. running an extract metadata job.
I really like Jellyfin MPV Shim, which supports casting from any jellyfin device and automatically opens mpv. E.g. I have jellyfin in my browser set to cast to the mpv shim by default, so after clicking play in Jellyfin web mpv automatically opens in fullscreen.
With MPV supporting almost any codec and proper HDR tone mapping, I don’t worry about transcoding or whether the image looks right.
Whether a device is wired or on wifi matters on some routers, because some routers have wifi and wired devices on different subnets by default. It’s unlikely, so I wouldn’t worry, unless you notice accessing it only works wired.
Iirc Plex supports transcoding for downloads, while Jellyfin only allows downloading the original file. But I’ve heard transcoding downloads is broken on Plex, so ymmv.
Intro skip is only available as a plugin on Jellyfin.
Also, Findroid has a better ui and supports downloads, while the official app has more features (ie. settings/admin panel).
Or simply set up wireguard.
At least I suffered from terrible battery life with Tailscale, while 24/7 wireguard isn’t even showing on the battery stats.
Wireguard is awesome and doesn’t even show up on the battery usage statistics of my phone.
With such a small attack surface I don’t have to worry about zero days for vaultwarden and immich.
I’m not the creator of the survey, but I’ve just send them the link to this discussion on Mastodon, so they can take the feedback into account.