It’s mostly to allow the reverse proxy on localhost to connect to the container/service, while blocking all other hosts/IPs.

This is especially important when using docker as it messes with iptables and can circumvent firewall like e.g. ufw.

You’re right that it doesn’t increase security on case of a compromised container. It’s just about outside connections.

Some I haven’t yet found in this thread:

• rootless podman
• container port mapping to localhost (e.g. 127.0.0.1:8080:8080)
• systemd services with many of its sandboxing features (PrivateTmp, …)

I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.

Trying to actually restore is the best way to ensure the backup works. But it’s annoying so I never do it.

I usually trust restic to do it’s job. Validating that files are there and are readable can be done with restic mount, and you’ve mentioned restic check.

The best way to ensure your data is safe is to do a second backup with another tool. And keep your keys safe and accessible. A remote backup has no use of the keys burned down.

A basic requirement most devices don’t meet is the ability to relock the bootloader. Other than Fairphone, Google Pixel and OnePlus basically no manufacturers allow unlocking and subsequently relocking the bootloader, which makes custom ROMs inherently less secure than stock. This keeps CalyxOS from most devices. LineageOS can’t be relocked and thus is able to support way more devices.

Others have pointed out more in-depth security requirements GrapheneOS specifically thinks of as mandatory (they do take security very seriously).

I use Findroid for its great UI but also its ability to download and watch offline. It’s a better experience and I was surprised Jellyfin Android didn’t support it.

I wonder how much money Plex still makes through their lifetime purchases. Is it that they were struggling and then made bad business decisions with the aim on increasing revenue (ad supported video on demand)? Or was it the other way around?

In the 80s new systems usually came with new OSs, which required porting software it. Thus a lifetime license was practically limited.

I wouldn’t be as opposed to a subscription model if it was cheaper and they focused on their actual core product, not all the other fluff around. 5€/m is a bit much given they don’t pay for my bandwidth. And if they didn’t store my media info, history etc…

To me there’s a major difference depending on the cost of the provided service. I don’t know what features crowdsec provides, but if it’s mostly providing lists and all the blocking etc happens locally, I don’t see how they lose much money on this free service. Gathering the lists is something they’d have to do anyway to service their paying customers.

If Cloudflare stopped making Cloudflare Tunnels free to use, I’d be more understanding since bandwidth costs them relevant amounts of money.

If your anything like me you’ll forget what PPAs you’ve added in a few months. Or rather, forget that you’ve even added things like PPAs. That’s why I stick to flatpak if its not in my distro’s repos.

If the person would answer almost instantly, 24/7, without being annoyed: Yes. Checking important information is easier once you know, what exactly to type.

These tools are also useful for finding large files in your home directory. E.g. I’ve found a large amount of Linux ISOs I didn’t need anymore.

Do you delete all your files on a reinstall? Documents, photos, videos, games?

Fclones is a great tool, but it’s for finding duplicate files and replacing them with sym-/hard-/reflinks.

I recommend using the --cache option to make subsequent runs extremely quick.

If you need a more interactive method, gdu is awesome. And if you’re using btrfs, btdu gives preliminary results instantly (which get more precise over time).

Matrix won’t necessarily download all state/messages automatically, but if your client requests a non-available message your matrix server will query other matrix servers for it (backfilling).

E.g. if you scroll up to older messages, it might take a a few seconds but your client should eventually show them.

Matrix server use a back-off for servers sending messages, so if your server is offline for many hours, it might take a day for your servers to get messages pushed to by other servers again.

Given how updating apps automatically in the background wasn’t possible until recently, I do think Google wanted a strong monopoly over android. Yes, they allowed device manufacturers to pre install their own store, but they still had to include many of the Google apps to call it Android.

Given it seems to be a single guy doing his thing I don’t expect them to get bought out.

It’s a great service and incredibly cheap. With advanced pricing I’m only paying ~0,40€ per month. My domain + purelymail is less than I’d pay for other providers email only.

Edit: If Amazon increases their prices they’ll have to pass it on, but those should be pretty consistent. If you use your own domain (or an alias service) switching email providers is simple anyway.

Mindfactory is selling Factory Recertified Seagate Exos and Ironwolf Pro.

They were also reportedly one of the shops (unknowingly) selling used HDDs with SMART values reset as new.

https://www.mindfactory.de/Produkte/Seagate_Factory_Recertified/

A project ending as abandonware is always a possibility. One reason projects get abandoned is losing funding, which can be secured by using dual licensing and selling some features to businesses.

They use AGPL so even if they broke their promise and restricted features, it could still be developed further (even if no new features got added). NGINX also uses a dual license.

It’s sad to hear about his passing. His videos about the Pi3 were great for me at the time. It’s been about 8 years and looking at the thumbnails of his videos brings back memories.