When it comes to privacy and security, I think you should treat all cloud providers equally. Use a client with client-side encryption so that the only thing that touches the provider is encrypted data.

Rclone is an example of a good client that can do this, and can even mount your cloud storage as a filesystem with its encryption layer in between.

If you’re genuinely worried about this, you shouldn’t be using untrusted machines for remote access.

Apache Guacamole might be a good option. “Clientless” (browser-based), supports various mfa, uses ssh/vnc/rdp on the backend.

However, if the data on that machine is sensitive, or if that machine has access to other sensitive things on your network, I’d suggest caution in allowing remote access from untrusted machines on the wider internet.

The real BIFL part about these is that the externals are 3d-printed with open-source files, so if they ever wear out you can easily print new components, and the trackballs are standard snooker balls, also easily replaceable. They’re great.

• Your user account on GrapheneOS is just a local user account
• GrapheneOS comes with its own camera, gallery, contacts, sms, phone, and file manager apps, a hardened fork of Chromium called Vanadium, and an app that lets you install sandboxed versions of google play services and google play store, if you so wish. Nothing else. You can install other apps using F-Droid, or by installing the google play store app.
• GrapheneOS does not have a “cloud”, aside from the web services it uses to check for and pull new updates. If you want to sync files somewhere, you can install whatever you want (Nextcloud, Google Drive, etc)
• F-Droid is a fine choice, and the google play store is as well, all depending on what your priorities are for your phone. I only use F-Droid and have no non-foss apps on my phone for privacy reasons, for example.
• Running your own Nextcloud server is a great learning exercise, but it’s a big commitment of time if you’re not already familiar with linux administration, and if you want it to be secure and accessible remotely that’s even harder. Don’t let that be an impediment to getting a secure phone though - you can always keep using Google Drive for now, and then learn how to set up Nextcloud or some such as you go along.

Good luck!

Heyr himna smiður - a medieval Icelandic hymn, set to music by Þorkell Sigurbjörnsson

piped.video link

powertop is a cool tool that can analyze your machine and provide a list of suggested power optimizations

That’s awful, I’m sorry :(

Is your ISP’s infrastructure based on RFC 1149?

🥲

DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below:

192.xxx.x.47 plex.yourdomain.xyz
192.xxx.x.53 snapdrop.yourdomain.xyz

What is your root filesystem installed on - lvm, zfs, or bare disk partitions? Are you booting with grub (legacy/bios) or systemd-boot (uefi)?

Can’t beat an X230 with an i5 for that use case, and you can still find them for around 100 bucks. Swap in an X220 keyboard, maybe a new battery, coreboot it, and in my opinion you’ve got the perfect laptop. I’ve daily driven that setup for the last 5 years and it’s been great.

Altruistic behavior in social creatures improves the fitness of the group, and has positive evolutionary pressure. Strong, cohesive groups pass on their genes, so actually pretty probable!

Monit would be perfect for this. You can configure it to monitor log files and restart things under various conditions, and it’s got nice alerting built in.

I run a librespot server at home, but it has an issue where it can’t be discovered by others once someone has connected to it. I use monit to monitor its log file for a specific line that shows playback has been paused, and then restart it, which makes it discoverable again.

https://mmonit.com/wiki/Monit/ConfigurationExamples

https://wiki.archlinux.org/title/Monit

I tried AT&T fiber for a month, but it’s a never-ending arms race between their absolute piece of shit gateway and the new methods people develop to bypass it. In the end I went back to the awful 15mbps upload of cable I could use with my own equipment, over the symmetrical gigabit fiber with a mandatory gateway (with a rental fee) which I’d only use in “passthrough mode” that still runs every packet through a state table that maxes out at 8000 entries. I was paying rent for a device whose only purpose was to authenticate to their network and throttle my traffic.

Still bitter about it, clearly lol. I’d pay 4x as much if I could just get an ONT.

If you don’t mind the state table and rental fee things, you’ll probably be fine. Just be sure to run everything behind the gateway behind your own firewall, since AT&T can log into it and change whatever they want any time.

Setting the managed switch port to untagged with a PVID of the desired VLAN will effectively extend that VLAN to all of the ports on the unmanaged switch. Your managed switch will “see” the multiple networks, and treat anything in and out of that port as part of that specific VLAN, and everything on the other side of that cable will only “see” a single normal layer 2 network.

Any VLAN tags will be ignored (and probably stripped) by the unmanaged switch.

It’s still right to complain and protest about something that is unjust, even when ways to circumvent it exist. Because the next logical policy step is to ban VPNs, as many countries already have, and the solved problem becomes unsolved again.

Bromite before it died, RIP :( Vanadium now with regular dns adblocking where security matters, Fennec where it doesn’t.

The standard of “you will be prosecuted and punished for publicly criticizing the ruling party/leader” certainly disqualifies China from being called a democracy, regardless of how many students they massacred or why.

Wow the country that massacred a bunch of unarmed college students in Tiananmen Square for protesting for democracy has democracy?