rentar42

Increase the attack surface compared to what? If you don’t allow/enable any access to services inside your network from outside, then by definition you have fewer attack surfaces than if you add a VPN to that empty list.

So trivially the answer is “yes, it adds an attack surface”.

But what are the alternatives? If you directly expose each individual service on a dedicated port, for example, then you’d add many more (and usually less well hardened) attack surfaces instead.

So if the comparison is “expose 5 web-based services directly” vs. “expose one VPN like wireguard”, then the second option is almost always the clear winner when it comes to security (and frequently also when it comes to ease of setup as well as comfort).

This isn’t specific to just netdata, but I frequently find projects that have some feature provided via their cloud offering and then say “but you can also do it locally” and gesture vaguely at some half-written docs that don’t really help.

It makes sense for them, since one of those is how they make money and the other is how they loose cloud customers, but it’s still annoying.

Shoutout to healthcheck.io who seem to provide both nice cloud offerings and a fully-fledged server with good documentation.

I’ve not found a good solution for actual constant monitoring and I’ll be following this thread, but I have a similar/related item: I use healthcheck.io (specifically a self-hosted instance) to verify all my cron jobs (backups, syncs, …) are working correctly. Often even more involved monitoring solutions do not cover that area (and it can be quite terrible if it goes wrong), so I think it’ll be a good addition to most of these.

At a big enough LAN even just getting everyone to change that setting is probably harder than setting up a central cache. Don’t underestimate the amount of people that listen to instructions, say sure and then just either not do it, or fail to do it correctly.

USB SATA controllers are also very hit-and-miss. There’s plenty of really, really bad ones out there. Either missing features, slow, getting hot or all of the above. If you found one that works well, good for you, but I’d avoid most noname brands, unless I had specific knowledge about the product or the very least the chipset they use.

The problem with your attitude is …

No. That’s your problem with my attitude.

“Free speech” absolutists don’t convince me with their hypotheticals.

Believe it or not: absolute free speech is not the end goal and not as valuable as you all believe.

Forbidding some kind of speech can be okay.

Because not forbidding it creates an awful lot of very real and very current pain. Somehow the theoretical pain that a similar law could create is more important for your argument, than the real and avoidable pain thatthis law is attempting to prevent.

but e.g. American free speech would be nonexistent

And I say that the specific American flavor of free speech is not very valuable at all.

Even if the state apparatus is bloated and needs to be improved, simply firing 10% of your workforce isn’t going to magically improve things (especially when done so quickly). You basically can’t know if you fire useful people or bloat. And for each “unnecessary” person you fire you also fire someone who was the only one in their department understanding their job and doing their actual work.

Don’t you have it exactly the wrong way around?

Also, since the hate itself is already irrational, any additional “quirks” in that hate shouldn’t be surprising anyone.

If the only thing I knew about a given law is that those three complained about it I would immediately and wholeheartedly support and endorse that law. It’s probably awesome and badly needed.

I understand your argument and there’s some truth to it. But on the other hand exactly these kinds of decisions (joining/leaving the EU/NATO/…) have an incredibly strong possible effect, so them being done only based on the decisions of some politicians that were elected on some promises possibly quite unrelated to that decision has its own set of problems.

That example makes sense to me, because it’s an alternative to something like hosting a blog on some third party site: generate it statically and host the result somewhere.

I’ve got the same setup! What I love about authentik is that I can even add a Google login as an authentication method. That severely increases the spouse-acceptance factor, as they don’t have to “remember yet another password” or “carry around another thingie”. Personally I use a YubiKey anyway, but for others who aren’t into it “for fun” or for philosophical reasons reducing the friction as much as possible is paramount.

That’s a great answer if one already has a NAS (which is not unlikely, given the name of the community). But if that’s not already present (or desired for other reason) then a simple media-PC with some built-in storage is simpler to set up.

I suggest to avoid the temptation to get one of the many cheap Android boxen meant for media playback from Ali Express or the like, as they have a strong tendency to be heavily loaded with malware. Definitely not all of them, but it’s really hard to tell which specific one you’ll get.

Now you make me feel old. In “the olden days” before streaming of media over the internet was as commonplace as it was now, that was the standard way that tech-savy people consumed media: Either on their PC or with some set-top box with built-in storage. I fondly remember my PopcornHour, which was basically a line of desktop-boxes that ranged from “basically a hard disk, video decoder and HDMI out” all the way to “can automatically rip your BlueRays”.

A custom “source available” license that may not be as clear-cut as intended and depends on “we know it when we see it” by the authors of the license? You don’t say!

I’ve not tried that myself, but AFAIK VLC can be remote controlled in various ways, and since the API for that is open, multiple clients for it exist: https://wiki.videolan.org/Control_VLC_from_an_Android_Phone

There’s also Clementine which offers a remote-control Android app.

https://lemmy.world/post/12995686 was a recent question and most of the answers will basically be duplicates of that.

One slight addition I want to add: “Docker” is just one implementation of “OCI containers”. It’s the one that broke through initially in the hype, but you can just as easily use any other (podman being a popular one) and basically all of the benefits that people ascribe to “docker” can be applied to.

So you might (as I do) have some dislike for docker (the product) and still enjoy running containers.

I personally prefer podman, due to its rootless mode being “more default” than in docker (rootless docker works, but it’s basically an afterthought).

That being said: there’s just so many tutorials, tools and other resources that assume docker by default that starting with docker is definitely the less cumbersome approach. It’s not that podman is signficantly harder or has many big differences, but all the tutorials are basically written with docker as the first target in mind.

In my homelab the progression was docker -> rootless docker -> podman and the last step isn’t fully done yet, so I’m currently running a mix of rootless docker and podman.

Somewhere a monkey paw finger curls and you’re moved to the timeline where the world is in a nuclear winter …