Huh, Authentik was what I used before Kanidm. Wasn’t anything wrong with it per se, but there where a lot of moving parts and complexity rhat didn’t really serve a purpose for me.

I thought about kubernetes or proxmox, but I don’t really see any reason to. All my containers are controlled via podman quadlets, and either run on a single machine locally, or on a VPS.

On how you want to slice up the hardware - I feel like there isn’t one right answer, and I’d do whatever feels most comfortable to admin for you. I feel like for homelab workloads, any half-reasonable setup should work fine, just make sure you have good backups.

On SSO - I have never tried Authelia, but am personally very enamoured with Kanidm. It’s very lightweight, and has pretty good default settings.

On reverse proxy - I personally use Caddy, but Traefik is good too, and can do more stuff out of the box. I just mount the certs I need readonly in the container of the service that needs them. Clunky, but works well enough for me.

That’s good behaviour? It respects your choice of Store, and only updates the app via the Play Store if you explicitly request it.

If the people you want to have access have static, exclusive ip addresses. Which is pretty unusual, these days.

Didn’t Vivaldi? I don’t really use them cause I mostly avoid non-FOSS software, but I seem to remember them announcing they’d be keeping support.

Out sound like you are outsourcing comment-writing to an LLM.

If you need to keep windows around, you can also do what I do for my VMs. Download Win11 Enterprise IoT LTSC from massgrave.dev. Doesn’t have Bing search in the search bar, just local, no Co-pilot, no bullshit.

I’d prefer not having to use it at all, but some software just doesn’t play nice with wine yet.

Yup, typo. It is lit, though.

I have deployed LiveKit for my homeserver yesterday. I’m not gonna lie, it does involve a bit of work, but once it’s running it is very seamless.

I had a brother laser printer with a pre-heating roll that went bad. Sourcing a replacement for that was pretty annoying. But I get your point.

Yeah, I usually approach this stuff from the standpoint of someone who is already actively self-hosting. For people stuck in Google/MS, it is certainly better.

Vaultwarden is free. Bitwarden is free. Bitwarden Premium is 10€/year.

For what it offers, Proton is pretty expensive. They are also making inter-operation with other services difficult or impossible.

There’s much worse, but they aren’t that great either.

… sure. Nothing here is wrong, but there’s ways to try and mitigate that. And then it’s kinda an arms race, and vigilance.

Good as a general recommendation.

I also feel like the risk levels are very different. If it’s something that performs a function but doesn’t save/serve any custom data (e.g. bentopdf), that’s a lot easier to decide to do than something complicate like Jellyfin.

I do have public addresses for Matrix, overleaf, AppFlowy, immich because they would be much less useful otherwise. Haven’t had any problems yet, but wouldn’t necessarily recommend it to others.

I’d never host any stuff with “Linux ISOs” on a public adress, that seems like it’d be looking for trouble.

What annoys me with Tuta is that they make PGP encryption very difficult (they don’t implement it at all, you have to use external solutions, which is made more difficult because you can’t use external clients).

They argue it is less secure than their solution where they send non Tuta users a link and you give them a password. I argue that PGP is something people would use, while their solution isn’t.

Proton does implement it, but I also have my gripes with Proton. Both of them feel like they want to build a walled garden / avoid being inter-operable.

However, this is likely apocryphal, since it was popularized in the 1940s, almost 50 years after the town was founded. The most likely origin is from nearby Chicken Creek, as noted by Josiah Edward Spurr in 1896, “The creek is so named from the size of the gold, which is about that of chicken feed (corn).”

Hey, that was made at my former uni. And now I’m wondering whether other unis adopted it. It always seemed like a neat solution.

Google search app, and Google news, I’m pretty sure.

Anti-Clickbait. Much more likely to actually make me click, though.

I still find them preferable. Less “sponsored” stuff, etc. More tags, etc. for search.