Terminology: revoked means the issuer of the certificate has decided that the certificate should not be trusted anymore even though it is still valid.

If a attacker gets access to a certificates key, they can impersonate the server until the validity period of the cert runs out or it is revoked by the CA. However … revocation doesn’t work. The revocation lists arent checked by most clients so a stolen cert will be accepted potentially for a very long time.

The second argument for shorter certs is adoption of new technology so certs with bad cryptographic algorithms are circled out quicker.

And third argument is: if the validity is so short you don’t want to change the certs manually and automate the process, you can never forget and let your certs expire.

We will probably get to a point of single day certs or even one cert per connection eventually and every step will be saver than before (until we get to single use certs which will probably fuck over privacy)

One reason for the short certs is to push faster adoption of new technology. Yes that’s about new cryptography in the certs but if you still change all your certs by hand maybe you need to be forced …

You don’t need something ever. Sometimes you just want something because the alternative is realy bad. I don’t need to eat. I want to eat because I don’t want to starve.

I want to watch a movie with my partner at the agrees time because otherwise they will be mad. I want to access my digitalized documents to send a letter in time because otherwise I will have to pay late fees. I want to access my gameserver because that’s the one time a week I get to have fun with my friends from my college time.

There are many situations where I’d rather do the thing I want instead of doing maintenance.

There is still a good reason to know about problems early. Without any monitoring you will find out about problems exactly in that moment when you what to use the service that doesn’t work. Sometimes you need something quick and you don’t have time to debug and fix in that moment. If you get an alert early you can decide to fix it right away or in a few hours or tomorrow.

Because they are the player that can do something about the Fall damage. Could also be a sorcerer or wizard.

Not like the whole video goes from 1080p to 720p or something but single bits of the drive will fails over time. If that bit is part of your video file, one pixel of one frame will be the wrong color/black. If multiple bits close to each other fail you might get a video stutter. If even more fail your video player will not play the video at all (or just stop playing at the place of the errors).

That is the smallest scale of self hosting. The server and the client are the same device. It is also the most insecure way as you probably don’t have any backups and very limited storage space.

Actually self hosting is the next step when you decide you want 5+ TB of data and have it automatically create backups. Digital storage media degrade pretty quickly and if you just have your movies on a hard drive in your computer, after 5-10 years you might start to lose quality or some files completely.

That’s what I love about solar energy. Its like the only energy source that doesn’t boil water to turn a steam turbine, use water to turn a water turbine or use wind to turn a air turbine.

Except for those liquid salt solar plants that boil water …

I think its not about reversing the direction of inertia but more of a “you keep your speed when activating/deactivating the belt, just in the other direction”. You can’t use it to cancel fall damage by reversing gravity for 0.1sec before touching the ground because you also reverse your falling speed when you reverse gravity.

That is factually incorrect. Many websites would literally stop working. Not “mildly confuse”, but “be unusable”.

You ever logged in to a website? That’s a cookie. Ever used an online shopping cart? That’s a cookie. Ever changed a websites language in a dropdown? That’s a cookie.

All these cookies are first party. There are also essential third party cookies for thing like SSO (“sign in with google/Facebook/github/etc”)

Tell your browser to reject 100% of cookies and tell me how much fun that is.

“Legitimate Interest” is the bullshit term. Why does an ad company have a legitimate interest to my data? That should be removed from the law.

You most likely pay for a maximum CPU capacity and your Server cant go above that no matter what you run. Your vps provider doesn’t care what that CPU power is used for.

However with limited resources, the tarpit might use up all CPU power and the rest of the webserver will crawl to a halt.

wg-quick creates a systemd service for each wireguard config you have. So if you set up a tunel called wg0, you should be able to run ‘sudo systemctl enable wg-quick@wg0’ This will make your tunnel connect on every boot. I have the same setup on my proxmox, so i can reach certain services of my homelab proxied through a root server (the other end of the wireguard tunnel)

Decryption is not related to root permission.

If the ENCRYPTED drive is mounted to the container, then the container can decrypt it.

If the DECRYPTED drive is mounted to the container, then the container never knows it was encrypted in the first place.

Second case is easier BTW. Just mount the drive on your host, type in the encryption password and you get a new, unencrypted drive. Specify this new drive in your docker compose/docker file.

Generally, Linux Servers are best administered from a command line. At least in the beginning to set everything up. In turn they are faster on lower hardware as they dont even have a graphical desktop at all so need less resources. You could of course install a windows server OS. They can be fully administered through Remote Desktop and a GUI.

There are multiple projects to make self hosting more accessible (like casaOS). They automate many steps of the setup and then offer you a webUI for further steps. Maybe have a look here https://github.com/awesome-selfhosted/awesome-selfhosted?tab=readme-ov-file#self-hosting-solutions

It becomes a whole different thing when you yourself are a creator of any kind. Sure you can retorrent TBs of movies. But you can’t retake that video from 3 years ago. I have about 2 TB of photos I took. I classify that as media.

The post office knows who you are sending letters to. They have to know because they have to deliver it. They do not know the content of the letter. They also dont know if the letter will be passed along by the receiver to a different destination.

Your ISP knows you are sending traffic to a VPN but not where they are sending it to. The VPN knows where you are sending traffic to but not the content of that traffic. So if you browse a website that only serves pirated content, then they knows you are consuming pirated media but not which media.

If the law requires the VPN to report any and all traffic to blacklisted sights then a “no logs policy” would breach that law.

However to make this law work, Italy would have to ban all VPNs and http proxy services outside of Italy. Italy would have to force pretty mutch the whole world to follow this law for it to work.

What happens if you run a tiny server on AWS in the USA to proxy your private traffic. Unless AWS USA is watching all traffic to see if it complies with Italian law there is no way to enforce it.