Sure. Most of the actual traffic is encrypted by https these days. So they can’t look inside. But they can see to what IP you send these encrypted packets and from where packets come to you.

With DNS they can see what domains you typed in and your computer looks up. Just the part to the .com or something and nothing after. And sure, they’re preconfiguring their DNS server. Because they’re an internet service provider and you pay them to provide services like domain name lookup to you. They’re certainly not going to preconfigure a server of their competitors and funnel your data to them.

With something like Mullvad, if you configure that correctly (!) also your DNS requests go through an encrypted tunnel. Now your ISP can only see you connect to some Mullvad server. And now Mullvad provides DNS to you and they’re now the ones who can see what kind of domains you look up.

You can often just change your DNS settings. Either in the devices or for all your network in the router. But mind that plain DNS on port 53 is unencrypted. You’re connecting to a different setver then, but theoretically they could snoop on you if it’s an unencrypted connection.

Isn’t there some ISP in the US that is kinda trustworthy? I mean Mullvad or all the other VPN services are companies, too. Depending on your use-case and threat scenario, you might want to choose a different ISP if you’re afraid of them… But I’m not an expert on American companies. And I also use third-party DNS servers. I own my Wifi router and I set the DNS to opennic.org and also configured an AdBlocker.

Port forwards in the router + DynDns.

Though those leaks showed they actually did it on a large scale. I don’t think they stopped for some arbitrary reason. Why would they? And technology developed further, surveillance is only getting easier. I’d say even without a tin-foil hat on, it’s more likely they do it than not.

Well, centralization and giving up your freedoms, letting someone else control you, is always kinda easy. Same applies to all the other big tech companies and their platforms. I’d say it applies to other aspects of life, too.

And I’d say it’s not far off from the usual setup. If you had a port forward and DynDns like lots of people have, the Dns would automatically update, you’d need to make sure the port forward is activated if you got a new router, but that’s pretty much it.

But sure. if it’s too inconvenient to put in the 5 minutes of effort it requires to set up port forwarding everytime you move, I also don’t see an alternative to tunneling. Or you’d need to pay for a VPS.

Ah, nice. Alright. Thanks again. I’ll see how I can do it. Unfortunately I’ve already set everything up, joined Rooms and connected a few bridges. I hope it doesn’t break. I’ll do a backup first. Seems reasonable and not that hard to upgrade.

Oh well, seems both reasonable. Maybe I should switch before the projects diverge too much. Conduwuit seems pretty active. Hope it stays that way.

Do you happen to have a link where I can read the backstory myself? Thanks for the info anyways. Seems to be a good call.

I found that. Seems it mainly addresses caching and database performance, adds some admin and moderation commands. I’m not sure if it addresses any of the shortcomings I have.

My main question is: Which one is going to be maintained in the years to come and have the latest features implemented? And secondly: Why a fork? Why don’t they contribute their fixes upstream to Conduit?

Ah, well I only read the official documentation on https://docs.conduit.rs/

I’m gonna take a look at this later.

Depends a bit on how much images and videos get shared. If its mainly used for chat by a bunch of people and a few gifs and stickers in-between, it shouldn’t consume that much storage. But sure if you frequently share all your vacation photos, the cache is going to grow fast.

Definitely the whole server name. Other servers and clients can’t guess that information. I think it’s properly documented how to do it.

I installed it like 2 weeks ago. As of now it’s still running and has a really low memory footprint compared to Synapse. But a lot of things aren’t implemented. Chatting works fine. I get a lot of warning messages about not implemented things, though. Like my client (FluffyChat) trying to query some profile status … I’d say try it. I’ve done so. But I can really only give some good advise after a few more weeks of using it. Maybe there is a dealbreaker.

Nice, didn’t know about HomeBox. Are there other good inventory systems for home use?

You could also try the ROCm fork of KoboldCpp

Koboldcpp bundles an interface ontop of llamacpp. And generally it’s relatively easy to get it running.

These days you really better pay attention what you’re buying and what kind of ecosystem you’re buying into.

I get why they check if it’s children with accounts they’re not supposed to have… I once saw a documentary about VR. And there are lots of adults enjoying adult content. Mingling in virtual bars and clubs and doing adult stuff. I’m not sure if VRChat etc are available on the Meta devices… But it’s not great that children are in those virtual areas. Not for them and not for the other people who want to do their thing. So I get why they’re cracking down on this and forcing people to use the correct account.

However, requiring phone numbers, ID and credit cards is ridiculous. And lots of services do it. Google also restricted my account (for claimed suspicious activity) and now they want my ID. And I refuse to provide it.

And cosmos-cloud.io too.

I think you mentioned the major ones. I don’t think I’d give any of them perfect score. But I’ve had a look at most of them. And I’ve been using YunoHost for years.

I’d really like to have something that I can recommend to people, without any downsides. Maybe for small businesses, too. Or non-profits / clubs etc who need a mailinglist and a Nextcloud.

We probably need one super popular self-hosting solution. With SSO so it’s simple to invite friends. Atomic / A/B updates so it’s indistructible. Backups preconfigured and a Marketplace with 1-click installers. Backed by a non-profit or nice community and non-commercial.

As of now all advice here is kinda missing the point or wrong… (Exept the one recommendation to do updates ;-) I wouldn’t use Cloudflare as it’s really bad for freedom, watches your traffic and most interesting things aren’t even in the free/cheap plans… You can’t restrict connections to the “Established state” or you can’t ever connect to your server… And SSH is a safe protocol. Just depends on the strength of your passwords… And yeah, opening ports is never 100% safe. Neither is using computers. They can be hacked but that’s not helping… And I’d agree using Wireguard or Tailscale would help. But you already said you don’t want a VPN…

I didn’t have a proper look at the Forgejo Docker container. I’d say it’s safe. It’s probably using keys instead of passwords(?!) I hope they configured it properly if they ship it per default. And it’s running sandboxed in your Docker container anyways and not running a system shell on the machine.

The issue with SSH is, there are lots of bots scanning the internet for SSH servers and testing passwords all day. Your server will be subject to a constant stream of brute-forcing attempts. Unless you take some precautions. Usually that’s done by blocking attackers after some amount of failed login attempts. This is either preconfigured in your Docker container (you should check, or watch the logs.) Or you’d need to use something like fail2ban on top. Or ignore the additional load and have all your users use good passwords.

(What I do is use Git over https. That worked out of the box while ssh would have required additional work. But I also have lots of other ports forwarded to several services on my home-server. Including ssh. No VPN, no Cloudflare … I have fail2ban and safe passwords. I’m happy with that.)

It depends on the exact specs of your old laptop. Especially the amount of RAM and VRAM on the graphics card. It’s probably not enough to run any reasonably smart LLM aside from maybe Microsoft’s small “phi” model.

So unless it’s a gaming machine and has 6GB+ of VRAM, the graphics card will probably not help at all. Without, it’s going to be slow. I recommend projects that are based on llama.cpp or use it as a backend, for that kind of computers. It’s the best/fastest way to do inference on slow computers and CPUs.

Furthermore you could use online-services or rent a cloud computer with a beefy graphics card by the hour (or minute.)

As far as I know you want a web application firewall to block attacks. A reverse proxy is just to proxy requests and doesn’t necessarily care if it forwards legitimate traffic or attacks.

Maybe you can find a guide/tutorial on how to set it up?

Usually you need the correct packages installed on your system to enable something like VAAPI or QSV. Then you need a version of ffmpeg with that enabled. And then configure it in Jellyfin correctly.

I don’t have any specific insights on how to do it with Fedora. I suppose it’s very similar to how it’s done on other Linux distros.