I denied play store network access too 😆.

Seriously, some apps just check if it’s installed or not. I use Aurora for actually downloading apps.

Google Keyboard has network access, so it can theoretically log every keystroke and send it somewhere.

Personally, I installed GrapheneOS which lets me deny network access to the keyboard.

Whenever I ssh into it.

What’s crazy is that my small UPS consumes 20W at idle (fully charged; AC connected).

I got my server down to 40W too, and the UPS ate all the savings.

That’s amazing. I’ll have to take your word for it. I only have Firefox on my devices.

I didn’t open port 53. It’s DoT.

Even then, it took some extra effort to ensure it didn’t return internal network addresses from the outside.

Not quite pihole. I just slapped Lowe’s adlist on BIND9.

I found this was returning localised results from the other side of the planet, so I kept connecting to slow servers when more local ones were available. I ended up rolling my own from home. The only problem is there’s no way to do access control so I just have to hope not too many find it.

Good luck with using AI. The training dataset will be polluted, and so will the data of individual accounts.

My TV is signed into YouTube as me, but all my kids use it to watch Minecraft videos. Google probably knows my age by now, and all this will get flagged as typical viewing for a millenial.

Yes, git.

When you upgrade your desktop PC, plan for it to be the home server after that.

I got a rackmount case to transplant my old desktop montherboard into every 5 years. I also got a 4-port NIC so it can also be a router. My server is a 4th gen Core i5 and it’s still plenty of power for a home server.

If you’re a laptop guy, I’m not sure what you’d do. Maybe ask friends for their old desktops. The Win10 discontinuation next month would be a great opportunity to snap up some business PCs destined for landfill.

For Home Assistant, I think you either need Docker or a dedicated box. I kinda hate how there isn’t a .deb package for it like literally every other service on my server.

I signed a mortgage with a bank that was a 37 hour drive away before. One of my current banks is a mere 9 hour drive to the nearest branch.

It seems really weird to have any functionality that’s available on an app but not a website. Usually the app is stripped back to cover just the common website functions. I say this as a developer who writes both finance web frontends and mobile apps.

I would just use a web browser. The apps do the same thing, but get it done a bit quicker.

Thankfully my banks don’t use hardware attestation.

Oh, you have 10 random singles in the same directory? That must be an album all from the same artist!

Meanwhile I applied for reimbursement on my failing Pixel 6a battery and Google keep asking for proof that I own this phone. They won’t even allow it on RCS. The trust issue goes both ways.

I do find it suspicious that governments are targeting Signal’s E2E encryption but not RCS, FB Messenger or WhatsApp. It’s clear which ones are compromised.

I did this a few months back.

Some things aren’t as great, but you get full control and your server idles way better on JellyFin.

I set up my postfix server so that anything after a hyphen (“-”) becomes a wildcard. It like Gmail’s “plus addressing”, but the hyphen is more subtle. It means multiple users can make infinite aliases on one domain.

So, “user@domain.com” has the same mailbox as “user-somesuffix@domain.com”.

The educational route I took was Hurricane Electric’s free IPv6 online course. It taught me a bunch of networking principles. When you finish the course (and get “sage” status), you get free lifetime DNS access. This includes dynamic DNS that automatically updates when your IP address changes.

Because of this, I can self-host on a basic residential plan without paying for any additional services.

If your reverse proxy only acknowledges jellyfin exists if the hostname is correct, you won’t get discovered by an IP scanner.

Mine’s on jellyfin.[domain].com and you get a completely different page if you hit it by IP address.

If it does get found, there’s also a fail2ban to rate-limit someone brute-forcing a login.

I’ve always exposed my home IP to the internet. Haven’t had an issue in the last 15 years. I’m running about 10 public-facing services including NTP and SMTP.

Firefox has a fingerprint resistance setting that sets the clock to UTC. It messes up a lot of sites. There’s 10 million people in my timezone so I just leave it.