If it’s a backup server why not build a system around an CPU with an integrated GPU? Some of the APUs from AMD aren’t half bad.

Particularly if it’s just your backup… and you can live without games/video/acceleration while you repair your primary?

Good enough? I mean it’s allowed. But it’s only good enough if a licensee decides your their goal is to make using the code they changed or added as hard as possible.

Usually, the code was obtained through a VCS like GitHub or Gitlab and could easily be re-contributed with comments and documentation in an easy-to-process manner (like a merge or pull request). I’d argue not completing the loop the same way the code was obtained is hostile. A code equivalent of taking the time (or not) to put their shopping carts in the designated spots.

Imagine the owner (original source code) making the source code available only via zip file, with no code comments or READMEs or developer documentation. When the tables are turned - very few would actually use the product or software.

It’s a spirit vs. letter of the law thing. Unfortunately we don’t exist in a social construct that rewards good faith actors over bad ones at the moment.

As someone who worked at a business that transitioned to AGPL from a more permissive license, this is exactly right. Our software was almost always used in a SaaS setting, and so GPL provided little to no protection.

To take it further, even under the AGPL, businesses can simply zip up their code and send it to the AGPL’ed software owner, so companies are free to be as hostile as possible (and some are) while staying within the legal framework of the license.

Pros:

• you run a home lab

Cons:

• you run a home lab

Pijul is a very exciting project. I’ve wanted to try it for months buy haven’t found the time.

I’m on iOS and do the same thing.

The WireGuard app has a setting to “connect on demand”. It’s in the individual connections/configurations.

You can then set either included or excluded SSIDs. There’s also an option to always connect when you’re on mobile/cellular data.

I imagine the Android app is similar.

Neat, I’ll have to look it up. Thanks for sharing!

Nextcloud isn’t exposed, only a WireGuard connection allows for remote access to Nextcloud on my network.

The whole family has WireGuard on their laptops and phones.

They love it, because using WireGuard also means they get a by-default ad-free/tracker-free browsing experience.

Yes, this means I can’t share files securely with outsiders. It’s not a huge problem.

SMB : https://en.m.wikipedia.org/wiki/Server_Message_Block

In short it’s a way to share network access to storage across MacOS/Linux/Windows.

MacOS switched from AFS to SMB (as the default file sharing / network storage protocol) a few years ago as it was clear that was how everything was headed - though iOS and MacOS also have native support for NFS.

On linux, you can use samba to create SMB shares that will be available to your iOS device.

It’s a lot of configuration though - so maybe not the best choice.

As for Nextcloud - indeed you can use it in your local network without making it available on your WAN connection. That’s how we use it here.

When we need it remotely - we VPN into our home network. But no exposed ports. :)

Neat solution!

I use Nextcloud. But that also means setting up and managing Nextcloud. By the same token you could use google drive.

For notes and photos you can export them within the app. Notes specifically requires that you print and then hit the share on the print dialogue to save the notes to the file system as a pdf.

Notes also has another option: if you have a non-Apple mail account on your phone - you can enable notes for that email account and simply move (or copy) your notes from one account to the other. The notes will then become available within that email account mailbox structure on any device or machine where that email account is enabled.

For voice recordings you can save any voice recording directly to the iOS filesystem.

The iOS files app also allows you to connect to any other server/desktop via SMB.

There are lots of options here. None are awesome, but they work.

Update: I went and had a look and there’s a Terraform provider for OPNSense under active development - it covers firewall rules, some unbound configuration options and Wireguard, which is definitely more than enough to get started.

I also found a guide on how to replicate pfBlocker’s functionality on OPNSense that isn’t terribly complicated.

So much of my original comment below is less-than-accurate.

OPNSense is for some, like me, not a viable alternative. pfBlockerNG in particular is the killer feature for me that has no equivalent on OPNSense. If it did I’d switch in a heartbeat.

If I have to go without pfBlockerNG, then I’d likely turn to something that had more “configuration as code” options like VyOS.

Still, it’s nice to know that a fork of a fork of m0n0wall can keep the lights on, and do right by users.

If you backup your config now, you’d be able to apply the config to CE 2.7.x.

While this would limit you to an x86 type device, you wouldn’t be out of options.

I am an owner of an SG-3100 as well (we don’t use it anymore), but that device was what soured me on Netgate after using pfSense on a DIY router at our office for years…

I continued to use pfSense because of the sunk costs involved (time, experience, knowledge). This is likely the turning point.

While you’re technically right, I don’t see a material difference between paying with cash and paying with data (Verge sign up is free, but it’s still sign up).

Cluster of Pi4 8GBs. Bought pre-pandemic; love the little things.

Nomad, Consul, Gluster, w/ TrueNas-backed NFS for the big files.

They do all sorts of nifty things for us including Nightscout, LanguageTool OSS, monitoring for ubiquiti, Nextdrive, Grafana (which I use for home monitoring - temps/humidity with alerts), Prometheus & Mimir, Postgres, Codeserver.

Basically I use them to schedule dockerized services I want to run or am interested in playing with/learning.

Also I use Rapsberry Pi zero 2 w’s with Shairport-sync (https://github.com/mikebrady/shairport-sync ) as Airplay 2 streaming bridges for audio equipment that isn’t networked or doesn’t support AirPlay 2.

I’m not sure I’d buy a Pi4 today; but they’ve been great so far.

I don’t think it will be that cut and dry.

A huge number of tech companies are still and/or will always be fully remote.

Over time, the big pay checks that Meta and Google and Apple are offering will be overshadowed by the possibilities of remote work done right (as opposed to simply working as you are in the office but from home).

There are lots of smart, talented folks out there willing to take a pay cut to gain back the time that office culture can waste, commuting first of all.

Sure there are challenges to the sense of togetherness that can help build great teams, but plenty of remote-only organizations make the time and space to foster that appropriately.

Ultimately, I think we’ll find that the eventual competitors to the MAANG-like behemoths emerge out of smart, well designed, remote-first organizations. Though I think Netflix is largely remote - at least for the engineers I know who work there.

Grateful that they don’t. But they have tried to do it with podcasts.

Spotify “pulled an Apple”, bought Gimlet and moved all their podcasts onto Spotify exclusively. I don’t use Spotify and chose to find alternatives. I’m happy I did.

As someone who runs a self-hosted mail service (for a few select clients) in AWS, this comment ring true in every way.

One thing that saved us beyond SPF and DKIM was DMARC DNS records and tooling for diagnosing deliverability issues. The tooling isn’t cheap however.

But even then, Microsoft will often blacklist huge ranges of Amazon EIPs and if you’re caught within the scope of that range it’s a slow process to fix.

Also, IP warming is a thing. You need to start slow and at the same time have relatively consistent traffic levels.

Is it worth it, not really no - and I don’t think I’d ever do it again.

deleted by creator

The only way to ensure privacy is something like PGP. Encrypt before you send. Heck you could even encrypt before you put the contents into a message body.

With self hosted, the messages themselves aren’t encrypted at rest and they are clear text between hops even if those hops support TLS in transit.

Ultimately the right answer for you will hinge on what your definition and level of privacy is.