I think ZFS does some advanced stuff which makes it better than just relying on hardware checksums (which have been shown to not be so great)

How about bitrot?

Qubes OS doesn’t have GPU acceleration using Virtio-powered interfaces if that’s something you need. Also it’s based on Xen and you are not encouraged to mess around with dom0.

TBH if there’s a way that you can attach to the display output of a VM with a GUI when you start your computer, it will probably fit your use-case perfectly. I haven’t found a method to do this but I think there should be some way to attach directly to the display of a VM after booting up.

Those remote access fears can be solved with a wireguard VPN

And I’m running 2 relay nodes. The TOR network desperately needs exit nodes to relieve the bottleneck at the exits, and that’s where I want to help.

Of course, it’s not for everyone, which is why one could just donate to the TOR foundation (or whatever they are called) and that money goes into infrastructure.

I’m not a native speaker, I assumed obfuscate meant hiding the IP address. I mentioned it because you asked.

I didn’t make a new account just for this lol, it’s just that I’m passionate about it.

They do, but VRAM. Unfortunately, the cards that do have that much of memory are used by OEMs/corporations and are insanely pricey

Pray tell me how I misinterpreted it? If running an exit node is going to help marginalized communities bring forth their voice (even the fringe cases that I don’t agree with, because I believe technology should be accessible to everyone), why shouldn’t one do it? Other than mortal risks like jail time because stupid senators can’t be bothered to get their heads out of each others asses.

The reason to use Orbot is to obfuscate the IP

Edit: I’m a different guy from the one you responded to earlier

I don’t know why people are recommending apps like Navidrome and Jellyfin when it isn’t a music server that you’re looking for but a way to share the music collection.

With that said, I can think of 2 approaches, and (likely) the easier option will be to use the help of such a server. Both will require a VPN server in the cloud which will be redirected via NAT/reverse-proxy into your network.

1. Use something like Navidrome with LDAP/Auth solutions like Authelia. User has to authenticate themselves to access their account on the service like something in the cloud.

2. To offer more barebones access to the underlying storage directly: set up NFSv4 for Kerberos.

And you’d rather have Iranian women and Ukranian men not being able to voice their opinions because you don’t agree with helping them “break” laws?

Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn’t the most trivial thing. With that said, dekstop linux/windows isn’t a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there’s a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I’d like find a way to do it just for browsers on Android using adb if possible

Running a CA is cool however, just be aware of the risks involved with running your own CA.

All they say that if the private key is stolen then you’re screwed. Think about it, if an attacker can:

1. Get into your network.
2. Presumably bypass key-based ssh/container runtime protections
3. Access pod/VM which is running the CA
4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
5. Steal private key without you knowing from your logs

You have a much bigger problem my friend

why is creating one’s own CA the wrong way? I don’t want to have to pay cloudflare or porkbun to run HTTPS at home

The easiest way is to pay for a public domain, use a subdomain of that which does not have an A record on the wide internet, and then use certbot to get Let’s Encrypt certificates for them and auto-renew. Stuff these in your individual reverse-proxy instances (or propagate them, no idea how) and you’re done

So, you want an LDAP server or a forum? That’s either FreeIPA or hosting Discourse

Is there an SLA on the Hetzner storage boxes? What do you think about their reliability (will they recover if their underlying hardware fails?)

How much does OVH cost you for storage?

I admit that Storj is less expensive but it has egress costs which B2 + cloudflare doesn’t (the latter with a free account)

That’s personal pictures, ripped media, documents, some sensitive information etc. Netflix can go to hell

Any storage provider with client-side encryption

Personally I’m using rclone with the crypt backend of top of the usual b2 remote