Ephemeral diffie-hellman is exactly that, it’s part of TLS since I think 1.2

At some point there was a browser extension to support DANE (and Perspectives and similar approaches against centralization) but since then, browser vendors fixed that security flaw.

No, but I have a link showing how ISPs and CAs colluded to do a MITM https://notes.valdikss.org.ru/jabber.ru-mitm/

Shorter cert lifespan would not prevent this.

Or just meet and maintain that friendship

Haha, server grade hardware. Impressive, actually, that it survived so many years. I have a similar one in my car and it’s 10+ years old and works okay, but another one that’s permanently sticked in my server with an emergency boot image died when it was needed the most.

I started with Navidrome, then looked at the disk space occupied by my library and it occured to me that 1TB MicroSD cards are a thing now, and I can listen to all my library offline.

Calendar sync? I learned that Nextcloud went to shit again when I missed an event added by my spouse to the shared calendar. Pretty important to me.

Have you found any interesting clients or just “filezilla but for webdav” style ones?

The link to actual announcement: https://blog.torproject.org/introducing-cgo/

It looks like a desktop program from the screenshots but I can’t read corporate good enough to learn if it is one

Cool! Securing the component supply chain is a buzzword managers may find familiar

But the part about a nice email still applies. I’m not in it for the money, no positive feedback can be discouraging - typically I deal with issues where someone has a problem.

Yeah, I felt a little uneasy putting my data on something which could be broken into. Still do, having seen my share of hacked websites at work.

If it helps you, I host everything in subdirectories with non obvious names, so bots only hit 404 pages.

Nextcloud.bonk.xyz -> nope Bonk.xyz/nextcloud -> nope Bonk.xyz/bonkcirrostratus -> good luck guessing that

Yeah, I felt a little uneasy putting my data on something which could be broken into. Still do, having seen my share of hacked websites at work.

If it helps you, I host everything in subdirectories with non obvious names, so bots only hit 404 pages.

Nextcloud.bonk.xyz -> nope Bonk.xyz/nextcloud -> nope Bonk.xyz/bonkcirrostratus -> good luck guessing that

Yup, it worked for me, no incidents. Add mod_security if you’re worried, and of course keep Apache up to date.

I now moved Apache to a separate VLAN on the private side, and have strict firewall rules on traffic from that VLAN only to services it’s supposed to be proxying.

What is “ideal” for you? I use xmpp but some people want stickers and shit and use Matrix instead, it’s much more heavy weight but also has these extra features. There’s also rocket.chat that has all the extra stuff but is not built for federation.

I agree with you on the CLI part. I tried Jellyfin once and it’s basically the same as browsing directories with movies in a file manager, for which you don’t need the whole heavyweight software stack.

I know Jellyfin also has transcoding and probably some even more exotic stuff, but even my phone can play full HD from SMB without transcoding, so I have no use case for these extra features.

Kodi is a good player on TV. Phones and tablets have VLC and MPV.

Yeah, sure, 5 years after google flagged one of the sites i hosted, some firewalls (including isp-level blocks) mark the domain as unsafe. Google removed the block after more than a week but the stink continues until today.

It was also a development domain and we were forced to change it.

Now imagine you’re running a successful open source project developed in the open, where it’s expected that people outside your core team review and comment on changes.