This would encapsulate something like enforced Transport encryption.

Yes, this is what we’re discussing… Are you a bot? Or are you really not following the conversation?

deleted by creator

Most selfhosted projects do not store such private data.

That is patently not true, in the self-hosted space or otherwise.

If you want to take some kind of the security stance on pii or other personal data, you may want to take a look at the app’s workflow first before making declarations of “inadequate security”. There are other considerations than simply slapping a self-signed cert on data in transit (or at rest, for that matter). URL encoding, secrets management, api structure, etc.

If you want to architect the security of your data using this app, it is much easier to simply encapsulate or encrypt the transport yourself. A VPN would be fine. An authentication proxy would be another.

Ultimately, your comments on security here need more and better context to meet a reasonable threshold of confronting the dev on it.

It is no excuse that other services do not follow these state of the art protection measures.

Most projects in the self-hosted space put the load of transport security on the user or another system, including big ones like Immich.

Not sure why you’ve chosen to be indignant about this particular implementation.

So there are 3 power modes in “normal” USB; 500mA, 1A, and 2A, all three of these at 5V. The 6T can only deliver 500MA 5V.

There is also provision in the USB spec over USBC for negotiation of power delivery that allows also changing the voltage to deliver more power. The 6T cannot do this, it lacks the usb PD circuitry.

However, it can do org (change to “target mode” to become storage for, say, a computer to access its storage. The 6T can do this with android, but you’re right, I haven’t been able to get it to work with pmos.

I do a lot of tinkering and development with GPS, and I use a few Blox GPS dongles. These need a bit of power to heat the ceramic antenna and atmo pressure sensor. These work with pmos.

+1 for ansible.There’s a module for almost everything out there.

ZFS is slightly more portable than md and comes with some additional benefits and performance tunables you don’t get with md, so that’s my 0.02.

Note that ZFS can use memory for arc, but it is happy to run on much less than what you have. My nas is a rock 5 SBC with 4GB memory and it’s fine, performance-wise, but I’ve run ZFS on much less and it adapts well to more or less ram.

So… RSS is how sonarr and radarr work. What circumstance would make these not work?

I know what Fetcharr does and I still don’t understand the need for it… Radarr and Sonarr both have profiles and upgrade policies for this that work fine.

What’s the use case of Fetcharr?

Radicale + client (Thunderbird on desktop, fossify calendar on phone)

The oneplus 6t can supply 500mA through USB, it just can’t negotiate usbC power delivery.

Logical IP addressing and physical interfaces are completely separate. One physical interfaces with multiple IPs, many physical interfaces bound together into one logical interface, depends on the situation.

Deep packet inspection. Looking for patterns in the actual headers and payload of packets. Computationally expensive.

So you are asking about something that seems simple, but is actually many different components working together. Apple and google have really made this integrated for a long time.

What you want is:

• caldav/cardav server (radicale is good)
• integration into your email client (Thunderbird can do this)
• share-able webDAV service
• some auth in front of this

I’ve left out all the plumbing needed to either support your access to this, or provide secure integration with a 3rd party email service.

This is a hard problem to solve for self-hosting. I have a self-hosted radicale instance and I get around the inter-connectivity by simply exporting ICS files and sending them to folks. Updating meeting times, setting calendar sharing is all very difficult because of above.

You need to chill out and not get so worked up about someone calling out your promotion of honeypots in a forum where the vast majority don’t even know the difference between DNS and PKI, and aren’t clear on the delineation between their LAN and the internet.

There’s nothing to solve, it’s not a CTF.

You misunderstand, I’m not implying your network is a CTF. I mean go to your local security group and watch how pen testers work. I can tell you they certainly do not fall for “tarpits”, even the fairly new kids.

Ultimately, you can do what you want, I obviously can’t stop you.

it will get stuck on even legitimate pages

what

Please go to a local ctf, even just a high school-level one.

Hackers don’t poke around themselves, generally. They use bots and scripts to collect info and then return in person to pry open targets they want or find interesting.

Op is tarpitting with a stream, which is a telltale sign of a honeypot, nothing else behaves that way. So a bot crawling for content? Fine. A bot collecting info for suitable targets? Might get the attention of the person looking. And once you have a hacker’s attention, you might be in trouble if they’re competent and start pressing buttons.

You really have to know what you’re doing to understand where in the stack an attacker is going pull levers, which is as individual as people themselves.

Op, if this is you, do not do this, especially not on your home IP.

Honeypots are a great way to find out exactly what your place is in the hierarchy of real black hats.