At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.

TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)

Navidrome is another server that works pretty well, implements the subsonic protocol ( so all the apps that can cache and stream to your mobile device work). You can have multiple logins, or just share out playlists and albums individually to non-authenticated users.

MoCA is a way to send wired Ethernet up to (300mb/s, at least the version i have) over coax. Verizon fios would provide these devices to send internet to set top boxes over existing coax cabling, but you can get a pair of these devices and send Ethernet in on one side, and Ethernet out the other side.

I have noticed however, it adds a bit of latency to the connection, which may be trouble.

Depending on your use cases and apps, file locking can be problematic when sharing across SMB and NFS simultaneously, their locking semantics are slightly different

TacticalRMM is very comprehensive, self hosted, but more geared towards organizations managing a fleet of machines.

It’s not the Muslims, it’s the evil Christians. Same problem, but different names.

The Germans have Russians. :-/

Passkeys are great, and generally a plus for security; but (a) all the most popular implementations have not implemented key export and transfer to alternate implementations (b) It includes an implementation ID + hardware attestation feature which can be used to disable ‘unapproved’ implementations by key consumers. Considering the most common device with a ‘secure’ environment, and can implement this are your cell phones, and they are made by Apple + Google, this effectively locks your identity to either of these platforms. © All the public signals smell and look like the providers (apple, google, Microsoft) are doing everything they can to implement the features to make lock in all but inevitable, including mandating that implementations user-hostile features, or risk being rejected by sites.

It’s a great idea, and it could be awesome, but things are not being addressed. Or being handwaved as “we can address them later”. This recent discussion from last month (both the discussion in the linked github issue, and in the HN thread both including some key players in the PassKey system) is pretty telling: https://news.ycombinator.com/item?id=39698502

In fact, it can be better: having root means you can arrange additional ‘firewalls’ between apps and your data , or omit/falsify sensor data the the banking app should not need, that the Google is unwilling to implement.

Here’s the REAL reason: Apps grant Developers/Content owners more control/metrics/data about the user to feed their advertisers, which translates to more revenue. It’s way easier to hoover up data about the user outside of the browser sandbox, and in apps.

I wish I knew, but the ad industry LOVES this tech: https://duckduckgo.com/?q=smart+tv+ACR&t=ffab&ia=web Every other result is “How ACR is going to be awesome for advertisers/marketers”. the ones in between are “How to shut off ACR” :-/

No.

Smart TV’s run automatic content detection on all their inputs. You will also be nagged to put the device online relentlessly, and some models will not let you skip internet connectivity.

I see this said every time this comes up.

Are there any efforts starting or even attempting this? Or even taking an existing printer and replacing it’s main board?

IMAP on O365 now requires “Modern Auth”, which requires OAuth to authenticate access to mailboxes. Anything that connects via IMAP will need to be approved by the admins at this point (Including Thunderbird). Without the cooperation of your organization’s IT team, you are not going to get far.

Linux. (ducks)

You can lose your Google account in the blink of an eye with no recourse, no access to support or anything.

With local and my own backups, I can choose to put them at any location, cloud or local.

If it’s a secure enough environment, I imagine that there will be monitoring on the device, and the moment a hub shows up that’s not supposed to be there, or any other USB device tree that doesn’t match the approved list, , alarm bells ought to go off. If it’s valuable enough; the attack would be to use a passive device picking up leaky signals on the wire, or even hidden camera watching screen/keyboard.

Planka looks very promising too

There is no implementation right now that enables you to own and manage your own passkey backups without Google it icloud.

Additionally, the attestation feature is one step away from banks and other sites mandating specific implementations, preventing people from using software tokens or OSS managers.

Passkeys is great, and I am eager to recommend it to everyone, but without those items addressed, it’s a trap door, and one bitflip away from very strong lock in.

You can extract the SLIC value from the ACPI table, and then pass it through to QEMU

See more details here: https://gist.github.com/Informatic/49bd034d43e054bd1d8d4fec38c305ec

It is my understanding that this can only be used to run the OEM license one one instance in a VM, on the specific hardware that is originally licensed. IE, you virtualize the license if the bootOS is Linux, but you can’t run 2 instances of the same windows license inside each other.