The author of the article is clearly just confusing “encryption”, “cryptography” and “hashing”. Reading the full article makes it clear that the intention was to salt and hash the passwords, not encrypting them.

The OP made the argument that Zuckerberg wanted to know their passwords, such that if the users reused the same passwords elsewhere, then he would be able to log in there and check out their accounts.

For example he could have seen a profile he was interested in, nabbed their password and looked into their email.

Not that he wouldn’t have godmode on their Facebook account, and needed their password to access their account, because of course he could have just accessed those accounts without needing the password.

I have not heard this rumor before, though I wouldn’t be completely surprised if it was true.

I really don’t see much benefit to running two clusters.

I’m also running single clusters with multiple ingress controllers both at home and at work.

If you are concerned with blast radius, you should probably first look into setting up Network Policies to ensure that pods can’t talk to things they shouldn’t.

There is of course still the risk of something escaping the container, but the risk is rather low in comparison. There are options out there for hardening the container runtime further.

You might also look into adding things that can monitor the cluster for intrusions or prevent them. Stuff like running CrowdSec on your ingresses, and using Falco to watch for various malicious behaviour.

ZFS doesn’t really support mismatched disks. In OP’s case it would behave as if it was 4x 2TB disks, making 4 TB of raw storage unusable, with 1 disk of parity that would yield 6TB of usable storage. In the future the 2x 2TB disks could be swapped with 4 TB disks, and then ZFS would make use of all the storage, yielding 12 TB of usable storage.

BTRFS handles mismatched disks just fine, however it’s RAID5 and RAID6 modes are still partially broken. RAID1 works fine, but results in half the storage being used for parity, so this would again yield a total of 6TB usable with the current disks.

SSD longevity seems to be better than HDDs overall. The limiting factor is how many write cycles the SSD can handle, but in most cases the write endurance is so high that it’s unreachable by most home/NAS systems.

SSDs are however really bad for cold storage, as they will lose the charge stored in their cells if left unpowered too long. When the SSD is powered it will automatically refresh the cells in the background to ensure they don’t lose their charge.

Nope, those steps are the steps needed to legally watch Netflix on Asahi Linux on an Apple Silicon device, because Google has not officially released the widevine library for that platform

But the author is actually using less data than expected, because he’s paying for 4K, but only able to watch up to 1080p

My home-assistant installation alone is too much for my Raspberry Pi 3. It depends entirely on how much data it’s processing and needing to keep in memory.

Octoprint needs to respond in a timely manner, so you will want to have the system mostly idle (at least below 60 percent CPU at all times), preferably octoprint should be the only thing running on the system unless it’s rather powerful.

If I were you, I would install octoprint exclusively on your Raspberry Pi 3, and then buy a Raspberry Pi 4 for the other services.

I’m running Pi-hole and a wireguard VPN on an old Raspberry Pi 2, which is perfectly fine if you are not expecting gigabit speeds on the VPN.

Yeah agreed… Now the cable takes up space in all three directions, where as if you just use a good old cable tie, it will mostly take up space in one direction…

I could see some point in using it to bundle up a bunch of cables under a table, so they are in one nice bundle and you can’t easily open the clip and take out one of the cables, but not for storage.

Well… If you want to earn A LOT of money before mainframes are entirely sunset, and are perfectly happy maintaining code that’s older than yourself and only working for very rigid banks… Then COBOL isn’t actually that bad of a choice…

If you like your sanity, you should probably tear clear, though.

Unfortunately true, but what a wonderful language it is.

According to Karl, Billy must pay all the legal fees if he withdraws from the lawsuit. He must also pay the legal fees if he loses. Billy’s only way out of paying would be to win the lawsuit.

So the longer Karl strings him along, the more the fees will mount.

And since Billy doesn’t have a leg to stand on he can either withdraw now, pay a lot of money, and admit he lied. Or he can keep fighting mounting more fees in the slim nope of winning.

Ah, you’re on Windows, I completely missed that from your original post… Then it makes complete sense.

Can I ask why you say that Docker is “too much”?

Docker generally simplifies the installation and deployment of very many applications, and makes upgrades of the apps extremely easy.

And it has an extremely low overhead…

Correct!

• VPN - hides that it’s you downloading stuff.
• Radarr - downloads and organizes movies.
• Sonarr - downloads and organizes TV series.
• Prowlarr - allows searching many torrent and usenet sites simultaneously, and makes the results available for the *arr services.
• qBittorrent - downloads the torrents that Radarr and Sonarr requests
• Jellyfin - mediaserver that can stream the media downloaded by the *arrs to you smast TV, computers, phones and tablets.

While shorter lived certs certainly improve the general security, certificate revocation lists are what you need if a cert gets compromised.

Wait until you set up cert-manager to issue both Let’s Encrypt certificates, as well as generating your own CA and issuing certs from your own CA where you can set the validity however want.

Sure! https://i5.walmartimages.com/asr/06bf4a0c-3d45-4ef9-933f-d54ebbecd3ce_1.4852b4aee31d6489ca7687824d58cda9.jpeg

Streamio + Torrentio

The reason a VPN is better to expose than SSH, is the feedback.

If someone tries connecting to your SSH with the wrong key or password, they get a nice and clear permission denied. They now know that you have SSH, and which version. Which might allow them to find a vulnerability.

If someone connects to your wireguard with the wrong key, they get zero response. Exactly as if the port had not been open in the first place. They have no additional information, and they don’t even know that the port was even open.

Try running your public IP through shodan.io, and see what ports and services are discovered.