Joe

NFSv3 (udp, stateless) was always as reliable as the network infra under Linux, I found. NFSv4 made things a bit more complicated.

You don’t want any NAT / stateful connection tracking in the network path (anything that could hiccup and forget), and wired connections only for permanent storage mounts, of course.

How will running a CA limit access? eg. Do you want to do client side cert validation? That sounds like an overcomplication. Also not ideal to run a CA (have signing keys) on the proxy server.

It’s a trade off. “Free services” typically require more leg work and can come with legal or security risks. I used to have a great XBMC & torrenting setup years ago. I spent significant time customizing it and various plugins, extending scripts etc. I had fun, and took necessary precautions. Millions wouldn’t. Some are happy to pay €9/month to another evil corp for convenience (where it works for them).

Oh, they do have an plan with ads. You can’t really complain about ads if that is what you subscribed to, I guess. The price difference is €6 vs €9/month in Germany, btw.

The no browser support on phones kind of sucks though.

Disney+ has ads? I’m in Germany and I don’t see any. Where are you?

edit: removed comment about browser, as OP meant on the phone

Or show it in a minimal/headline only form.

Ideally, the app (and lemmy as a whole) would support an optional subscribe-to-spamlist feature, with crowdsourced spam/scam reporting, with some recourse for fake-spam-reports. Individual posts & usernames. Group and server admins can’t be as active as the crowd at large.

Lots of ideas are patented, especially by large companies. Some ideas are pursued by the company themselves, while others sit in the patent war chest to (maybe) generate passive income and help with future litigation. Very occasionally they are used for prevention.

Regardless, such a system would be a reason for many people to avoid buying a particular car or brand of car.

I switched to flatpak steam because of this issue with a couple of games. Still annoyed that arch’s glibc maintainer removed the eac patch.

Deemix is a good way to build up your local cache from Deezer, at which point you can serve it locally.

It will mess with artist renumeration though (which seems important to you), so you might want to find another way to compensate your favourite artists.

You need training material for negative prompts too.

In some countries private law firms chase down infringers on behalf of copyright holders. They then attempt shakedowns with the threat of legal action if you don’t pay. They have a financial interest to catch people, and moral compasses vary.

Also, mistakes can happen (you, your family, guests using your wifi, in the courts, in the ISPs, in the law firms, in the tech they are using to identify people). Shit happens.

And if (when) it happens, then you would still have to deal with it, costing you time and money.

Understand the risks and make choices to minimize them if you can.

Apparmor profiles can be applied to an executable - the profile is then (if so configured) inherited by subprocesses. In my case I have a launch script to run lutris in a safe mode. It also changes the effective gid to be matched by some iptables rules (it was easier than creating a new network namespace, which is also possible). The script then checks that the Internet is inaccessible and that reading/writing to secured paths is denied before launching lutris.

Similarly I have a “safe” script to wrap other commands with an apparmor profile that stops most writes to my homedir/reads from some secure locations, which I often use to run scripts/programs from the Internet.

My sudo also requires a password (or a special keyboard combination, thanks to a custom pam configuration).

All that said and done, I’m sure I’ll be caught off guard one day.

I run a particular online windows game in a modded offline mode under Linux in network isolation and with a restricted apparmor profile. So far so good. Logs show no attempts to break out, except for the smoke test I run to ensure the sandbox is working. This is as much because of the random mods I install as the original devs (who could ban my online account).

On Windows, a VM would indeed be safer. GPU passthrough is possible … I guess easier with Windows using an onboard GPU, then passing a discrete GPU to the VM. You’ll lose some performance with a VM regardless, but it’s easy to disable networking, back up and restore from a known good state, and burn it to the ground when needed.

Your friends will find you wherever you are and will continue asking you such questions. There is no escape.

Where in the world is Carmen Sandiego and Commander Keen … wait a second, the time machine’s dial is broken.

Welcome to the world of Carrier Grade NAT. 100.64.0.0/10 is reserved for this.

If you are lucky, you also have an IPv6 address. The catch is you need IPv6 on the client-side too.

A VPS or similar running wireguard and a proxy might bridge the gap.

It might also be possible to ask your provider for some port forwarding. Probably not, but check anyway.

Good luck!

Dynamic DNS is probably still required, unless his ISP issues dedicated or very long term IPv6 leases.

IPv6 may also “just work” nowadays, too, especially if the aim is to connect from mobile or other consumer networks. Corporate environments are still hit & mostly miss.

Indeed. I wonder if LinuxNet / #linux is still around, actually. That was interesting back in the day, and later meeting many of the characters at conferences and meetups. IRC was great. Patches by email, otoh… Good that it is possible, but PRs/MRs are nicer.

It would have to be a pretty niche project with an involved and dedicated community to get away with that these days.