Use a VPN, it’s not ideal but it’s secure.

When does your Server actually pull the repo though?

Well, there’s me, my alts and you

I have linkwarden set up for this.

On Android I share to the linkwarden app to save, on pc i use the Firefox addon.

Sure it’s fragmented but I’m already used to doing things different between mobile and pc anyways.

doesn’t cover ISP or commercial equipment

The foreign backdoors will stay for critical infrastructure

because all the other programs, protocol are working fine.

With the shown firewall configuration nothing but NTP should work? You’re dropping outgoing packets by default.

Update your nftables rulefile or use nft commands to update your firewall to the following:

# extract
chain OUT {
    type filter hook output priority 0; policy drop;
    udp dport 123 accept

    limit rate 3/second log prefix "Nftables Blocked: OUT: "
}

chain IN {
    type filter hook input priority 0; policy drop;
    ct state established, related accept

    limit rate 3/second log prefix "Nftables Blocked: IN: "
}

Blocked pakets will show up in the kernel log (dmesg/journalcl)

If you want more information on why it is blocked then enable nftrace for those packets

nft add rule inet/ip/ip6 tablename OUT udp dport 123 meta nftrace set 1
nft add rule inet/ip/ip6 tablename IN udp dport 123 meta nftrace set 1
nft monitor trace

Or

nft add rule inet/ip/ip6 tablename OUT meta nftrace set 1

Or maybe even

nft add rule inet/ip/ip6 tablename PREROUTING udp dport 123 meta nftrace set 1

Additionally you can use tcpdump -i <interface> to show network packets before they enter the firewall, there you should be able to tell what it’s a trying to do.

They are at the mercy of not being shit listed by companies.

That is if they can’t pay for the products through the revenue of the review. Though ofc they still have to have ads or sponsors. Much more important is if they are financially stable and convicted enough not to sell out.

for a homelab I don’t think it’s feasible to fully review the source code of everything you install

Here’s what you can actually do:

• Consider if you actually need the application and stop applications you don’t use
• Don’t allow public access unless it is necessary, consider VPN/reverse proxies with client authentication (if supported)
• isolate applications that don’t need to talk to each other
• • see also rootless podman, firewalls, virtual machines, etc
• • don’t forget network access, if everything runs on 127.0.0.1 and every service shares it then they can all talk to each other! (See also network namespaces or VMs)
• Don’t reuse passwords
• keep software up to date
• actually evaluate the quality of the project if it needs access to sensitive information
• • see open issues, closed issues that stand out
• • check for audits or at least a history of good effort™

Sure you wont always catch ai slop this way but you don’t need to read a line of code to at least be reasonably sure your arr stack won’t get to the family photos.

Can’t have shit in Detroit.

Didn’t pay that, only the microwave light works now.

Don’t you mean: “How much speedtest?”

Windows snobs cant even run Windows on without a super giga 1000€ license for more than 16 Core CPUs

I’m not using Windows servers at home but if I did then a license wouldn’t be a factor when deciding what hardware to buy.

Technically, a copper wire is a battery that charges in (a very tiny fraction of ) seconds.

I’m just having a laugh

https://python.mzonline.com/sketches/argument/

Oh look, this isn’t an argument!

If you’re truly that revolutionary then more than enough people will post for you.

Are ya winning, son?

Launch multiple?

Here:

server {
    listen 443 quic;
    listen [::]:443 quic;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name jellyfin.kitsuna.net;
    http2      on;
    http3      on;
    quic_gso   on;
    tcp_nodelay on;
    # You can increase the limit if your need to.
    error_log /var/log/nginx/jellyfin.access.log;
#    ssl on;
#    ssl_certificate /etc/nginx/certificate.crt;
#    ssl_certificate_key /etc/nginx/certificate.key;
#    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
        ssl_certificate /etc/letsencrypt/live/kitsuna.net/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/kitsuna.net/privkey.pem;
#        ssl_certificate_key /etc/letsencrypt/live/kitsuna.net/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        add_header Alt-Svc 'h3=":$server_port"; ma=86400';
        add_header x-quic 'h3';
        add_header Alt-Svc 'h3-29=":$server_port"';
    location / {
        proxy_pass http://10.159.4.12:8096/;
#       proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
    }
}