This would encapsulate something like enforced Transport encryption.

Yes, this is what we’re discussing… Are you a bot? Or are you really not following the conversation?

deleted by creator

Most selfhosted projects do not store such private data.

That is patently not true, in the self-hosted space or otherwise.

If you want to take some kind of the security stance on pii or other personal data, you may want to take a look at the app’s workflow first before making declarations of “inadequate security”. There are other considerations than simply slapping a self-signed cert on data in transit (or at rest, for that matter). URL encoding, secrets management, api structure, etc.

If you want to architect the security of your data using this app, it is much easier to simply encapsulate or encrypt the transport yourself. A VPN would be fine. An authentication proxy would be another.

Ultimately, your comments on security here need more and better context to meet a reasonable threshold of confronting the dev on it.

It is no excuse that other services do not follow these state of the art protection measures.

Most projects in the self-hosted space put the load of transport security on the user or another system, including big ones like Immich.

Not sure why you’ve chosen to be indignant about this particular implementation.

So there are 3 power modes in “normal” USB; 500mA, 1A, and 2A, all three of these at 5V. The 6T can only deliver 500MA 5V.

There is also provision in the USB spec over USBC for negotiation of power delivery that allows also changing the voltage to deliver more power. The 6T cannot do this, it lacks the usb PD circuitry.

However, it can do org (change to “target mode” to become storage for, say, a computer to access its storage. The 6T can do this with android, but you’re right, I haven’t been able to get it to work with pmos.

I do a lot of tinkering and development with GPS, and I use a few Blox GPS dongles. These need a bit of power to heat the ceramic antenna and atmo pressure sensor. These work with pmos.

+1 for ansible.There’s a module for almost everything out there.

Are you waiting for a kernel patch, or is this support simply not available yet?

ZFS is slightly more portable than md and comes with some additional benefits and performance tunables you don’t get with md, so that’s my 0.02.

Note that ZFS can use memory for arc, but it is happy to run on much less than what you have. My nas is a rock 5 SBC with 4GB memory and it’s fine, performance-wise, but I’ve run ZFS on much less and it adapts well to more or less ram.

So… RSS is how sonarr and radarr work. What circumstance would make these not work?

I know what Fetcharr does and I still don’t understand the need for it… Radarr and Sonarr both have profiles and upgrade policies for this that work fine.

What’s the use case of Fetcharr?

Radicale + client (Thunderbird on desktop, fossify calendar on phone)

Use ps -ef to find the source of the file.

find will catch more if you wildcard the name with "*windows*", but that’s a moot point: we don’t have enough info to jump to “malware” conclusions here.

Looking for malware by hunting for the name in a procid list won’t usually get far, you’d be better to netstat to see what various processes are listening or phoning home to confirm suspicions of malware.

The oneplus 6t can supply 500mA through USB, it just can’t negotiate usbC power delivery.

Deep packet inspection. Looking for patterns in the actual headers and payload of packets. Computationally expensive.

You need to chill out and not get so worked up about someone calling out your promotion of honeypots in a forum where the vast majority don’t even know the difference between DNS and PKI, and aren’t clear on the delineation between their LAN and the internet.

There’s nothing to solve, it’s not a CTF.

You misunderstand, I’m not implying your network is a CTF. I mean go to your local security group and watch how pen testers work. I can tell you they certainly do not fall for “tarpits”, even the fairly new kids.

Ultimately, you can do what you want, I obviously can’t stop you.

it will get stuck on even legitimate pages

what

Please go to a local ctf, even just a high school-level one.

Hackers don’t poke around themselves, generally. They use bots and scripts to collect info and then return in person to pry open targets they want or find interesting.

Op is tarpitting with a stream, which is a telltale sign of a honeypot, nothing else behaves that way. So a bot crawling for content? Fine. A bot collecting info for suitable targets? Might get the attention of the person looking. And once you have a hacker’s attention, you might be in trouble if they’re competent and start pressing buttons.

You really have to know what you’re doing to understand where in the stack an attacker is going pull levers, which is as individual as people themselves.

Op, if this is you, do not do this, especially not on your home IP.

Honeypots are a great way to find out exactly what your place is in the hierarchy of real black hats.