When it comes to privacy and security, I think you should treat all cloud providers equally. Use a client with client-side encryption so that the only thing that touches the provider is encrypted data.
Rclone is an example of a good client that can do this, and can even mount your cloud storage as a filesystem with its encryption layer in between.
I’d recommend a full battery calibration before running the command one more time, if you haven’t already (charge the battery fully, leave it on the charger at 100% for a while, then fully discharge until it shuts itself off, leave it for a bit, then fully recharge while off). If the calibrated values line up with a full:design ratio of ~80%, especially with a 10-year-old battery with almost 700 cycles on it, my take is that’s pretty great.
That said, I think the best way to get an accurate feel for the health of an old battery is to put it through one full cycle of normal use and time how long it takes to die.
Best gun-pants ergonomics, tucked in the front
If you’re genuinely worried about this, you shouldn’t be using untrusted machines for remote access.
Apache Guacamole might be a good option. “Clientless” (browser-based), supports various mfa, uses ssh/vnc/rdp on the backend.
However, if the data on that machine is sensitive, or if that machine has access to other sensitive things on your network, I’d suggest caution in allowing remote access from untrusted machines on the wider internet.
The resolution is actually quadrupled by doubling the value of both axes. In this case going from 1500x1424 (2.1MP) to 3504x3327 (11.7MP) multiplies the total number of pixels by 5.4
With the same level of jpeg compression you’d expect it to jump from 700KB to roughly 4MB. Since both images are the same file format, the rest of the file size difference is likely attributable to less jpeg compression being used in the larger image.
Yes, title is a typo. Telegram post and picture indicate Su-34, a twin-seat.
Good luck!
Heyr himna smiður - a medieval Icelandic hymn, set to music by Þorkell Sigurbjörnsson
powertop is a cool tool that can analyze your machine and provide a list of suggested power optimizations
That’s awful, I’m sorry :(
Is your ISP’s infrastructure based on RFC 1149?
5-ish percent isn’t exactly tiny
It would be enormously easier to track Taylor Swift on a random flight in business class, because the moment people saw her on their random flight in business class it would turn into a social media frenzy.
Can’t beat an X230 with an i5 for that use case, and you can still find them for around 100 bucks. Swap in an X220 keyboard, maybe a new battery, coreboot it, and in my opinion you’ve got the perfect laptop. I’ve daily driven that setup for the last 5 years and it’s been great.
Altruistic behavior in social creatures improves the fitness of the group, and has positive evolutionary pressure. Strong, cohesive groups pass on their genes, so actually pretty probable!
I’d personally recommend putting your provisioning steps for each service into Ansible playbooks. That way, you can spin them all up from zero any time, distribute them across different hosts, in vms or lxc containers, any way you like.
Not dumb questions! All part of the learning process.
A dns entry by nature only points to an ip address, and when you go to that address in a web browser without a port manually specified, your browser will by default connect to port 80 (http) or port 443 (https) on that address.
I’m going to explain using port 80 to start, since you don’t have to setup ssl certificates that way.
Your reverse proxy should be the thing listening on port 80, where it will proxy those requests by hostname (your dns entries) to the ports each other service is listening on. For example, the Adguard web ui should be at port 3000 (its default, I think) instead of 80/443, and in your reverse proxy config you’ll set it up have requests to http:// your-adguard-hostname.yourdomain.tld reverse-proxy to port 3000. Put your other services on other ports (ports in the 8000s are common for this), and have your nginx config point to them by hostname.domain.tld the same way.
Set up that way, when you go to http:// adguard.your-domain.tld in your browser, your request will hit your server on port 80 where your reverse proxy is listening, and your reverse proxy will send it to port 3000 where adguard is listening. You could also go to http:// adguard.your-domain.tld:3000 to bypass the reverse proxy.
As an aside, Adguard will also be listening on port 53 for dns requests, and the dns entries for all of the services you set up will be looked up through that port, not the web proxy.
You can apply the same process to port 443, but it gets more complicated because you need to set up ssl certificates for that. For simplicity, you can set up a single self-signed wildcard certificate for your reverse proxy to use, and you don’t usually need ssl between the reverse proxy and other services on the same server. Your browser will complain about the self-signed certificate, but if it’s all internal it’s okay. Setting up proper certificates for each hostname.domain.tld is a whole other rabbit hole, but great to learn and great to have done.
Any proclaimed prioritization of privacy or privacy improvements in stock Android serve only to bring your data more directly under the control of Google at the expense of other entities, so that those other entities must pay Google as a middleman to your data. On stock Android, there is no privacy - Google has access to everything, always.
In my opinion, one step that could reasonably be taken to improve the situation is for Google to go fuck itself, lose every anti-trust suit brought against it, and die.
If your firewall can set outbound rules, and you can control DHCP on your network so that you can reliably know the TV’s IPv4 address, you can block the TV from reaching beyond the local network there with a “deny all from source address of TV” type rule.
If your router/firewall is handling IPv6 though, it gets a lot more complicated, since the TV could have any number of addresses that change often.