Depending on the number of devices you have, your threat model, it can be helpful to set up a security hierarchy. So you only need to worry about securing the devices at the top of the hierarchy, and can play loose and careless with the devices lower down. That way it’s less likely to lose everything due to one mistake

Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.

My point is that SSH access is very powerful, and effectively means that the security of the SSH server is reduced to the security of the SSH client. If your SSH client is pwned, so is your server. If you have 10 devices each with ssh access to each other, then if any one device is pwned, all devices are pwned as well.

This is not the case for systems designed for file sharing only. For example with syncthing, if one device gets pwned, all it can do is send files to the other devices.

Most people probably don’t care but it can be a security risk, allowing malware to move “laterally” between all your devices. For my main devices I don’t give them SSH access to each other, but I do give them SSH access to my secondary devices (like a Pi-Hole)

I believe they are talking about this: https://dev.to/cypheroxide/why-i-left-hyprland-52fd

Nobody expects things to never break, but stability is a spectrum and clearly hyprland is less stable than the average. That’s the main conclusion I got from the post at least. And less stability means more time needed to fix. Nothing you can do about that aside from switching to a different DE

yes but the problem is having to spend time to fix it in the first place. On a more stable de/compositor like Plasma or Sway, you won’t have these problems

I’ve heard quite a few PyPi and Cargo attacks though, but I bet the main reason why hear NPM so much is simply because NPM is the biggest, and thus the most valuable target

because it’s the biggest. Just like how hackers target windows and not linux (assuming they are targeting users and not servers).

how is this related to NixOS? Once you upgrade your hyprland version on NixOS (which you’ll have to do eventually, at least for security fixes), you have to worry about the config breaking just the same

Rollback means you still have to fix it later, and often it’s longer than a 5 min fix. The post is about the cost/effort of tinkering vs just using a stable system and accepting the lack of certain features

Even with docker, things can get complicated. Like if you use *arr stack for your plex library, but you manually copied in some extra subtitle files, or tweaked the descriptions of some media. Now you have to find those customizations so you can migrate them to the jellyfin library

Very cool, I’ll have to spin up some VMs and test it out myself. Thanks for all the info!

The steam deck might make KDE the most popular

Wow cool! I believe you’re the first person I’ve met that actually used a cluster FS (in their homelab at least). I looked into it myself but it felt like nobody was really using it so I didn’t bother.

Does it involve much more work or is it a fairly transparent replacement to traditional storage options? Assuming one is already using Kubernetes. I’m wondering if it’s worth it to switch to a cluster FS for everything, like Radicale or Tiddlywiki.

Have you tried using Ceph or other distributed storage systems in your kubernetes cluster?

I’m aware of databases that support HA, but the vast majority of self-hosted apps I’ve encountered use file storage, even if they have a database as well. It sounds like you’re proposing shared storage like an NFS share. But if you’re upgrading nodes, at some point you have to upgrade the node hosting the shared storage right? Wouldn’t that take down all services? Unless you use a distributed storage system, but I’ve heard those can get very complicated…

have you found many self-hosted services that suppprt that kind of HA? I can’t imagine services like torrent clients allowing you to stream writes to one node while replicating to the other, though maybe I’m misunderstanding the setup

ok first off, this community is about self-hosting, there just happens to be a lot of overlap between people who self-host and people who care about privacy.

And if you thought privacy was about distrust, that is a very unhealthy view. Privacy-minded folk simply have different principles than the mainstream. But if somebody comes along that shares those principles, then trust can be earned.

OP’s product is open-source and self-hostable. This is aligned with the community. I’m not saying to throw money at the product before it’s released, but it’s worth keeping an eye on, and showing support for.

Ok so you’re a troll then. Fearmongering doesn’t help the community. If you’re against something give evidence. There’s a balance between fearmongering and blind hype.

this reply adds nothing. Please explain your position