Don’t trust the corpos but Apple has a history of resisting stuff like this.

It’s really funny to me how so many people are going surprised pikachu over China tech not being crap.

They started with basic manufacturing until no one could beat them, stole everything they could to close the tech gap. But behind that, invested massively into education to the point that they are producing more engineers than the rest of the world combined. They may not be super creative but they are competent enough. Also if one in a million is a genius the “West” has 800 but China has 1500. So yes, of course now their domestic designs will catch up or surpass western ones.

Basically China spent the last 50 years systematically going through the techtree and minmaxing their spies, while the west just kind of aimlessly clicked around.

No, because if you know its not encrypted you behave differently than when you think it is.

Exactly the opposite for me, using official container images is a major time save.

I always wondered about the security aspect of gaming and mods. It feels understudied.

The containers will store their data in volumes, and ideally those volumes are individual ZFS datasets. The containers themselves are stateless, and you can just boot them up with the volume to “restore” them.

However if you want to learn proxmox anyway this is a moot point anyway.

Some concerns:

• get multiple smaller harddrives and put them into some kind of RAID / zpool with redundancy. the drives will fail.
• there is absolutely zero reason to have a VM per service when a container will do. There are no advantages. But VMs will take significantly more resources and be harder to right-size. There is no restore/backup advantage using VMs.
• for that reason there is also no reason to use proxmox in the first place, unless you want to learn proxmox. Truenas scale for example comes with pre-installed k3s.
• I would get a separate hardware firewall because it makes easier to expand the network later.

Anything based on nagios supports custom checks, via any executable script.

apt install nginx
cp -r my-files/* /var/www/

I wouldn’t use it unless you have a separate room somewhere, they are VERY loud.

I disagree with this, container runtimes are a software like all others where logging needs to be configured. You can do so in the config of the container runtime environment.

Containers actually make this significantly easier because you only need to configure it once and it will be applied to all containers.

Docker stores that stdout per default in a log file in var/lib/docker/containers/…

Containers don’t do log rotation by default and the container itself has no say in the matter. You have to configure it in your container runtime config.

In the oidc provider in authentik you have to enable sending the groups. I forgot what its called.

Roles in authentik are for permissions in authentik. You want a group instead. Group memberships are send via OIDC.

I’m not sure if you’ve ever had a public project, but for most people, be it YouTube, twitch, github, whatever, its not so easy. Negative comments grate on you, and, over time, can really take a toll.

William Osman interviewed a bunch or creators about this: https://youtu.be/DVCpKfedfok

Its not as easy as to call people out. Some people go great lengths out of spite, doxx you, send you death threats… Is it really worth it? Not that a “fuck off” will work anyway.

You say people will join you but they really don’t. The reality is there are a ton of crucial open source projects being run by one person on the edge of burnout. See curl, xy, etc.

Money absolutely would help and I wish the EU would put additional funding into this.

I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.

Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.

This is probably the way, because a traditional “mail server” is actually 4-5 different servers working together.

• postfix for SMTP
• dovecot for IMAP
• amavis to plug in…
• spamassassin as anti spam
• clam-av as antivirus

And they can all be very easily misconfigured to break everything completely. Great learning experience though.

AES is already post quantum crypto so that sounds a bit marketingy.

Nextcloud has collabora integrated.