486

This explains it, although it is not really Git’s fault as that article suggests, but rather the charset conversions to UTF-8 that broke things. With all that fixed it builds fine. I’ve been using DOSBOX and since all the required build tools are included in the repo, it is easy to build.

Did anyone manage to build this? It seems something is missing, or I am doing something wrong. The build fails due to missing symbols for me. Also, interestingly the assembler complained about one line in a certain file being too long. Fortunately that lines was just a comment, so it was easy to fix that.

Matrix also does have a pretty big problem with meta data. By default it stores a ton of meta data (at least the reference server implementation does) and I am not sure if this is even a solvable problem without redesigning the protocol. When opting for an alternative to Signal, XMPP is probably the better choice.

I’d choose LUKS over Veracrypt for simplicity. If the drive is solely for backup, depending on the backup tool you use, you might not even need encryption on the file system level. Several backup solutions support data encryption.

Yes, the Odroid H series SBC probably come closest to OP’s requirements. Schematics are available on their website. They are also really low power with even the older H2 idling below 4 W.

Disableing the root login gains nothing in regarding security.

This is usually not the reason people recommend disabling root login. Since root is an anonymous account not tied to an actual person, in a corporate setting, you do not really know who used that account if you allow root login. If this is relevant for a personal home network is for you to decide. I would say there is not such a strong argument for it to be made in that setting.

Highly susceptible to replay and man in the middle attacks.

fwknop isn’t susceptible to either.

I was thinking about doing something similar and was considering running Android on a Raspberry Pi. There are unofficial LineageOS builds for the Raspberry Pi. I haven’t tried that yet, but I guess it should be possible to use the Jellyfin Android app on such a setup.

There is quite a significant difference. An ssh server - even when running on a non-default port - is easily detectable by scanning for it. With a properly configured Wireguard setup this is not the case. As someone scanning from the outside, it is impossible to tell if there is Wireguard listening or not, since it simply won’t send any reply to you if you don’t have the correct key. Since it uses UDP it isn’t even possible to tell if there is any service running on a given UDP port.

I always found the software updates of AVM - the manufacturer of those "Fritz!Box"es - to be of questionable quality. If you take a look at the source code that they have to release upon request of the GPL’ed source code they use, you’ll notice that they use ancient versions of the Linux kernel, Busybox and other tools. By ancient, I mean many years old, unsupported by upstream for years. Also, they only publish those sources manually when someone asks for them, which doesn’t bode well for their internal development processes. If they used CI/CD pipelines, they could easily push out updates of those sources with every new release…

Getting certs from Let’s Encrypt should work fine with any provider, even if you can’t open any ports, since they do support DNS challenge.

OP mentioned $0.40/kWh, so that would be about $17 per year with a 5 W difference.

Particularly in low-load scenarios there can be quite a big difference when it comes to PSU efficiency. While newer ATX PSUs have become better with regards to efficiency at low load, a Pico PSU can still be quite a bit better. Older ATX PSU often don’t even reach 60 % efficiency at 5 % load (which would be a typical load for such a system at idle), sometimes considerably less than that. At the same load a Pico PSU can easily be at 85 % efficiency.
Of course, at higher loads the difference is way smaller.

Ansible also comes with its own secrets manager ansible-vault, which you can also use to store your secrets in an encrypted file.

Speaking of which, I always had issues with WiFi stability on OpenWrt. Maybe I was just unlucky, but I had issues with both Qualcomm Atheros (ath9k and ath10k) and Mediatek based routers. I couldn’t find anything regarding stability of the WiFi in their hardware database. Is there a list of devices that are known to run reliably?

Mine runs a little under 18 W with one 8 port managed switch, a DSL modem, CM4-based router, a tiny Wifi AP, and an Intel Celeron J4105 based mini PC server.

BirdNet-Pi is awesome. Highly recommended for anyone who likes birds. The BirdNet app for phones is also nice.
Btw, BirdNet-Pi also works fine on the non-plus Raspberry Pi 3.

Any backup software that supports incremental backup should work similarly bandwitdth-wise. I like Restic. You can even do incremental backups with plain rsync, if you want. If your data does not change much, than you should be okay. For the initial backup run it would be helpful if you have physical access to the remote location so you can bring a full backup there without having to upload it through your slow uplink.

From a security point of view it is not a good idea to host multiple web applications in sub directories on the same hostname. With such a configuration, every application sees all cookies from all other applications. This also means that you can have collisions of cookie names between applications if the names are not unique.

So if one application would get compromised, it could easily steal all your sessions for all other applications.