RSA4096 has a bit of an edge over ed25519 both in effective key size as well as support by things like YubiKeys and other HSMs that is beneficial for GPG but not really helpful for SSH.

SSH generally best to use ed25519, for GPG RSA4096 is better supported by HSMs and slightly more secure for longer-lived keys like root keys.

Yeah, I used Chrome up until extremely recently because genuinely no browser Just Works to the extent Chrome does.

Fast, good media codec support, Web API support for hardware access for PWAs, doesn’t lock up w/ a lot of tabs (post-quantum FF is better about this, but not quite there), excellent DevTools, and just generally snappier and more polished than even chromium.

I switched to firefox recently exclusively for better home-manager support, and other than the ability to use home-manager more easily, it’s just a slightly slower and jankier experience at all times whether it’s requiring transcode for Jellyfin, laggy WebGL performance, janky DevTools, or missing WebAPIs.

Same

Solid Explorer

Very similar heuristic here, insofar as when to use passphrases and how long.

LUKS and Bitlocker volumes get 8 words, computer logins usually get 4 words (potentially more depending on frequency/criticality of system).

Smartcards and mobile devices do have numeric pins due to frequency of use and relative difficulty in copying those for offline attacks.

Websites that are filled in w/ password manager get passwords get the random symbol-laden strings that ‘meet requirements’

If that is the threat model then Signal is not and never was fit for purpose at all.

Because every time I’ve complained about not wanting to give my phone number to sign up for Signal I’ve been lectured about how Signal is “all about privacy, not anonymity and those are not the same thing” and how that is good for the average Joe even if it isn’t useful for journalists and activists, and what you’re saying goes completely against that by suggesting that the police are somehow unable to get the phone number out of the thing that uses the phone number as the user id.

You’re describing how a real privacy-focused app like Briar functions, but definitely not how Signal does.

That’s a pretty silly headline for an article that quite clearly states that the issue was with the router’s data usage reporting capabilities.

I’ve been using a homebrew solution (https://github.com/mlaga97/qr-inventory-manager) for a few years now with decent success. At some point I need to check out Homebox and Snipe-IT to see if one of those would be a better fit or if I should buckle down and document my solution.

Yet in the same posts they insult people who don’t have the same opinion as them.

I’m betting it’s the use of the phrase “objectively easier” when that is incorrect by argument of geometry. The “objectively” riles people up.

There is a reason why forklifts have rear-wheel steering (and therefore behave much like an automobile driving in reverse): having the point of rotation towards the direction of motion allows for much more precise maneuvering, much like you would need to do in a larger vehicle trying to fit into a tight parking space.

Okay, so how do you bootstrap a new server in that system?

What do you do when you just created a server and can’t get new users because you aren’t whitelisted yet?

But what if you do handful of users to start out, or just yourself? How do become ‘active’ without being able to federate with any other servers? Talk with yourself?

Obviously biased, but I’m really concerned this will lead to it becoming infeasible to self-host with working federation and result in further centralization of the network.

Mastodon has a ton more users and I’m not aware of that having to resort to IRC-style federation whitelists.

I’m wondering if this is just another instance of kbin/lemmy moderation tools being insufficient for the task and if that needs to be fixed before considering breaking federation for small/individual instances.

Systems backup to NAS via restic

NAS restic repo is stored online on a dedicated internal drive, which is mirrored to an external drive (normally kept offline in a safe when not bein synced), and offsite is a 3rd copy to Backblaze B2 using rclone.

My partner and I self-host a matrix server + element frontend locally, and we are both in a few federated chats with people and organizations elsewhere.

We mostly stood it up to replace a discord server that we were using for communication, organization, and home automation in anticipation of API/policy changes on Discord’s end. For that application it has worked really well and it’s a lot easier to integrate with software that spams log or alert data.

I honestly hate that I can’t just deploy docker compose files directly to kubernetes seamlessly, and instead have to translate them to manifests. I’d say that having to drop all of that existing configuration as well as not being able to easily copy docker-compose’s for random new software I find is the biggest blocker for me being able to actually commit to using kubernetes.

Docker swarm is pretty easy to set up and use (and lets you use compose files directly!) and is probably more than enough average self-hosters/homelabbers, but if you want to do something super fancy related to clustering there’s a good chance you’ll hit functionality walls quickly.

Kubernetes is a pain to set up but is very flexible and ‘scalable’ to incredible levels, while being massive overkill for most applications.