Third, a redirect is obvious
A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)
They aren’t. From a comment on https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ublock_origin/ by u/tehdang:
For people who have stumbled into this thread while googling “ublock vs origin”. Take a look at this link:
"Chris AlJoudi [current owner of uBlock] is under fire on Reddit due to several actions in recent past:
- In a Wikipedia edit for uBlock, Chris removed all credits to Raymond [Hill, original author and owner of uBlock Origin] and added his name without any mention of the original author’s contribution.
- Chris pledged a donation with overblown details on expenses like $25 per week for web hosting.
- The activities of Chris since he took over the project are more business and advertisement oriented than development driven."
So I would recommend that you go with uBlock Origin and not uBlock. I hope this helps!
Edit: Also got this bit of information from here:
https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/
TL;DR:
- gorhill [Raymond Hill] got tired of dozens of “my facebook isnt working plz help” issues.
- he handed the repository to chrismatic [Chris Aljioudi] while maintaining control of the extension in the Chrome webstore (by forking chrismatic’s version back to himself).
- chrismatic promptly added donate buttons and a “made with love by Chris” note.
- gorhill took exception to this and asked chrismatic to change the name so people didn’t confuse uBlock (the original, now called uBlock Origin) and uBlock (chrismatic’s version).
- Google took down gorhill’s extension. Apparently this was because of the naming issue (since technically chrismatic has control of the repo).
- gorhill renamed and rebranded his version of ublock to uBlock Origin.
Have you looked into configuring them directly from your NVR? Or third party options? I did a quick search and saw a list of several that as far as I can tell can display Reolink streams (though I haven’t confirmed any can configure the cameras):
And some proprietary options that have native Linux builds:
I haven’t worked with Scribus but I’ve heard good things about it, so I don’t think you’d be making a wrong choice by going with it. For this use case, the main reasons I can think of for why LaTeX would be preferable would be:
Are you familiar with LaTeX? You can use plugins that generate PDFs that follow the PDF/X1-a standard and send the resulting PDFs to professional printers.
TeXStudio is a FOSS LaTeX editor that looks well-suited for your use-case.
Since LaTeX documents are just text and your images are already sorted and so on, you could even write a script to construct the first draft of your doc with the pictures arranged consistently, based off the files in your file system, then edit it to tweak it to perfection. You could also/alternatively create or use some reusable LaTeX patterns.
If you use that docker compose file, I recommend you comment out the build section and uncomment the image section in the lemmy service.
I also recommend you use a reverse proxy and Docker networks rather than exposing the postgres instance on port 5433, but if you aren’t familiar with Docker networks you can leave it as is for now. If you’re running locally and don’t open that port in your router’s firewall, it’s a non-issue unless there’s an attacker on your LAN, but given that you’re not gaining anything from exposing it (unless you need to connect to the DB directly regularly - as a one off you could temporarily add the port mapping), it doesn’t make sense to increase your attack surface for no benefit.
I haven’t personally used any of these, but looking them over, Tipi looks the most encouraging to me, followed by Yunohost, based largely on the variety of apps available but also because it looks like Tipi lets you customize the configuration much more. Freedom Box doesn’t seem to list the apps in their catalog at all and their site seems basically useless, so I ruled it out on that basis alone.
I am trying to avoid having to having an open port 22
If you’re working locally you don’t need an open port.
If you’re on a different machine but on the same network, you don’t need to expose port 22 via your router’s firewall. If you use key-based auth and disable password-based auth then this is even safer.
If you want access remotely, then you still don’t have to expose port 22 as long as you have a vpn set up.
That said, you don’t need to use a terminal to manage your docker containers. I use Portainer to manage all but my core containers - Traefik, Authelia, and Portainer itself - which are all part of a single docker compose file. Portainer stacks accept docker compose files so adding and configuring applications is straightforward.
I’ve configured around 50 apps on my server using Docker Compose with Portainer but have only needed to modify the Dockerfile itself once, and that was because I was trying to do something that the original maintainer didn’t support.
Now, if you’re satisfied with what’s available and with how much you can configure it without using Docker, then it’s fine to avoid it. I’m just trying to say that it’s pretty straightforward if you focus on just understanding the important parts, mainly:
If you decide to go that route, I recommend TechnoTim’s tutorials on Youtube. I personally found them helpful, at least.
I’m not addressing anything Gitea has specifically done here (I’m not informed enough on the topic to have an educated opinion yet), but just this specific part of your comment:
And they also demand a CLA from contributors now, which is directly against the idea of FOSS.
Proprietary software is antithetical to FOSS, but CLAs themselves are not, and were endorsed by RMS as far back as 2002:
In contrast, I think it is acceptable to … release under the GPL, but sell alternative licenses permitting proprietary extensions to their code. My understanding is that all the code they release is available as free software, which means they do not develop any proprietary softwre; that’s why their practice is acceptable. The FSF will never do that–we believe our terms should be the same for everyone, and we want to use the GPL to give others an incentive to develop additional free software. But what they do is much better than developing proprietary software.
If contributors allow an entity to relicense their contributions, that enables the entity to write proprietary software that includes those contributions. One way to ensure they have that freedom is to require contributors to sign a CLA that allows relicensing, so clearly CLAs can enable behavior antithetical to FOSS… but they can also enable FOSS development by generating another revenue stream. And many CLAs don’t allow relicensing (e.g., Apache’s).
Many FOSS companies require contributors to sign CLAs. For example, the FSF has required them since 2005 at least, and its CLA allows relicensing. They explain why, but that explanation doesn’t touch on why license reassignment is necessary.
Even if a repo requires contributors sign a CLA, nobody’s four freedoms are violated, and nobody who modifies such software is forced to sign a CLA when they share their changes with the community - they can share their changes on their own repo, or submit them to a fork that doesn’t require a CLA, or only share the code with users who purchase the software from them. All they have to do is adhere to the license that the project was under.
The big issue with CLAs is that they’re asymmetrical (as opposed to DCOs, which serve a similar purpose). That’s understandably controversial, but it’s not inherently a FOSS issue.
Some of the same arguments against the SSPL (which is not considered FOSS because it is so copyleft that it’s impractical) being considered FOSS could be similarly made in favor of CLAs. Not in favor of signing them as a developer, mind you, but in favor of considering projects that use them to be aligned FOSS principles.
Is there some sort of block chain base registrars out there?
There are handshake domains, which are distributed on a blockchain, but sites that use them won’t resolve in browsers by default
Whereas the signal devs are just sitting on their high horse and doing nothing but stupid cryptoscams.
Nah, they also spend their time squashing FOSS forks
I’ve never used Radicale, but I just looked it up and the homepage talks about enabling authentication. It also supports auth via reverse proxy headers, which is great for anyone who wants to use Authelia, KeyCloak, or another similar solution. By contrast, as far as I can tell, Baikal doesn’t support reverse proxy auth, though it does seem to let you set up auth through the web interface.
Yes, but not really. You can have multiple users but not multiple libraries.
If you need/want a robust multi-user experience, specifically with private personal library support, then Photoprism isn’t going to work, unfortunately.
I’ve been using it single user and it’s been great, though I should add the caveat that I upload my photos to my server using Photosync and don’t give Photoprism write/delete access to my library, so no uploads come from it. I had been using Photosync for years before even hearing about Photoprism so it just fit very neatly into my existing process.
Multi user features are effectively paywalled and not technically FOSS due to not allowing commercial use, but roles are documented at https://docs.photoprism.app/user-guide/users/roles/ and there’s more info at https://docs.photoprism.app/user-guide/users/libraries/
If Photoprism Plus/Essentials features could work for you, but the ongoing subscription is an issue, then you should know that - unless this has changed - you can sub for one month on Patreon or Github, use the info they provide to upgrade to using the Essentials or Plus features, and then cancel the subscription. I still have an ongoing one but I didn’t connect it to my Patreon account or anything so I don’t think anything would change (except for me no longer getting support, if I needed it) if I canceled it.
If you haven’t already ruled it out, I recommend checking out Photoprism. It was the first app I ever self-hosted using Docker and I haven’t needed to change my config because of breaking changes yet.
Have you considered not using the Home Assistant OS? You don’t need to run it to use Home Assistant. You can instead set your host up with some other OS, like Debian, and then run Home Assistant in a docker container (or containers, plural) and run any other containers you want.
I’m not doing this myself so can’t speak to its limitations, but from what I’ve heard, if you’re familiar with Docker then it’s pretty straightforward.
A lot of apps use hard coded paths, so using a subdomain per app makes it much easier to use them all. Traefik has middleware, including stripPrefix, which allow you to strip a path prefix before forwarding the path to the app, though - have you tried that approach?
it now primarily has alt-right, conspiracy and terrorist uses.
Assuming you meant “users” - I highly doubt that the users you described are even a large minority of Telegram’s user base. They’re highly publicized but that’s it.
Telegram is just a tool. How is saying “don’t use it because terrorists use it” different from saying “don’t use a screwdriver because terrorists use screwdrivers.”
Telegram isn’t a secure messenger like Signal, Matrix, the others you mentioned, or other e2ee options out there. It has an extremely limited secure mode that is useful if you need to have a one-off conversation, but that’s it. But if you don’t need a secure messenger and instead want something to replace Twitter, Discord, other social media, or to serve some other purpose, then it’s fine for that.
founder is sketchy
I’m not familiar with the folks associated with the other apps you mentioned, but Signal’s former CEO and co-founder, Moxie, is a pretty dubious character, too. Signal is anti-FOSS: you can’t use their servers if you fork the client; they won’t federate if you host your own servers; they’re opposed to being on F-Droid or even providing reproducible builds; and they have a history of failing to update their repos in a timely manner, to the point that clients built from source couldn’t even connect to their servers.
That all said, I still use and recommend Signal.
In the US, if you don’t proceed to step 3, step 2 is legal (so long as the CD lacks DRM). You’re permitted a single backup under fair use; you’re also permitted to rip the music for personal use, like loading it onto a music player. You’re not supposed to burn it to a regular CD-R (is it illegal? Idk), but burning it to an Audio CD-R (where there is a tax that is distributed to rights holders like royalties) is endorsed by the RIAA.
You have an idea of what you’re buying and you know what you have once you’ve shucked it. The worst case scenario is that it’s not what you expected, isn’t suited for that use case, you can’t find another use for it, and you can’t return it… but it’s not like anyone is forcing you to add an unsuitable drive to your setup.
I’m not convinced