You can reduce doorknob turning dramatically by running on a non-standard port.

Scanners love 80 and 443, and they really love 20, but not so much 4263.

I used to run a landing page on my domain with buttons to either the request system / jellyfin viva la reverse proxy. If you’re paranoid about it, tie nginx to a waf. If you’re extra paranoid, you’ll need some kind of vpn / ip allow-listing

That looks promising. Just keep in mind that this will take a very long time to run. I believe there is a *arr out there that can manage this / show progress, but the name escapes me

I don’t do anything interesting. I’ve got the ten workspaces, and win+p to start stuff.

The only interesting thing is win+PrintScrn, which takes a screenshot to /tmp, and then opens it in pinta to crop.

Actually I also have win+z bound to turning off the laptop screen. That’s all I can remember

The VPN catches all network traffic and puts it far away - you can’t be on vpn and see local network resources (casting targets) at the same time.

If your vpn has an app, check your settings for something like “local network access”.

Otherwise, start reading about split-tunnels and/or default gateways

Optimus gets complex quick. You’ll be reading pci bus ids before you know it. Keep the wiki open, go slowly; you got this :)

Yes - the nodes are obsidian pages (markdown files), this view is a napkin-type layout thing that is built in; I haven’t played much with it

You’re running docker inside a vm? Why?

The first thing I would do is learn the 5-layer OSI model for networking. (The 7-layer is more common, but wrong). Start thinking of things in terms of services and layers. Make a diagram for each layer (or just the important layers. Layers 3 and up.)

If you can stomach it, learn network namespaces. It lets you partition services between network stacks without container overhead.

Using a vm or docker for isolation is perfectly fine, but don’t use both. Either throw docker on your host or put them all in as systemd services on a vm.

Now tell me where the cops hide, even when they’re not there

Spread-spectrum audio watermarks will survive multiple re-encodings and are extremely difficult to detect.

Iirc google widevine will embed a device code, and if a pirated copy of some content is found, they will blacklist the gpu’s device code so it can’t receive 4k content anymore. That’s video, but it’s the same idea.

1. Yes, because:
2. It could
3. And if it does, you probably can’t remove it

Streaming sites can embed an unhearable data stream into audio signal. It’s possible

That being said, it’s extremely improbable, given the costs to do it at scale.

If you’re part of a large company’s beta program and have access to some unreleased product, maybe worry.

If you grabbed a file from some mega host updown whatever site, don’t worry.

And if you’re still worried, take a sha256 hash and put it into google search. If you get any results that even mention your file’s title, then you’re good.

Extremely. It’s just slow, but once you get used to that, it’s solid.

I can’t speak to current state; but with any luck we are approaching / entering the post-tracker era. DHT handles the actual “tracking”, and other components are (very slowly) coming out to handle search and reputation.

Wireguard creates a new network interface that accepts, encrypts, wraps, and ships packets out your typical network interface.

If you were to create a kernel network namespace and move the wireguard interface into that new namespace, the connection to your existing nic is not broken.

You can then use some custom systemd units to start your *rr software of choice in said namespace, rendering you immune to dns leaks, and any other such vpn failures.

If you throw bridge interfaces into the mix, you can create gateways to tor / i2p / ipfs / Yggdrasil / etc as desired. You’ll need a bridge anyway to get your requester software interface exposed to your reverse proxy.

Wireguard also allows multiple peers, so you could multi-nic a portable personal device, and access all your admin interfaces while traveling, with the same vpn-failure-free peace of mind.