My retirement account has roughly doubled between Dec 2021 and now, I basically only invest in mutual funds and ETFs with a medium risk, low fees, and high return according to Morningstar ratings (I’m not sure how reliable those metrics are but it’s what shows up when browsing funds on fidelity and it seems to be picking good options so far)
Not sure about Facebook since authenticating for private videos is a hurdle, but for my partner who uses a mac I downloaded open video downloader which is just a foss GUI for ytdl, it also keeps ytdl up to date which is a requirement for me since I don’t want to be called when it stops working. I think on windows you have to manually install msvc2010redist but besides that it seems to just work out of the box.
Oh nice, I completely forgot about the vault export since I’ve never used it. I was expecting to be able to “view” the passkey data when editing an entry like how you can view the password. It’s kind of inscrutable when viewing a single entry currently.
The key difference is that during normal use, the private key of the passkey doesn’t leave the device (or password manager). The passkey basically comes in 2 parts, the public and private (secret) part. In order to log in, the website presents a cryptographic challenge that is only solvable using your private key - and crucially you can solve the challenge without revealing your private key. An attacker could get your answer to the challenge and still be unable to solve additional challenges without the private part of your passkey.
This of course makes it basically impossible to manually log in using a passkey and a keyboard, without any password manager to do the cryptographic calculations (unless you have a LOT of paper and time), but the security advantage of making it near impossible to be phished is generally regarded as a net positive. In order to steal a passkey there would need to be a vulnerability in the software, since passkeys make it much harder to trick a user into giving it away (since tricking the user into logging in on a fake website doesn’t work due to the aforementioned cryptography, the main way to steal a passkey would be to trick the user into exporting it - which is a much higher bar).
If you mean the “passkeys” that are becoming popular as a “password replacement”, it’s basically speaking a public private keypair. What makes it more secure is that, under normal conditions (aside from backing up the passkey), the private “secret” part of the keypair never leaves the app or device it’s stored on. It’s only used temporarily to sign messages and prove that you have the secret key, unlike a password which needs to be sent securely to a server to validate.
You could in theory store a backup on a USB drive but since passkeys are new, it highly depends on the password manager you use to store the passkey. Since passkeys are more complex than something you can memorize/type, it has to be stored in a password manager of some sort to be useful, so you would need to check that password manager allows backing up passkeys. There is currently work being done to standardize the formats/protocols to transfer passkeys so it seems this is very much up in the air. For example, I use BitWarden which stores passkeys, but it seems like I can only add or delete passkeys to an entry, not export them and apparently they get exported with the passwords when the vault is exported. BitWarden also syncs your vault to every logged in device though so you could see that as a form of backup. Going one step further, even though BitWarden doesn’t have a passkey export/backup feature yet (in addition to Bitwarden’s vault export), the self-hosted server also stores all your passwords including passkeys in regular files which also can be backed up (this is how I back up my VaultWarden instance) - although it would probably be hard to use that backup in any other way besides restoring it onto a BitWarden server instance.
Edit: I didn’t realize passkeys were exported with the vault export, since I haven’t used it and noticed that editing an entry doesn’t allow you to view passkey data - only remove, updated my comment to reflect that.
First I’ll say, if you aren’t able to boot a windows installer off of a flash drive (and nothing’s wrong with your flash drive and you created it without errors and there isn’t a setting in bios preventing you from booting it like disabled USB boot) then it could be a hardware issue that Linux won’t fix (it’s not clear how you tried to reinstall windows). But if you’re able to get to the windows logo or the menu for safe mode then it sounds like it “POSTs” (gets past showing the bios screen) and windows should be reinstallable. In short, I think it’s unlikely to be a problem that only Linux can fix if you want to stick with windows.
That said, if you are otherwise interested in trying Linux and create a USB installer, most will allow you to exit the installer or choose to go into a temporary “live desktop” where nothing is saved, so it’s a good opportunity to try out how that distro feels to use - just don’t save anything important. And if you do end up installing either OS, you can use that “live mode” to use programs to back up any files from your main hard drive to another plugged in drive.
At least with radicle all the forks will still exist even if the authoritative copy is taken down. And even then I think because radicle is like BitTorrent, anybody who pinned the main repo would still be seeding it so it would be very hard to scrub it completely. The main challenge in using radicle is getting an active contributor with some reputation to maintain their copy on there. Otherwise there’s no momentum and nobody will pin the countless mirrors published by randos.
Hah I wish we could ignore them. It seems to just vary from ISP to ISP in the US but our small town ISP turns off your connection and puts you behind a captive portal forcing you to click through and accept what you did wrong before your connection is turned back on.
Our ISP sends 3 strike letters :(
Is running a pds really equivalent to running your own instance? As I understand it, 2 friends running their own pds cannot federate without the centralized relay which still can’t be self hosted.
I’ve done a backup swap with friends a couple times. Security wasn’t much of a worry since we connected to each other’s boxes over ssh or wireguard or similar and used tools that allowed encryption. The biggest challenge for us was that in my selfhosting friend group we all prefer different protocols so we had to figure out what each of us wanted to use to connect and access filesystems and set that up. The second challenge was ensuring uptime and that the remote access we set up for each other stayed up - and that’s what killed the project as we all eventually stopped maintaining the remote access and nobody seemed to care - so if I were to do it again I would make sure all participants have alerts monitoring their shared endpoint.
I tried the .ps one and it worked for me
I can’t wait until the immich photo editor gets enabled and hopefully it eventually duplicates all the google photos editor features because that’s the only reason I keep around the google photos app.
You can achieve a similar thing using vlans - usually by default they’re isolated but you may add specific rules that allow traffic between vlans if it meets certain criteria (specific ports, specific types of traffic, traffic to or from specific hosts, any combination of those). So yeah you can imagine client isolation being like having each client on their own vlan - except without needing a different subnet for each client.
To add to the other reply, client isolation is about controlling whether an ap, switch, or router willingly sends traffic between clients. Because of that, it doesn’t kick in if you listen to packets over the air before they’ve been received by an AP. For that kind of security you need a wifi specific security measure - which I think “enhanced open” is what you’d be interested in. It allows you to have an open passwordless wifi but it generates temporary encryption keys for each connected client, then the rest is as if it was using WPA, so that you don’t need to enter a password but your traffic gets encrypted and protected from anyone else listening in on the WiFi.
If you combine both then you should have a network where each device is isolated both over the air and from a routing perspective so that each device only sees an Internet connection and no other devices.
The same way filebot and any other tool does - the file needs to have some label, either an absolute episode number or a season + episode number. I’m not aware of any tool that is able to look at the contents of the video to figure out which episode it is visually without any information from the filename - but I’d be happy to be proven wrong because I would be impressed.
Sonarr/radarr does analyze the content somewhat but that’s just for gathering resolution, codec, HDR, audio languages, and subtitle information, which can all be added to the filename format for inclusion during renaming.
I second using sonarr/radarr, once imported it detects episodes and lets you one click rename to a specific format and folder organization.
If you don’t want any of the other features of sonarr/radarr (like having a way to filter and manage your collection to see what’s in what quality or from what release group, searching multiple indexers with a single search, being able to send a specific search result to a downloader and have it automatically imported and organized when complete, or have auto downloading based on requests using scoring rules that you set), then there’s also filebot which a lot of people seem to like and seems to be just for matching with online metadata and renaming.
But I haven’t tried filebot since I like the extra features and capabilities of sonarr/radarr. It makes it easy to manage several library folders like an archive for anything that’s been reviewed, is complete, and in a quality/codec that I’m satisfied with, and keeping track of currently airing shows in my active folder which is where I also keep auto downloaded stuff I haven’t reviewed.
I use a nuc10i7fnkn and since transcoding is almost entirely done using the dedicated quicksync hardware in the CPU you don’t end up actually using the CPU much. So I’m sure it would work on an older generation or the i5 version. I don’t know much about the N100 but it looks like it would be very capable. Supposedly it boosts to 3+GHz and it’s a 10nm node compared to my NUCs 14nm. But the GPU has the same number of execution units so I’m not sure if the quicksync transcoding performance is that different. I saw someone mention 3 simultaneous 4K transcodes and I think I got about that much on mine. Generally for quick sync performance you just compare the Intel hd or uhd graphics model (like 630, 730, uhd, etc) and the number of execution units and that should correlate to the performance. Also check the Wikipedia page for quicksync for codec compatibility (under the Hardware decoding and encoding section), but anything recent will handle most stuff you’d need: https://en.m.wikipedia.org/wiki/Intel_Quick_Sync_Video
I actually run my arrstack on a Synology, it has official support for docker and docker-compose. Granted I do have a higher powered model (the DS1621xs+) but most of the arrstack is fairly low power friendly.
You can also get away with running Plex on a nas but I would only do it if 1. Your nas has a quick sync supported CPU and you get that enabled properly or 2. You go the direct streaming only / no transcoding setup - which means checking the codec support for all client devices and either only downloading exactly the supported codecs or pre-transcoding everything.
What I do is actually run Plex/JF on a separate nuc and point it at the nas using a network mount. Just don’t use a network mount for the Plex app database (maybe same applies to JF too), just mount the media files itself. Running Plex and having it access the DB over a network mount is a big no no for various reasons.
Lmao the first thing that came to mind was the “is there anyone else you forgot to ask” meme with apple in between the user and app developer.