Thank you, that’s an excellent read! This reminds me of the “expected value of perfect information” - sometimes it is worthwhile to answer a question, and sometimes it isn’t. Every once in a while I find myself in an engineering call discussing a minor problem, and I run the numbers to see if the change we are discussing is even worth talking about. One time the combined salaries of the people on the call had already outpaced the cost savings of the change over the next 10 years. We quickly stopped that discussion lol

Is American Pragmatism a thing? If you explain it to me, will I feel better about myself?

Indeed, and good points. How many users do you have? I assume this isn’t just for you, and setting up multiple nfs shares with tailscale access policies isn’t feasible. SMB might be the best play. I’ll have to refresh my memory on file sharing protocols

NFS for storage, tailscale / wireguard for access control?

Put http://0.0.0.0:11473

Your current setting is the “loopback” address. You’re listening for traffic to this address, and the only thing that can send to the loopback is yourself. This is a safe default, it means only the computer running the software can talk to it. Generally 0.0.0.0 listens on all available addresses. If that doesn’t work, use your local / internal ip.

This ui smells like it’s trying to hide the implementation details, but that makes things extremely difficult when troubleshooting

You can reduce doorknob turning dramatically by running on a non-standard port.

Scanners love 80 and 443, and they really love 20, but not so much 4263.

I used to run a landing page on my domain with buttons to either the request system / jellyfin viva la reverse proxy. If you’re paranoid about it, tie nginx to a waf. If you’re extra paranoid, you’ll need some kind of vpn / ip allow-listing

The other six are (copied from the article):

1. PUBG (3.2 mil)
2. Counter-Strike: Global Offensive (1.8 mil)
3. Counter-Strike 2 (1.4 mil)
4. Lost Ark (1.3 mil)
5. DOTA 2 (1.2 mil)
6. Cyberpunk 2077 (1 mil)

Other comments here do a great job pointing to DH key exchange; I’d like to try explaining it with the paint analogy.

You and Youtube need to agree on a “color of paint” (encryption key) without ever sending it over the network.

You and Youtube agree on a common “yellow” in the clear, and you each pick a secret color. Youtube mixes yellow and their secret and sends it to you. This is okay, because un-mixing paint (factoring large prime numbers) is really hard. You add your secret to the mixture, and now you have yellow+Youtube’s secret+your secret.

You mix yellow and your secret and send it to youtube. Youtube adds their secret; now they’ve got yellow+Youtube’s secret+your secret. You both have the final color!

An eavesdropper can’t reconstruct this - everything sent over the network had yellow mixed in, and un-mixing paint can be really hard. Maybe you can guess that green minus yellow is probably blue, but you can’t get close enough to decrypt anything. And what if it’s brown? Is that blue + orange, or is it red + green?

Cryptographers have worked very hard to make the communications secure. I would be more worried about the other end ratting you out - using a relay / proxy / vpn that you trust is a good idea :)

Are you telling me that pop tarts are not in fact ravioli?

I don’t do anything interesting. I’ve got the ten workspaces, and win+p to start stuff.

The only interesting thing is win+PrintScrn, which takes a screenshot to /tmp, and then opens it in pinta to crop.

Actually I also have win+z bound to turning off the laptop screen. That’s all I can remember

The VPN catches all network traffic and puts it far away - you can’t be on vpn and see local network resources (casting targets) at the same time.

If your vpn has an app, check your settings for something like “local network access”.

Otherwise, start reading about split-tunnels and/or default gateways

Optimus gets complex quick. You’ll be reading pci bus ids before you know it. Keep the wiki open, go slowly; you got this :)

That’s always a tough one!

I don’t mind the wire, but wireless could be very nice. I’m an audio technica fan.

It would be awesome to have headphones with a good microphone, for calls at work. They’ll also have to be comfortable - I like to jam while writing code for multi-hour sessions.

My home computer doesn’t have bluetooth, so I’m probably team wired.

I listed to marina and the diamonds and tool. Maybe they could pitch me better headphones? I am actually in the market for new headphones.

The music streaming service, that I stream music from, knows which music I streamed. I’m shocked.

Hail Eris!

May your surfboard be waxed and your toothbrush free of sand.

Yes - the nodes are obsidian pages (markdown files), this view is a napkin-type layout thing that is built in; I haven’t played much with it

You’re running docker inside a vm? Why?

The first thing I would do is learn the 5-layer OSI model for networking. (The 7-layer is more common, but wrong). Start thinking of things in terms of services and layers. Make a diagram for each layer (or just the important layers. Layers 3 and up.)

If you can stomach it, learn network namespaces. It lets you partition services between network stacks without container overhead.

Using a vm or docker for isolation is perfectly fine, but don’t use both. Either throw docker on your host or put them all in as systemd services on a vm.

Shinji get in the god damn robot

Your network flow is from your server, to your router, to your android phone, to your router, to your chromecast. If that’s all wifi, then every frame crosses the air 4 times, and you’re doing transcoding on the phone in the middle.

Casting sucks.