Ace! _SL/S

JShelter and uBO medium mode to the rescue. Pair that with Librewolf and you’re pretty secure against fingerprinting.

ikemeru

Like others said, disable password auth and setup auth keys instead.

Bonus points for moving the ssh port, using fail2ban and also setting up a tarpit with something like endlessh.

If you wanna go extreme use Wireguard to connect to your server and only allow ssh over wireguard in your firewall.

Please do not the fish

Honestly, I would just tell them

“No thanks”

Remember that no is a full sentence and you don’t owe an explanation to anyone. It’s not a part of your job, unless they pay you to attend. But they almost certainly don’t. I know it’s easier said than done, but try to not succumb to social pressure, it makes life so much better. Our free time is already very limited, so spend it how you want to. If they still try to pressure you into going/giving them answer you can say it’s something personal/private. And if they still pry further you could mess with them by making something up that makes them feel like a total jerk (this is pretty delicate, some people will definitely try to get revenge for this, even if it’s totally irrational. So think about it carefully, alternatively make them regret prying another way that doesn’t hurt them emotionally & socially)

Some people will not like if you behave that way, but try to live your life the way it fullfills you/makes you happy. There’s always gonna be people that don’t like or straight up dislike you, but fuck 'em. They’re not even worth thinking about when you’re busy enjoying life :)

Sorry for the wall of text. Anyway, that’s my 2 cents on the matter

No, AllowedIPs should be set to your internal Wireguards IP range to only allow access to your Wireguard peers. You could also add more like your Servers LAN for example (which will need packet forwarding, as I mentioned before)

Here’s an example of one of my client configs:

[Interface]
Address = 10.8.0.2/32
PrivateKey = 

[Peer]
PublicKey = 
PresharedKey = 
Endpoint = 192.168.0.3:51820
AllowedIPs = 10.8.0.0/16

Just be careful to not mess up your subnet masks. For example my [Interface] Address ends with /32 because that only leaves 10.8.0.2 In the [Peer] Section i set it to /16 which will allow the client to connect to 10.8.x.x iirc

Best is to just try it yourself and see if it works, I’m by no means good at networking stuff

Iirc setting AllowedIPs in your clients config should do exactly that. Their respective [Peer] entry in your servers config should also have the same AllowedIPs, otherwise they could easily circumvent this

Further finetuning should be really easy by using any firewall on your Wireguard server

If you want your clients to be able to access other devices in your servers LAN you need to setup additional packet forwarding rules though. Optionally setup NAT aswell

This is only really secure if your server is in a trusted location imo

gocryptfs is what I’d use for this. It’s designed with cloud storage in mind

Using strong encryption should be enough for your use case, unless you’re a high profile target. Even then, it’s more likely whoever is after you will try to get access to your unencrypted files instead because cracking strong encryption isn’t worth it most of the time

Iirc your cloud service provider could still figure out your unencrypted directory layout and filenames. You should really do some research on this if you wanna make sure you know all the risks

Good, hope they get banned in the EU so people will switch to competitors

Youtube uses VP9 for all resolutions most of the time. 1080p and below offer AVC as fallback encoding

That’s because for example Youtube uses a bitrate of 4-7mbps for 1080p. 1440p gets arround 13mbps and 4k something like 46mbps iirc

Other media providers are similiarly bad with their bitrates

Sounds like the HDD is dying, maybe check it’s S.M.A.R.T. status? Most drives have statistics for errors and such

JS is not slow.

Since JS is single threaded it can be pretty slow compared to anything being able to use multiple threads

That’s definitely possible but would make the host OS unusable while the VM is running afaik. Why not dual boot at that point?

With GPU passthrough you can get almost native performance. This requires 2 GPUs though (iGPU as second one should suffice), dunno about the input lag and stability though as I only have one GPU

Without it though? Not even worth trying

Easiest way is to get Windows 11 LTSC from MAS

Fuck Google, just use tesseract

They won’t because it works exactly as they want it to

/ˈsaɪ.ən/