These are really cool, thank you. Added Spook and used it to clean up some broken entities.

2. Sure but there’s no reason to openly advertise that yours has open services behind it.
3. Absolutely. There are countries that I’m never going to travel there so why would I need to allow access to my stuff from there? If you think it’s nonsense then don’t use it, but you do you and I’ll do me.
4. See point 3.

We all need to decide for ourselves what we’re comfortable with and what we’re not and then implement appropriate measures to suit. I’m not sure why you’re arguing with me over how I setup my own services for my own use.

Yes and no? It’s not quite as black and white as that though. Yes, they can technically decrypt anything that’s been encrypted with a cert that they’ve issued. But they can’t see through any additional encryption layers applied to that traffic (eg. encrypted password vault blobs) or see any traffic on your LAN that’s not specifically passing through the tunnel to or from the outside.

Cloudflare is a massive CDN provider, trusted to do exactly this sort of thing with the private data of equally massive companies, and they’re compliant with GDPR and other such regulations. Ultimately, the likelihood that they give the slightest jot about what passes through your tunnel as an individual user is minute, but whether you’re comfortable with them handling your data is something only you can decide.

There’s a decent question and answer about the same thing here: https://community.cloudflare.com/t/what-data-does-cloudflare-actually-see/28660

Admittedly I’m paranoid, but I’d be looking to:

1. Isolate your personal data from any web facing servers as much as possible. I break my own rule here with Immich, but I also…
2. Use a Cloudflare tunnel instead of opening ports on your router directly. This gets your IP address out of public record.
3. Use Cloudflare’s WAF features to limit ingress to trusted countries at a minimum.
4. If you can get your head around it, lock things down more with features like Cloudflare device authentication.
5. Especially if you don’t do step 4: Integrate Crowdsec into your Nginx setup to block probes, known bot IPs, and common attack vectors.

All of the above is free, but past step 2 can be difficult to setup. The peace of mind once it is, however, is worth it to me.

Check out Grip: Combat Racing for a modern take on Rollcage. I haven’t played it since early access, though, so I’ve no idea if it’s any good.

I do that a lot on my phone but keep forgetting it’s a thing on desktop for some reason.

Better than using what? All I see is a bunch of stars.

4 dollars

Yeah that’s exactly what I’d done but it was insisting on trying to redirect me to the site on port 4443 for some reason.

Fixed it in the end by reverting the NPM config to default (no advanced settings) and instead using Pihole’s VIRTUAL_HOST=pihole.mydomain.internal environment variable in the Docker compose file.

Cheers for your help anyway!

Just tried this myself and mine does the same thing but I don’t have anything set in the custom locations tab. What did you do to resolve it?

This is the exact same argument that I see used against EVs almost daily, while the people making these calls for “better analysis” ignore the dodgy mining practices and literal wars that are the result of oil extraction. But let’s go back to fireworks. I spent all of 30 seconds Googling and found this. I’m sure it’s far from an exhaustive list of firework ingredients but it’s a decent start. Highlights include:

Sulfur - extracted from oil and natural gas.

Aluminum - 28% of US aluminum comes from recycled sources, which is great, but any that goes into fireworks is then lost forever. The rest of it comes from mines in Canada and Jamaica.

Iron and copper - Mined domestically and both are recyclable but gone forever once they’re exploded.

Strontium - Mined in Mexico.

Barium - Mined in China.

Sodium - Mined in Chile and Peru.

How come you’re not asking for a better analysis of the mining practices for the ores extracted in Jamaica, Mexico, China, Chile, and Peru? How much of anything that makes up your average firework, including cardboard and plastic, is recycled at the end of that firework’s life? How many fireworks are reusable even once let alone tens or even hundreds of times? Much like with oil burning cars, these things are ignored because they’ve been around for a long time and it’s normalised. Meanwhile emerging technologies, while demonstrably cleaner/better in pretty much every metric, are held to impossible standards that the old tech gets a free pass on.

No, we don’t recycle much lithium yet but it’s a new technology and battery recycling plants are springing up all over the place all the time, and these same plants often deal in the various other electronic materials that you cited. How much used petroleum is recycled each year? How many fireworks?

I don’t want to argue and I should probably just delete this rather than posting it, having said my piece to myself, but perhaps I’m my own worst enemy…

7,500 reusable/repairable drones in this show vs more than 12,000 single use fireworks in London’s last New Year’s show alone.

I fully agree that fireworks still have their place, but I think the suggestion that they’re in any way comparable to drones from an environmental standpoint is way off base.

Synology has Container Manager, which is their GUI frontend for Docker, so if it’ll run in Docker it’ll run on a Syno NAS. I’m running Pihole on mine just fine.

As for the M.2 drives, you can use non-Synology ones as storage. Don’t quote me on it but I’ve a feeling it “just works” in the EU where they’re not allowed to force you to use specific brands, but if it doesn’t then there’s a script that removes the restriction: https://github.com/007revad/Synology_enable_M2_volume

You should check their repo as they have other useful scripts. I’m using the one that enables dedupe on non-SSD volumes myself.

Mind officially blown! I’ve just spun up a Debian KDE instance and it’s running beautifully. Exactly what I wanted, thank you!

Yes, big fan of XCP-ng, we use it extensively in work, but I’m not convinced it’s my best option in this case.

I’m using plenty of containers, accelerated and otherwise, but I also want a full-blown desktop that I can access from wherever. Even on a wired LAN, streaming that desktop is slow and laggy when it’s hosted on my NAS, which I think is due to the lack of hardware acceleration on that system. I want to move the VM to a host that has that feature (currently running Ubuntu Server) but I need a hypervisor that doesn’t require its own desktop system to be installed in order to manage it.

Plenty of good replies here to help me though.

Well indeed, that’s why I want to move the VM off the NAS and onto something with some hardware acceleration. Are there any remote frontend options for KVM?

Yeah, minus the animation it took me a couple hours. Well worth the time spent!

Firefox. I’m fairly convinced it’s something to do with UBO or one of the blocklists but I’ve never taken the time to dig into it properly.

You’ve reminded me of a similar frustration that I’ve never found the answer to - though it may be adblock related - in that whenever I open a link to eBay it completely wipes the history for that tab. Or possibly it opens a new tab and kills the parent. Either way I always forget about it until the next time and then it drives me mad all over again.