Amazing. I’m off to donate to keep your stuff going. Great work.

Thanks for the reply.

That is not an answer.

Here’s a simple way to look at it

I’m not looking for a simple way to look at it. I want a technical breakdown of why rebuilding back end instances is valuable in a security context.

• When do the rebuilds occur? Are they triggered by some event?
• what happens to session tokens?
• do you have frontend / backend auth? What happens to that?
• are you rotating secrets as well? Compromised back end would imply your secrets can no longer be trusted.
• is data encrypted in massive blobs, or can one request only blocks of data?
• can the app tune storage requirements depending on S3 configuration?

I’ll be blunt with you: your answers to this and others have been very surface-level and scant on technical details, which gives a strong impression that you don’t actually know how this thing works.

You are responsible for your output. If you want chatgpt or github ai tools to help you, that’s fine, but you still need to understand how the whole thing works.

You are making something “secure”, you need to be able to explain how that security works.

1. Find all of the SSH keys you want to replace.

I hate this part.

Re-gen the keys. In this environment, you would have PKI setup and automation to handle cert renewal.

Having the certs expire is an advantage, security-wise. Auth will expire with certs, stolen creds can be instantly invalidated.

Ah, yes, I suppose that’s true. My apologies.

Can you explain the “rotating containers back end”? I’m trying to understand what that adds to security.

It’s not a very constructive community though

You need guidance in your presentation style, you have managed to completely alienate your potential users in one single post.

No one owes you anything. No one asked you to spend time and money on a project. Calling folks “ungrateful” while trying to attract them to your project is weird.

I use wanderer.

It works fairly well to document and organize my hikes.

I read the entire article,and you seem a bit prickly about caldav, but that is of course your prerogative.

I do wonder if your users are asking for caldav because their use-case make caldav a valuable translation for the rest of their digital lives… Maybe it would be helpful to understand what parts of caldav are interesting to users and what they might actually be asking for.

Notes from the last release mentions that the docker repo is unmaintained.

Ohhhhh, I’d forgotten about this. Good one.

Incus and ansible

Unbound is just an alternative to bind. Pihole does not handle full-fledged DNS functions like zone transfers and start of authority records.

Fascinating. How does this help op?

It unfortunately means that if you misconfigure a key then your packets get silently ignored by the other party

After ipsec troubleshooting phase 1 & 2, WG is still a blessing.

No worries. But you’re talking about zone transfers?

What do you mean by “recognition”?

We would need more info to help confirm, but watching ids traffic will show you lots of misconfigurations as well as actually suspicious traffic, so this might be a POS device doing stupid stuff.

Is suricata listening on an internal subnet interface? If you are listening on a public interface, your job sorting through the trash traffic will be difficult because determining source is nearly pointless and your external interface should not know anything about the internal subnet.

I think wallabag is the self-hosted go-to for this, but I’m not sure of the extensions for it.

I used to use pocket because it allowed me to sync to my Kobo reader. Kobo have struck a deal with Instapaper and it works in a similar way.

The official instapaper plugin doesn’t do what In My Pocket does, unfortunately.