Not even this. If you do what OP says on the firefox, and turn on ResistFingerprinting, you'd be seeing many Cloudflare captchas a day. In effect it directly punishes you having any privacy or control. I wonder if they have an internal whitelist for employees? /s
They are separate but related concerns. Privacy is what you have (or don't have) right now. Control is what you can use to keep or throw it away in the future.
Apple gives you some privacy, better than most Android by default. But it gives you no control. If they decide you don't deserve privacy a year down the line, well, too bad.
It's very country dependent. In the US, I don't think many banks do that, but I heard in Europe this is used a lot more, presumably due to more regulatory bs.
It's worth noting GrapheneOS with the locked bootloader will meet basic integrity, and that's what most apps need anyway. Strong integrity requires a whitelisted OS by Google and hardware to support it, but there are many older devices that do not meet it, so it will likely inconvenience too many people to be enforced for now.
I wonder if it would be feasible to build an automated phone-using robot, and access it remotely for any kind of apps enforcing that type of crap. There is really nothing they can do in terms of device attestation to prevent it.
Firefox sync clearly requires a central server. For any kind of peer to peer syncing to work you must have the machines on at the same time and accessible. And then there is the issue of NATs, including CGNATs. To work reliably these almost always have to have some kind of relays anyway (Tailscale's DERP, Syncthing also has relays).
For the experience an average consumer expects, you at a minimum need a central short-lived cache.
Yes sorry I meant firefox not for the way its sync , but in the way its a heavy client you install.
As said for me most of my devices will be at some times during the week in the same nat so that no centralized server even short lived should be needed. And for personnal use, I only care if the device I have on me is the one with latest data especially as for most use case I'm the only one reading/ writing , so eventually consistency is not an issue
A powerful enough machine (usually limited by RAM, not CPU) will let you run a hypervisor OS like Proxmox which helps a lot with making things secure and flexible. You might also want to have RAID, ECC memory. It quickly starts to make sense to build a proper home server rather than cobbling together a bunch of low end hardware. The tipping point is probably when you want more than 1-2 hard drives worth of storage.
The average Linux VM I run is around 50-100MB of RAM usage. Not actually that much more than an LXC container.
There are some use cases for a VM over a container, sometimes you want better isolation (my public facing webserver runs in one), or a different OS for some reason (I run an OSX VM because its the only way to test a site in Safari).
Containers also have some advantages for device passthrough, I have my Intel iGPU added into one for Immich and Frigate, can't do that with a VM unless you detach the whole GPU from the system.
Backing up entire VMs with all the configuration in case an update breaks something or just bricks your server is a smart idea aswell as running stuff in containers.
Also, 4GB per VM?
Besides sometimes you need to run software that is not avaliable on linux.
Not all server executables for video games are avaliable on linux for example.
There is a lot of use cases and just saying "you just need X" is somewhat of an ignorant statement.
No, I don't.
I don't really agree with this blog post; there is nothing enshittified about self-hosting.
But it does almost seems like there is a squeeze on general purpose computing from all sides, including homelab. The DRAM and SSD prices is just the latest addition to that. There's also Win 11 requiring TPM, which is not an bad thing by itself, but which will almost certainly take away the ability to run arbitrary OSes 5-10 years down the line on PCs. Or you'd still be able to boot them, but nothing will run on it without a fully trusted chain from TPM -> secure boot -> browser.
The only way to avoid that is if that $100 buys you actual ownership, like the ability to have your own secure boot keys and modify the software. So long as Apple still owns your phone, they can alter the deal, and there is nothing you can do about it.
Perhaps not even that is completely safe long term, as companies can introduce a locked down dependency, reverse policies (see Google's recent sideloading stance), or find some other workarounds.
This. If you pay them $100 for no ads, they'll just come back next quarter to ask for another $100, unless you actually own your device, i.e. are able to modify its software to actually enforce your rights.
Not even this. If you do what OP says on the firefox, and turn on ResistFingerprinting, you'd be seeing many Cloudflare captchas a day. In effect it directly punishes you having any privacy or control. I wonder if they have an internal whitelist for employees? /s
reply