Thank you!

Nice to hear your experience with Nebula. I considered it when I went with Tailscale years ago. Now you gotta migrate off of lemm.ee as it’s shutting down soon. :D

I am not that big of an enthusiast, but the way I see it, if a company goes rogue and you’re using their open source code, it’s just a matter of forking it (I’m thinking about Emby/Jellyfin as an example) If you rely on their infrastructure (such as Tailscale servers) then you are at the mercy of the companies

🏅

if I setup Headscale on my network, I would have to open a port on my router to connect to it right?

The way I understand it is:

I would have to open a port on my router to connect to it right?

Yes

if I setup Headscale with some cloud provider, could they theoretically go and use the setup to get to my home network?

If they are able to authorize their own node to your Headscale server, then their node gets on your network. If they take over the Headscale node, they might also be able to access your network, either by changing Headscale’s config to auth another node or perhaps if the Headscale node is part of the network, which it might be, I don’t recall. But I think that’s immaterial. If someone takes over the Headscale machine, they can get on your network either way.

The point is there really is no separation or clear line of demarcation on what is “good” funding and what is “bad” funding.

I understand and I disagree. A demarcation emerges from the goal of the funding and its effects. For me, one example of bad funding is funding that drives user acquisition at unsustainable prices by a firm that is also significantly controlled by the funding source. This is predominantly what VC-funding goes to. VC-funding that goes to a non-profit that the VC has no control over, where the VC can’t and does not demand financial return from, is not bad funding in my books. Corporate funding doing the same thing is also not bad funding. Government funding often has the least strings attached as it does not demand direct return, and this also is not bad funding. To top that off citizens can exercise control over government funding via the democratic process, unlike corporate or VC funding, where the vast majority have zero control, and are owed no accountability by the businesses.

That’s not really a justifiable reason, though.

To you it isn’t, but to some of us it is. For me the standard business cycle is not acceptable because I almost inevitably end up under the bus.

The Linux Foundation isn’t a comparable example for me since it’s a non-profit. As a result it isn’t subject to the same market pressures for-profit businesses do, let alone VC-funded ones.

At this point, with everything I know and have experienced about the economy, politics and the world, I am trying to avoid depending on for-profit businesses as much as I can. I know how businesses operate, I know why they operate the way they do, I know what dynamics push them in the directions they go and I’m tired of being run over by the bus. If I ever form a business myself it would either be a non-profit, or a worker co-op, or both, as this will signal everyone who knows what I know what the direction of this business would be about.

Just looked at NetBird, it looks suspiciously similar to Tailscale in what it does except they also got an open-source control server. They have self-hosting doc right in their web site. Looks interesting. Can’t find much about the company other than it’s based in Berlin and it’s currently private - Wiretrustee UG.

No writeups. I tried following the Headscale doc for a test last year. Set it up on the smallest DigitalOcean VM. Worked fine. Didn’t use a UI, had to add new clients via CLI on the server. When I set it up for real, I’d likely setup a UI as well and put it in a cloud outside of the US. It would work at home too but any other connection would die if my home internet dies or the power does. E.g. accessing one laptop from another, or accessing the off-site backup location.

Headscale maintainer hours contributed by Tailscale

Could you expand on this?

Easier/zero configuration compared to manual WG setup. Takes care of ports and providing transparent relay when no direct connection works.

For me personally, the next step is using Headscale - a FOSS replacement of the Tailscale control server. The Tailscale clients are already open source and can be used with Headscale.

Someone else could give other suggestions.

Is unbound different than say dnsmasq that my router is running? Isn’t it just another DNS server that has to go to a higher DNS server for resolution?

Probably here: https://www.cia.gov/contact-cia/

Not asking for a workaround. Asking if I’m missing some problem with using a slow DNS server I might run into, other than the obvious one.

Because it will flow in the rest of the economy that’s been ran on soft austerity for a long time. Into steelworkers, machinists, technology, etc. It’s how the US does a lot of its public investment. It’s not ideal, but it’s better than not doing any significant investment. I’d prefer a different approach if given the choice but this is likely to have some positive effects on German workers.

But then they would cut supports for workers on the other end so… 🪦

Merz has already won backing for a €500 billion fund to upgrade Germany’s ramshackle infrastructure and removed constitutional borrowing restrictions on defense spending, paving the way for hundreds of billions more to be invested in the military.

Good

But he’s also promised to cut billions from Germany’s welfare bill and has warned voters that what he portrays as their comfortable lifestyles are going to have to change in order to meet the challenges ahead. “With a four-day week and work-life balance, we will not be able to maintain the prosperity of this country,” he said at a party meeting in May.

Oh shit

The AfD, by contrast, is telling voters that they can preserve their traditional way of life without difficult sacrifices.

Good

The party’s solution is to expel hundreds of thousands of undocumented migrants and pull out of the EU, a recipe that saw the party surge close to Merz’s Christian Democrat-led alliance in recent polls.

Oh shit

You can do encrypted swap as well. If you use the same passphrase you can install decrypt_keyctl and use it as described here. It will cache the passphrase and send it to every other LUKS volume that needs decrypting so you have to type it only once. This is what I’m currently using and my root is on ZFS on LUKS.

Another option which I haven’t used is to have a small volume that only stores your LUKS keys as files, then your LUKS volumes reference those files as keys, then you decrypt only that volume with a passphrase upon boot.

Another option is to use a swap file. I used to run Ubuntu LTS on LUKS on LVM. That is disk > EFI and LVM partitions > LVM volume boot, LVM volume for LUKS > root filesystem inside LUKS > swapfile in that root filesystem. Upon boot, GRUB is able to read the Linux kernel straight from the boot volume on LVM. Boots the kernel. You get a prompt to decrypt the LUKS volume where the root filesystem is. Once decrypted, the kernel can access the swapfile if it needs to resume from it. If I didn’t use ZFS, I’d be using this scheme as it’s superbly flexible. Growing the volumes and filesystems for larger storage is easy. Adding redundancy via LVMRAID is easy. Changing the swap size is easy. Hibernation works.

Talking to my structural engineer friend about the way we build software makes him sad every time. And I’m not even talking about vibe coding. Yet.

Yup. It’s completely inconsistent in its interpretation of the + operator.

This is too stupid so I had to check.

Fuck me.