Lol.

I honestly the paranoia path is something we all have walked until the descent to Dante infernos. Once you are there you realized this is not a place to live and then get a bit more practical. :)

I any case it is good mental exercise to check to what extend your threat model is not covering those situations. At least you know where your defence perimeter ends.

For everything else, selfhosting! ;)

Your problem is that the chain of untrust has not hit the ground yet.

At some point, you need to trust some technology or system.

You can continue until you are in comfortable ground and then build you trust chain. But honestly following your line of thoughts you will probably end up in a non digital area.

In my case I followed a similar path, but I am totally aware that I can not put resistance to a well funded and well manned intelligence agency, so the high quality industrial level is probably fine for me.

I have several copies on f my backups and all of them are encrypted and signed with rsa, the so are all of them open sources and well audited versions. The only point I relaxed is my phone and I try not have sensitive information on it but vpn and proxies just in case I need them.

I almost don’t use cloud services anymore and the one that I use he a nice record for keeping privacy.

My objective is not to stop Cia, but industry, scammers and all other nasty guys in the wild.

It is tiring, uncomfortable and sometimes cumbersome. But I think it is worthy

Because the modification of that computer is order of magnitudes more difficult than a mechanical modification of a moving part. The humanity / regular human is able to understand much better the interactions of the mechanical parts that usually are always local and well defined.

This does not exist in the Sw, FW and digital hw, the interactions are not local and are millions timesmore complex to understand and properly modify.

It would be an utterly irresponsability to modify (blindly) the Sw of an xray machine that could make it unsafe and ultimately it could kill humans, and it is the same concept with the car. It is irresponsable to make a modification that can make the system unsafe.

For the rest? Regulations, free software foundation and good selfhosting Cheers

Then don’t buy tesla, or force legislation about introducing such feature.

But make yourself a favor and don’t play Russian roulette with something that you can not understandbecause there are not data available.

And for final tip, if you really cares about that then enforce the fsf (fsf.org)

It is not comparable, not even by far.

Assuming your are not a psycho, to safely drive a car is orders of magnitude (in plural) easier than modifying the Sw in a safe and deterministic way.

It is not only that bad people exists, it is about that making a small mistake can kill you

First, second and third most important point is : Tesla needs to allow the connection to an alternative server.

The fourth should be access to the api and data that are exchanged.

You shouldn’t mess with the FW of your own car even for some innocent feature like this one, you don’t know/understand the interactions that may happen between different Sw components and the hw layer, you can not provide a similar of level of testing, including some worst case scenarios, that can make your car unsafe during some problems or unforeseen conditions. And perhaps also, the car could loose its license for driving…

If tesla allows that, then we can start speaking about it. But last time I check on that was not possible

You will need to explain a bit further this statement to mild knowledged internet stranger…

Because the point of waf is exactly about reducing the exposed surface…

Dealing with a Ds-lite connection for a fiber optic provider in latest opnsense.

It is excruciating how difficult is to run it reliable

Some clarifications :

The 3 2 1 rule applies only for the data. Not the backup, in my case I have the real/live data, then a daily snapshot in the same volume /pool and a external off-site backup

For the databases you got misleading information, you can copy the files as they are BUT you need to be sure that the database is not running (you could copy the data and n the middle of a transaction leading to some future problems) AND when you restore it, you need to restore to the exact same database version.

Using the export functionality you ensure that the data is not corrupted (the database ensure the correctness of the data) and the possibility to restore to another database version.

My suggestion, use borgbackup or any other backup system with de duplication, stop the docker to ensure no corruptions and save everything. Having a downtime of a minute every day is usually not a deal breaker for home users

Of you already have a will the most secure, proof idiot way I’d to add that key + instructions to the will. Get some lawyers on board for that and it will work.

If you still have concerns about having the full key on a single place, add a topt or second way of identification and distribute it between your heirs.

Sometime, the old fahion way is the best one by far.

Try with kasm.

Honestly, you don’t feel the lag of the connection (unless is a severe limited one) it also allows multiuser simultaneous connections.

Check and come back to ith yiur feedback!!!

My points are totally in the other direction:

• stable, this is critic, if the app is not able to performs its duties with. 2 weeks uptime, then it is bad. This also applies to random failures. I don’t want to spend endless days to fix it
• docker, with a all-in-image, and as a nice to have the possibility to connect external docker composes for vpn, or databases
• a moderate use of resources, not super critic, but nobody likes to have ram problems

And then as a second league that lean the balance:

• integration with LDAP or any central user repo
• relatively easy to backup and restore
• relatively low level of break changes from version to version
• the gui / ease of use (in like with the complexity of the problem I want to address)
• sane use of defaults and logging capabilities

That’s all from my side

Fritzbox boxes.

They tick all the checkboxes

• good standards support (including dect protocol if you want to have an ip phone or even iot protocols)
• fast wifi speeds
• cheap (at least for the second hand in ebay)
• super stable, never had a problem with them in 5 years or more
• fast roaming support out of the box

It is a well known brand in Germany but pretty unknown outside that country. Honestly it is the best bang for buck I was able to get.

Honestly, I would spend 10 minutes checking on them