rho50

Yeah, but it'll be Secure Enclave in data centre hardware, not on your phone. Basically they're just using their own proprietary HSMs to encrypt data on the server.

Not convinced that this will really add any privacy benefits over other confidential computing solutions already offered by AWS/Google Cloud/Azure. That said, it is fairly private - just not as good as on-device.

Ideally you want something that gracefully degrades.

So, my media library is hosted by Plex/Jellyfin and a bunch of complex firewall and reverse proxy stuff... And it's replicated using Syncthing. But at the end of the day it's on an external HDD that they can plug into a regular old laptop and browse on pretty much any OS.

Same story for old family photos (Photoprism, indexing a directory tree on a Synology NAS) and regular files (mostly just direct SMB mounts on the same NAS).

Backups are a bit more complex, but I also have fairly detailed disaster recovery plans that explain how to decrypt/restore backups and access admin functions, if I'm not available (in the grim scenario, dead - but also maybe just overseas or otherwise indisposed) when something bad happens.

Aside from that, I always make sure that all of all the selfhosting stuff in my family home is entirely separate from the network infra. No DNS, DHCP or anything else ever runs on my hosting infra.

It would be better to have this as a FUSE filesystem though - you mount it on an empty directory, point the tool at your unorganised data and let it run its indexing and LLM categorisation/labelling, and your files are resurfaced under the mountpoint without any potentially damaging changes to the original data.

The other option would be just generating a bunch of symlinks, but I personally feel a FUSE implementation would be cleaner.

It's pretty clear that actually renaming the original files based on the output of an LLM is a bad idea though.

(6.9-4.2)/(2024-2018) = 0.45 "version increments" per year.

4.2/(2018-1991) = 0.15 "version increments" per year.

So, the pace of version increases in the past 6 years has been around triple the average from the previous 27 years, since Linux' first release.

I guess I can see why 6.9 would seem pretty dramatic for long-time Linux users.

I wonder whether development has actually accelerated, or if this is just a change in the approach to the release/versioning process.

The DJI Fly app is probably considerably worse for security/privacy than most Google apps. DJI has a storied history of sketchy practices in their apps: see here.

Google also won't allow DJI to distribute their apps through the Play Store, because of DJI's weird insistence on being able to push arbitrary binaries to customers' phones entirely free of any third party vetting.

GrapheneOS' sandbox hardening might help somewhat, but I'd recommend avoiding DJI products if you can. If you must use DJI Fly, prefer to use it in a different profile where it can't touch any of your personal apps. Tough when they are singularly the best drone manufacturer for videography though.

OwnTracks is good for location sharing/logging and is open source. Ideally requires you to run your own MQTT server though.

If not using your own server, you can use payload encryption to protect your location data from being snooped by other users. (But ideally you should just run your own server, it's pretty easy.)

If you include ChromeOS that's very likely.

You can restrict what gets installed by running your own repos and locking the machines to only use those (either give employees accounts with no sudo access, or have monitoring that alerts when repo configs are changed).

So once you are in that zone you do need some fast acting reactive tools that keep watch for viruses.

For anti-malware, I don't think there are very many agents available to the public that work well on Linux, but they do exist inside big companies that use Linux for their employee environments. For forensics and incident response there is GRR, which has Linux support.

Canonical may have some offering in this space, but I'm not familiar with their products.

At least in some circumstances, the risks of sharing your DNA include having children...

Tbf 500ms latency on - IIRC - a loopback network connection in a test environment is a lot. It's not hugely surprising that a curious engineer dug into that.

Android still doesn't have shake-to-undo. I use iOS and Android and switch between them regularly for work, and every time I typo something or accidentally delete a bunch of text on Android, it's incredibly jarring to not have the undo capability.

Don't use Gitea, use Forgejo - it's a hard fork of Gitea after Gitea became a for-profit venture (and started gating their features behind a paywall).

Codeberg has switched to Forgejo as well.

Also, there's some promising progress being made towards ActivityPub federation in Forgejo! Imagine a world where you can comment on issues and send/receive pull requests on other people's projects, all from the comfort of a small homeserver.