True, maybe the best way then is to expose them only within your Wireguard network.

Thanks to both of you, my same thoughts, but I also wanted to hear an outside perspective as I am not so well versed in IPv6. But it sounds reassuring. Shall I also consider exposing some HTTP/S services for media over IPv6 is also relatively safe, as long as I have MFA etc?

AI should also be taxed proportionally then. And they should be liable and not exempt of copy rights infringements.

I believe most of the companies are doing it to inflate their share prices.

Same. That’s for me a red flag that a company took the enshittification path and things will get progressively worse.

Plus I would rather support an open source project that benefits the whole community than a greedy company who is trying to milk their customers.

I will be very much surprised if they haven’t secured and locked the prices of all their components for a year or two ahead, so this should not be a factor. Probably they are just waiting to see what will happen with the tariffs and tasting the sentiment of the market for such a device.

I presume they will sell it almost at cost or even at loss, as this will eventually increase their game sales overall.

Tell us you don’t have kids without telling us you don’t have kids

You also need to change the devices browsers, extensions and timezones to stay anonymous or buy a device and set the most common fingerprint settings, so it is harder for those companies to track you down. It is a slippery slope, and you can check your browser fingerprint and avoid adding unique settings, extensions or anything that can help them to track you.

Why is our company valued at 4 trillions instead of 10 trillions. Those peaky humans are not buying enough of our shares. /s

I don’t know but I am constantly hitting the RAM limit with 16Gb of RAM with around 20-30 open tabs and other apps, both on Linux and Windows

This at the moment is a clear Ponzi scheme.

OpenAI or Nvidia announces some partnership or a deal for X amount of billions. As a result the valuation of the recipient company goes straight to the sky, increasing the market valuation of said company X-times more.

And then try to tell me this isn’t a bubble.

The future is very small models trained to work in a certain domain and able to run on devices.

Huge foundational models are nice and everything, but they are simply too heavy and expensive to run.

China right now is leading the way with releasing open weights models. The US lags behind, as they are all more concerned about releasing closed weights commercial models.

The problem is that I have a couple of services listening on different ports and I want to use the reverse proxy to listen to incoming requests and route the traffic to the corresponding ports. I also want to issue SSL certificates and serve the traffic over TCP port 443.

Yes, I know that, but I just don’t want to remember the port numbers or create some bookmarks.

I think I can create a CNAME record for *.media to point to the Tailscale address of the reverse proxy and then use the reverse proxy with Cloudflare API key to serve SSL certificates from my domain.

I am currently struggling a bit with the setup though.

I have a registered domain name already, but I am behind CGNAT and I don’t really have a public IP.

I want to allow access to my services remotely only through Tailscale.

I will definitely do that, I just want to finish the whole setup.

I am playing around with Podman Quadlet and that’s one hell of a rabbit hole. I have everything up and running, and now I need to configure the containers, and probably will deal with other pain points, etc.

The good thing is that I have documented the whole process so it is reproducible but it took me quite some time to figure out everything.

Because it is beginner friendly and it has a lifetime license I guess and it is not yet enshittified.

Nice, thanks for sharing. How did you solve the file permission issue?

Also I see you put all your services as a single pod quadlet what I am trying to achieve is to have every service as a separate systemd unit file, that I can control separately. In this case you also have a complication with the network setup.