You would not. In the example given 169.254.1.1 doesn’t even exist, no machine is listening on that address so it couldn’t possibly do any good if it wanted to

Setting the default gateway is unnecessary for a network of peers that are already on the subnet. It can only lead to problems as the hosts try to send every request outside their network to 169.254.1.1, which doesn’t even exist in this scenario

The poster you’re replying to is suggesting a static IP in the apipa range, not an apipa assigned ip. You’d already know a static IP because you set it yourself.

It was a server for an irl streamer so I expected it to be toxic. I did not expect that level of toxicity. A bunch of untreated sociopaths.

I reported a server where the users harassed, both online and offline, a trans woman who later killed herself. Then they made memes about her death. Discords ‘safety team’ suggested I talk to the server admin (who was part of the abuse) and closed the ticket.

Damn, I created a minor niche meme. And my teachers didn’t think I’d amount to anything

I did, yeah. I thought the original flowchart was really childish and cringy so I made this and posted it on some Linux circlejerk sub on reddit. It didn’t get any traction, I’m shocked to see it pop up years later. I guess somebody must have liked it

Where’d you get that image? I made that 7 or 8 years ago. Has it been making the rounds? It’s weird to see it in the wild lol

If OP, freed from the confines of the corporate security suite, happens to get infected with a firmware or boot partition malware…

Postfix with MTA that filters maybe.

This provides very little of exchange’s functionality. The closest thing I’ve seen in the open source universe is zarafa, which crowbars activesync emulation into an imap/caldav/carddav infrastructure, badly I might add, and with 3-4x the complexity, maintenance cost, and attack surface. I wouldn’t even recommend it for a small business let alone a government agency with all the compliance regulations they have to deal with.

This is one case where Microsoft owns the market because they legitimately have the best tool for the job.

I don’t recommend thinkpads. As I mentioned elsewhere in this thread, they don’t allow you to replace your own wifi card. Latitudes have great Linux support, and as a business class machine they’re as reliable and easy to work on as thinkpads

Thinkpads are locked down, the bios will refuse to boot if you install a non-Lenovo wifi card.

Almost every open source project accepts donations. They want your money, they just don’t demand your money.

Technically true but I wouldn’t suggest using a self signed cert on the internet under any circumstances.

Absolutely do not expose your server on port 80. Http is unencrypted, you’d be sending your login credentials in plaintext across the open internet. That is Very Bad™. If you own a domain name, you can set up a letsencypt cert fairly easily for free. Then you could expose 443 and at least your traffic will be encrypted in transit. It won’t solve the other potential issues of exposing your instance like brute force or ddos attacks, but I’d consider it a bare minimum.

If you use a VPN like many others are suggesting it won’t matter as much because the unencrypted traffic never leaves your local network.

Wireguard installation is going to be much more secure than a Nextcloud

I understand that, and it’s a good suggestion and a better solution if it fits the OPs use case. I don’t understand suggesting they do both. Either VPN or port forwarding solve the problem, doing both seems unnecessary.

before you start forwarding ports on your router

Don’t you mean instead of? If all the OP wants to do is access next cloud, they can do it over the VPN without forwarding ports. What you’re suggesting doesn’t solve the problem of port 80 being an attack vector, and adds yet another attack vector (the VPN itself)

The US has hate crime laws. It does not have hate speech laws. A hate crime requires an existing crime. You can legally shout the n-word from the rooftops. If you beat someone while shouting the n-word, your assault is upgraded to a hate crime.

Doesn’t wireguard’s zero config work by relaying through an outside web service? Seems like the LG solution with extra steps.

The reason is so you can control it from anywhere without setting up port forwarding and a static IP. Most people don’t understand, or can be bothered, doing that. I get why you don’t like it, I wouldn’t like it either, but it’s not some conspiracy.