I think the part you’re missing (and others haven’t addressed) is that you don’t send 100% of your traffic to one endpoint (much like how most use VPNs). You can route different things to different places.

For example, I’m in the US and have two Tailscale exit nodes. Both are located on VPS machines in the US, but one sends traffic down a double-hop VPN back out into the US, the other does the same but to Switzerland. My “default” route is through Switzerland (better privacy laws) but I am forced to route some things through the US exit node due to websites that won’t work outside the US. For my personal devices, traffic routes directly to them via WireGuard tunnels.

In addition, my wife doesn’t care about blocking everything that I do (social media, tracking) but her phone still needs to update sensors in Home Assistant. She can choose not to use the exit nodes but can still communicate with our nodes on Tailscale. She also uses it to print documents at home from her laptop while she’s at work.

Recently I was waiting in a hospital with public (unsafe) WiFi that blocked UDP traffic, but Tailscale does some magic that will relay traffic via TLS. I was able to access services at home with a 20ms latency. The tech is very, very nice to have.

I only have experience trying to run two Tailscale containers on the same machine and hit so many roadblocks that running it containerized just wasn’t worth it.

Containerizing is probably only worth it if you have an explicit need for it.

“21 Ways Your iPhone is Spying on You” and it’s always dumb stuff like shady apps asking for permissions mouth breathers are stupid enough to allow. Then their website has 14 trillion tracking scripts loaded up; hypocrites.

Yeah, this is pretty stupid. “Oh no! The cops use CarPlay??” and “omg they developed an iOS app, the horror!”

Was this due to DMARC/DKIM, SPF or something else?

To add to this, I’d personally just clone the card immediately to somewhere else then do all the recovery efforts on the clone; if only to avoid burning out the SD card even more during recovery.

Edit: Not sure if that would be better or worse.

If you’re just looking for WireGuard with some good support for hostile networks (and easier configuration) I’d probably just recommend Tailscale.

The problem is I need Unbound to send queries via one network interface (the VPN) while the specific zone needs to be routed through another.

I know what split tunneling is, but I have my routing set up exactly as I’d like.

The issue here is that Unbound seems unable to send queries to one forwarding zone using a specific interface/IP address and sending queries to a second forwarding zone using a completely different interface/IP address.

I’m almost at the point where I want to create a virtual interface that just has rules that say “if going to 192.168.143.1 use /dev/tailscale0” and then have a default route to /dev/wg0.

I’m not a professional but my current Tailscale + VPN setup has been extremely nice for the past year.

Plain HTTP means anyone between you and the server can see those credentials and gain access.

It it using HTTP Basic Auth by chance? It would be so easy to put nginx (or some other reverse proxy with TLS) in front and just pass the authentication headers.

Especially with music, if any of this is plain HTTP (or any other plaintext, non-encrypted protocol) and you live in a lawsuit happy jurisdiction you might end up with piracy letters in the mail.

I started learning HTML at the age of 10 using FrontPage and Word. There were entire utilities dedicated to stripping out Word’s atrocious HTML at the time.

I’ve always wished Markdown was better supported in email. I work with external companies’ APIs a lot where email is the medium, and typically I use a Windows monospace font for code snippets (I’m on macOS but there are a handful of monospaced fonts that work on both).

It’s very clunky, and I wish the backtick notation would work out of the box. Whoever decided HTML in email was the way to go should be shot.

I’d never get past this. If a website forced this on me I’d probably stop using it, otherwise I’d just override it with CSS.

Best summarizing skills I’ve ever seen, damn.

I’m thinking of building my own and having it use Paperless’ API for invoices, receipts, etc.

I finally gave this a go a few days ago but wasn’t in love with the UI. I’d contribute but it’s written in .NET.

I’ll probably build something myself. One thing I’d like to do is have it integrate with other APIs (like Paperless).

I’d curl from a machine on the same WiFi network as the phones just to confirm that HTTP is working. That way you’re not dependent on browsers that can be more finicky for debugging.

I’ve noticed that but I thought I just didn’t know how to persist it correctly and never bothered to find out how. If what you’re saying is accurate (which I don’t doubt) that sucks.