I’ve used Seafile for years just for this. I haven’t ran that on pi, but on virtual machine it runs pretty smoothly and android client is pretty hassle free.

I want to prevent myself from reinstalling my system.

Any even remotely normal file on disk doesn’t stop that, regardless of encryption, privileges, attributes or anything your running OS could do to the drive. If you erase partition table it’ll lose your ‘safety’ file too without any questions asked as on that point the installer doesn’t care (nor see/manage) on individual files on the medium. And this is exactly what ‘use this drive automatically for installation’ -option does on pretty much all of the installers I’ve seen.

Protecting myself from myself.

That’s what backups are for. If you want to block any random usb-stick installer from running you could set up a boot options on bios to exclude those and set up a bios password, but that only limits on if you can ‘accidently’ reinstall system from external media.

And neither of those has anything to do on read/copy protection for the files. If they contain sensitive enough data they should be encrypted (and backed up), but that’s a whole another problem than protecting the drive from accidental wipe. Any software based limitation concerning your files falls apart immediately (excluding reading the data if it’s encrypted) when you boot another system from external media or other hard drive as whatever solution you’re using to protect them is no longer running.

Unless you give up the system management to someone else (root passwords, bios password and settings…) who can keep you from shooting yourself on the foot, there’s nothing that could get you what you want. Maybe some cloud-based filesystem from Amazon with immutable copies could achieve that, but it’s not really practical on any level, financial very much included. And even with that (if it’s even possible in the first place, I’m not sure) if you’re the one holding all the keys and passwords, the whole system is on your mercy anyways.

So the real solution is to back up your files, verify regularly that backups work and learn not to break your things.

What’s your end goal here? You try to keep files just on that one media without any options to make copies of them? Or maintain an image which has enforced files at their directories? And against what kind of scenarios?

ACLs and SELinux aren’t useful as they can be simply bypassed by using another installation and overriding those as root, same thing with copying. Only thing I can think of, up to a degree, is to use immutable media, like CD-R, where it’s physically impossible to move files once they’re in place and even that doesn’t prevent copying anything.

Geeqie is a quick one to go trough photos and it groups RAW+JPG as a single item on preview, so even a few hundred photos are quickly ran trough with just a keyboard. I’m not sure on how well it manages tags as I don’t use it for tagging, but it’s most likely in your distros repository so testing it out is quick.

Then do sudo apt install xfce4 and sudo apt purge cinnamon* muffin* nemo*.

It’s been a while since I installed xfce4 on anything, but if things haven’t changed I think the metapackage doesn’t include xfce4-goodies and some other packages, so if you’re missing something it’s likely that you just need to ‘apt install xfce4-whatever’. Additionally you can keep cinnamon around as long as you like as a kind of a backup, just change lightdm (or whatever login manager LMDE uses) to use xfce4 as default. And then there’s even lighter WM’s than XFCE, like LXDE, which is also easy to install via apt and try out if that works for you.

I understand the mindset you have, but trust me, you’ll learn (sooner or later) a habit to pause and check your command before hitting enter. For some it takes a bit longer and it’ll bite you in the butt for few times (so have backups), but everyone has gone down that path and everyone has fixed their mistakes now and then. If you want hard (and fast) way to learn to confirm your commands, use dd a lot ;)

One way to make it a bit less scary is to ‘mv <thing you want removed> /tmp’ and when you confirmed that nothing extra got removed you can ‘cd /tmp; rm -rf <thing>’, but that still includes the ‘rm -rf’ part.

Absolutely. Maybe leave Gnome/KDE out and use a lighter WM, but they’ll be just fine. Specially if they have 8GB or more RAM. I suppose those have at least dual core processors, so that won’t be a (huge) bottleneck either. You can do a ton of stuff with those beyond just web browsing, like programming/text editing/spreadsheets and so on. I’d guess that available RAM is the biggest bottleneck on what they can do, specially if you like to open a ton of tabs on your browser.

With plain linux that’s a bit complicated to actually dualboot. When booting windows grub just throws the ball to windows bootloader and it manages things from that on, but with grub you’d need to have two separate grub-installations on different partitions so that changes made in Arch doesn’t mess up stuff with PopOS (and other way round). It’s very much doable, but I suppose (without any experience on a setup like that) that if you just go with default options it’ll break something sooner or later and you need to pay attention to grub configs on both sides at all times, so it requires some knowledge. Basically you’d need a grub installed on (as an example) /dev/sda for the system to boot from bios and another grub instance at /dev/sda5 (or whatever you have) for second grub. They’d both have independent /boot directories, grub configs and all the jazz. It’s doable, but as both systems can access either one of the confgurations you really need to pay attention on what’s happening and where.

Mixing home directory with different distros can create issues, as things have slightly different versions of software and their underlying philosophy, specially when mixing different package managers, is a bit different and they might not be compatible with eachother. Personally I would avoid that, but your mileage may vary wildly on how it actually plays out.

For the partitioning, you can safely delete all the partitions, but you’ll of course lose the data on the drive while doing it.

If I’d need such a system I might build a virtual machine to run all the dev stuff and just connect to it from a “real” desktop environment. Essentially mimic a two separate systems where you’ll have a “server” for the dev things and a “desktop” to connect with it. Or if you want a clear separation between the two it’s possible to run a different window manager for each of the tasks and just logout/login to switch between the two and with some scripting/tweaks you can even start/stop services as required when you switch between “modes”. Depending on your needs it might be enough just to run development environment with a virtualbox and start/stop it as needed and adjust the actual desktop experience accordingly.

If I remember correctly, 1000Base-T standard has a requirement that device has to negotiate pinout on the fly. No matter which pin is connected to which. Obvioiusly just randomly wiring a cable up has other problems, like signal-to-noise, but in theory it should work even if you make a cable that’s as unstandard as you can make it.

I’d first recommend that you think about what you need.

This is the absolutely correct option. I’ve set up way too many things without a use case and lost interest shortly after. If you have a real world use case for your project, even if it’s just for yourself, you’ll have the incentive to keep it going. If you’re just setting things up for the sake of it the hobby loses it’s appeal pretty quickly. Of course you’ll learn a thing or two on the way but without a real world use case the things you set up will either become a burden to keep up with or they’re eventually just deleted.

Personally, tinkering with things that are just removed after a while gave me skills which landed me on my current job, but it’s affected myself enough that I don’t enjoy setting things up just for the sake of it anymore. Of course time plays a part on this, I’ve been doing this long enough that when I started a basic LAMP server was a pretty neat thing to have around, so take this with a grain of oldtimer salt, but my experience is that setting up things that are actually useful on a long term is way more rewarding than spinning up something which gets deleted in a month and it’ll keep the spark going on for much longer.

Hashing is one-way encryption. So, while you’re techcnically correct that they’re not encrypted in the traditional sense (encryption is reversible), for many it’s easier to understand the concept of encryption instead of hashing and terms are often used interchangeable.

Logging depends on the instance. Many admins choose to not log any data which could be used to identify any individual, but verifying their claims (without a doubt) as a single user is pretty much impossible and there’s nothing stopping an instance admin of gathering all the data (s)he wants to.

Like are they protected or encrypted so the hackers can’t use them ?

Passwords are encrypted, but in case of a security breach on an instance they are still vulnerable, like with any other password leak. Majority of the systems today use one way encryption with their passwords, but still millions and millions of user accounts are leaked almost daily.

Also what is stoping the instance owners from abusing or selling these behind our back ?

Nothing.

or running a modded version of lemmy are they detectable ?

If done properly, no, you can’t detect them.

But that’s not any different from any of the services around the net. Companies like Meta and Google make their money by selling user data, advertisers track you and all the other things you’re most likely already aware of.

Administrator of my instance said that they don’t gather IP addresses or any other data they don’t need to keep the servers running and I trust them on that, but your mileage may vary. And then there’s different legal systems around the world where an admin might be forced to give out information about individual user, but where I live that’s not a thing.

Seafile. I’ve used it for years, but I’m moving over to nextcloud as I could use other features it provides. They have paid options too, but unless you need LDAP or something more sophisticated for user management the community edition works just fine.

I personally like mikrotik routers. They have all the features you could wish for and then some and they’re relatively cheap for the things they can do. I have RB4011iGS+ (I don’t think that exaxt model is available anymore) and it’s been rock solid. As I have fiber I just pulled the SPF-module from ISP’s box and plugged it in on my own hardware, so the router ISP provided is just gathering dust right now.

But it depends on what you’re really after. If you just need basic firewall/NAT/DHCP functionality and your connection speed is below 1Gbit pretty much any router will do. If you have fast connection and/or need for totally separate networks/VLAN/something else it’s a whole another matter.

Generic answer for this is to get a refurbished corporate laptop. At least in here we have several companies which buy previously leased computers and give them a refurb (new hard drive, good cleaning, things like that) and sell them for pretty good price.

W, T or X series Thinkpads are pretty safe options, my T495 was 300€(ish) on sale. L and carbon are something I’d avoid, L (at least few years back) weren’t built as well as T-series and X1 carbon doesn’t have options to expand/swap out ram.

You can run rsyncd as a service on host you wish to back up and connect to that from your central point directly without ssh. Traffic is unencrypted and I wouldn’t trust on that over public network, but you can bind rsyncd to localhost and open a single ssh tunnel for each host (or even write a small script to keep tunnels open automatically) and then just run rsync over that. That’s how I backup my things, just with backuppc in the mix (I’ve got scripts to open/close ssh tunnels at backuppc configuration). VPN tunnels are also an option to encrypt traffic, but depending on your use case that might be a bit overkill.

Or if you’re not tied to rsync you could use something like BorgBackup or other tools which manage the whole jazz for you out of the box.

And I don’t look even slightest like Humphrey Bogart no matter what kind of fedora I’d wear.

While I agree with @[email protected], this isn’t strictly speaking on-topic for this community, that kind of knee-jerk response is very much out of the topic as well. The first community rule is to be civil and in general I, perhaps optimistically, would like that conversation over fediverse in global would be civil, or at least well argumented, a bit like it used to be (more or less, YMMV) back in the usenet days.

And on the topic of self-hosting, that’s a line drawn in the water. I run various of things by myself (postfix+dovecot, LAMP, bitwarden, seafile, nextcloud…) on a rented servers running linux+kvm. And I get money by doing that, it’s a very much a business case, so I’m a bit reluctant to ask questions about the setup I have in here as I think it wouldn’t be fair to ask for advice from hobbyists in a project where money is directly involved. But for me personally that setup checks both sides of things. I get money by doing it, but at the same time I personally can get out of the walled gardens like M365 or Gsuite.

TL;DR: There’s no need to be rude, you can choose to politely point people in the right direction.

I do wonder about when VPNs started being used as proxies…

About at the same time operators at the US noticed that they could profit from profiling users behaviour. In here that’s very much illegal thing to do and most use cases for VPN is to connect yourself into corporate network. VPNs are of course useful to protect you from MITM attacks at open wifi networks and things like that, but hiding your behavior from your ISP is very much an US thing.

While I think you could techincally spoof your originating IP at the VPN server to match your clients IP it wouldn’t do anything useful. That’s not how IP routing works. What you’re trying to achieve with a setup like that?