Nice, thank you!

Oh neat! That looks like a perfect fit for me! I saved your post and will come back to it once the biyearly “just f*ing fo it again” motivation hits me once more :D

Yes, I do loose the origin IP and I’m a little bugged by it. It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware. That’s totally my personal preference though.

I trust my VPS provider to not be interested enough in my data to setup special surveillance tooling for each and every possible software combination their customers might have. Cloudflare on the other hand only has their own software stack to monitor and all customers must adhere to it. It’s by design much easier for them to do statistics or snooping.

I am using the smallest tier VPS from IONOS for 1€/month. Good, reliable and trustworthy as it is a subsidiary of 1&1 telecommunications.

Rent a VPS, point DNS to it, have it act as central wireguard peer and connect your server(s). Then bridge incoming traffic to server via socat or firewall rules. Done

Sure it’s easy to set up, but the same behaviour is what I get with my handrolled solution. I rent a cheap VPS with a fixed IP solely for forwarding all traffic through wireguard. My DNS entries all point to the VPS and my servers connect to the VPS to be reachable. It is absolutely network agnostic and does not require any port shenanigans on the local network nor does it require a fixed IP for the internet connection of my home server.

Data security wise the HTTPS terminates on my own hardware (homeserver with reverse proxy) and the wireguard connection is additionally encrypted. There are no secrets or certificates on the rented VPS beyond the bare minimum for the wireguard tunnel and my public key for SSH access.

Shuttling the packets on the VPS (inet to wireguard) is done by socat because I haven’t had the will or need to get in the weeds with nftables/iptables. I am just happy that it works reliably and am happy to loose some potential bandwidth to the kernelspace/userspace hoops.

Coming from Rust I am toying around with Lua at the moment. Lua is a small, simple and I would say a very neat language. But for big projects like an entire game I would personally much prefer a “traditional” compiled language like C/C++, Java/C# or Rust. Scripting langs are great for small scopes, but they quickly become a burden for bigger things in my opinion.

It’s probably also highly automated and the staff’s job is just to watch for irregularities and alert the necessary teams.

That might be due to your ISP’s routing and interconnects. They usually have good routes to big services and might lack good connections between home users in different countries or on different continents.

Well, it uses the spotify service. The least thing spotify can ask for is an offical account if you’re going to use their API.

Yes, they do! You can even look up additional information about songs like the bpm, gebre, etc., I am tempted to do some project with it.

She might even argue for significantly more hours if she wipes out an entire blood line at once.

That’s the biggest pain point with Signal and WhatsApp in my opinion. Telegram does it, but then of course it’s much easier for them to support. Sharing content from my tablet is such a hassle.

I did too, but shortly after decommissioning that server the drive became unresponsive. I really dodged a bullet without even realizing at the time. SMART data did not work and may have alerted me in that case.

Also, unrelated to SMART data, the server failed to do reboots because the USB-SATA adapter did not properly reset without a full power cycle (which did not happen with that mainboard’s USB on reboots). It always git stuck searching for the drive. Restarting the server therefore meant shutting it down and calling someone to push the button for me - or use Wake-On-LAN which thankfully worked but was still a dodgy workaround.

Two reasons.

First, Telegram messages are only “transport-encrypted”, meaning that the messages are safe while in transport from you to Telegram and from Telegram to the recipient of your message. Very importantly, these messages are not encrypted while Telegram has them! Even WhatsApp has better and more encryption than that (Called End-to-End encryption, only sender and recipient can read a message).

Therefore, you have to trust Telegram not to look at your messages (they certainly do) while other services simply can’t.

Second, at least here in Germany Telegram has become the main platform for conspiracy nuts and antidemocratic organizations. Someone who is “very active” on Telegram is most certainly an idiot.

Having friends that refuse to have anything to do with Telegram is a God’s Send nowadays!

From what I read online that can lead to instabilities and was therefore disabled on Linux.

And you typically don’t get SMART-Data from USB-adapters.

+1 NewPipe Germany

Unlikely, but who knows? Can you try and boot Windows (install iso probably enough)? Or some very old Linux distro? It might just be your monitor becoming weird with age.

Edit: Alsobtry with a laptop or something and see how it goes.