What is it you’re actually trying to accomplish? Connect remote services to your self-hosted cloud?

Well, this “authenticated user” could be your fucking LLM and this is really concerning. Besides that a single CVE 10 is also very concerning no matter how old the affected version is.

Just look at the recent vulnerabilities it had. It just had a CVE 10 in January and March of this year.

https://app.opencve.io/cve/?vendor=n8n

This is actually quite a good read and pinpoints the issue. (Sorry for the Reddit-link though.) https://www.reddit.com/r/GrapheneOS/comments/1s8q534/response_to_a_post_about_grapheneos_on_another/

Having read the comments I still see two major isssues with this:

1. This looks like an almost-as-secure-as-GrapheneOS fork, therefore creating a (false) sense of security, because…
2. GrapheneOS’s security is based on secure hardware (Pixel’s Titan chip) to verify the software. Only having software security without the underlying secure hardware is kind of pointless or at least well… a false sense of security.

Officially yes, but I suspect he is still behind the official social media accounts. Their tone is unchanged and I recently got blocked by the GOS account on Bluesky and immediately by Micay’s account as well.

I think it’s a lot more than just 3 features removed. AFAIK the whole hardware attestation is based on the Titan chip and you don’t have to trust the devices hardware, because you can cryptographically prove that the software is unchanged. It’s not only about the Auditor app, but the whole integrity of the OS, the boot process and firmware is secured by the Pixel’s hardware or more specific the Titan chip.

And the billions of devices can not be saved by a GrapheneOS fork because they’re mostly missing crucial firmware and generally get no updates anymore. That’s why GrapheneOS is only supporting recent devices and especially Pixel devices because they receive up to 7 years updates.

I’m all into getting people a more secure OS but I fear that a GrapheneOS fork is perceived as a secure OS when it’s actually not. The most important security features are still recent (firmware) updates and hardware attestation, verified boot etc.

I would love to know, but he blocked me everywhere.

But those benefits rely on the Pixel’s hardware. This is contradictory.

But why?

Have you vibecoded this?

How are you accessing Jellyfin? Local only, via VPN and/or reverse proxy? Anything else you have changed on the system in general?

Ionos is part of United Internet which is the largest internet provider besides Telekom in Europe.

Borg an Restic should both be able to do that. I personally use Borg on my Storagebox and have scripts on all my devices that push periodic backups.

True, but it’s still in beta and Pangolin has other useful features like built in geoblocking and authentication.

Arch for Gaming/Desktop, Debian for Server/Proxmox/VPS.

This. I just moved from Nginx Proxy Manager + Headscale/Tailscale to Pangolin and it’s incredibly easy.

Yes, but I also want to run the client in a container and the docs recommend to run the container using network_mode: host. And I suspect this creates a conflict in networks. So I want to have Netbird server, Netbird client and Nginx Proxy Manager all in containers share the same network.

Network effects.

It’s not primarily made for monitoring, but Dockhand has a lot of great monitoring for your whole host and for individual containers.