The simplest solution is to just restrict software updates to direct physical access, and put the USB port or whatever behind a locked service panel.
If the software can’t be infiltrated remotely, then there won’t be any security issues that are so urgent they need to be patched in the middle of a shift, they can wait for a maintenance stop.
Location tracking, diagnostics, statistics, security. Etc. it’s not a bad idea… for a bus.
There’s no good reason for any of that to be updated while the bus is on the road. It should be done at a service location.
Perfect explanation.
Thank you, I try. It’s always tricky to keep network infrastructure explanations concise and readable - the Internet is such a complicated mess.
People like paying for convenience.
Well, I would simplify that to people like convenience. Infrastructure of any type is basically someone else solving convenience problems for you. People don’t really like paying, but they will if it’s the most convenient option.
Syncthing is doing this for you for free, I assume mostly because the developers wanted the infrastructure to work that way and didn’t want it to be dependent on DNS, and decided to make it available to users at large. It’s very convenient, but it also obscures a lot of the technical side of network services which can make learning harder.
This kind of thing shows why tech giants are giants and why selfhosted is a niche.
There’s also always the “why reinvent the wheel?” question, and consider that the guy who is selling wheels works on making wheels as a full-time occupation and has been doing so long enough to build a business on it, whereas you are a hobbyist. There are things that guy knows about wheelmaking that would take you ten years to learn, and he also has a properly equipped workshop for it - you have some YouTube videos, your garage and a handful of tools from Harbor Freight.
Sometimes there is good reason to do so (e.g. privacy from cloud service data gathering) but this is a real balancing act between cost (time and money, both up-front and long-term), risk (privacy exposure, data loss, failure tolerance), and convenience. If you’re going to do something yourself, you should have a specific answer to the question, and probably do a little cost-benefit checking.
But if I’m reading the materials correctly, I’ll need to set up a domain and pay some upfront costs to make my library accessible outside my home.
Why is that?
So when your mobile device is on the public internet it can’t reach directly into your private home network. The IP addresses of the servers on your private network are not routable outside of it, so your mobile device can’t talk to them directly. From the perspective of the public internet, the only piece of your private network that is visible is your ISP gateway device.
When you try to reach your Syncthing service from the public internet, none of the routers know where your private Syncthing instance is or how to reach it. To solve this, the Syncthing developers provide discovery servers on the public internet which contain the directions for the Syncthing app on your device to find your Syncthing service on your private network (assuming you have registered your Syncthing server with the discovery service).
This is a whole level of network infrastructure that is just being done for you to make using Syncthing more convenient. It saves you from having to deal with the details of network routing across network boundaries.
Funkwhale does not provide an equivalent service. To reach your Funkwhale service on your private network from the public internet you have to solve the cross-boundary routing problem for yourself. The most reliable way to do this is to use the DNS infrastructure that already exists on the public internet, which means getting a domain name and linking it to your ISP gateway address.
If your ISP gateway had a static address you could skip this and configure whatever app accesses your Funkwhale service to always point to your ISP gateway address, but residential IP addresses are typically dynamic, so you can’t rely on it being the same long-term. Setting up DynamicDNS solves this problem by updating a DNS record any time your ISP gateway address changes.
There are several DynDNS providers listed at the bottom of that last article, some of which provide domain names. Some of them are free services (like afraid.org) but those typically have some strings attached (afraid.org requires you to log in regularly to confirm that your address is still active, otherwise it will be disabled).
Right, that would be the kind of “collective action” that I mentioned… it doesn’t have anything to do with preventing nations from going to war with each other… the UN doesn’t have that kind of authority and never did.
This might seem callous, but… the purpose of the UN was never to prevent wars from happening. The UN is an international forum, it is not a world government. The purpose is to create a space for nations to talk to each other, and to organize collective action on issues that the majority of members agree on. The UN was not intended to override the sovereignty of member nations - if it was, nations wouldn’t join in the first place.
What, again?
They should be powered on if you want to retain data on them long-term. The controller should automatically check physical integrity and disable bad sections as needed.
I’m not sure if just connecting them to power would be enough for the controller to run error correction, or if they need to be connected to a computer. That might be model specific.
What server OS are you using? Are you already using some SSDs for cache drives?
Any backup is better than no backup, but SSDs are really not a good choice for long-term cold storage. You’ll probably get tired of manually plugging them in to check integrity and update the backups pretty fast.
Er, so your view of the world is pro-bootlicking then?
And also, which of the Vietnamese government’s officials are “the working class”?
Tô Lâm, the cop?
A graduate of the Central Police School and the Vietnam People’s Security Academy, his entire career has been in the police forces.
Lương Cường, the army general?
Cường was previously vice director of the People’s Army of Vietnam General Political Department from 2011 to 2016 where he became the director, and was promoted to the rank of four-star General in 2019.
Phạm Minh Chính, the intelligence/security officer?
In January 1985, Phạm Minh Chính became an Intelligence officer within the Department of Intelligence within the Ministry of Public Security. Among other roles, he served as an intelligence officer in the Department of Europe and America within the Department of Intelligence. In March 1991, Phạm Minh Chính became an officer of the Ministry of Foreign Affairs, working at the Vietnamese Embassy in Romania.
Trần Thanh Mẫn, the business and economics doctorate?
He attended university majoring in Business Administration, was a graduate student in economics, successfully defended his PhD thesis in Economics and received his PhD in Economics in November 2009.
You believe these people are not greedy pigs? Hilarious. This is an oligarchy like any other, you’re just choosing a different paint job.
This guy was convicted for writing “down with the Communist Party of Vietnam” on a piece of paper. That is the entirety of this incident.
If you support this action you are an authoritarian.
Every other argument you might try to make is just an attempt to distract from the core issue, which is oppression.
You are a very confused person.
Trinh Ba Phuong, who was already serving a 10-year sentence on charges of spreading anti-state propaganda, was convicted Friday by the People’s Court of Da Nang for writing “down with the Communist Party of Vietnam for violating human rights, down with the Communist court for wrongfully convicting me” on a piece of paper found in his cell, according to The 88 Project, a group focusing on human rights abuses in Vietnam.
[…]
His most recent conviction is “the first instance of a Vietnamese political prisoner being prosecuted for their speech while already imprisoned,” according to The 88 Project.
The oligarchy doesn’t like competition.
Yes… let the cordyceps eat your brain… become one with the omnifungi… let our will become yours… listen to the mold as it whispers in your mind…
Again?
Actual Budget is an open-source envelope-style budgeting tool similar to YNAB. It has a self-hostable syncing service so that you can manage your budget across multiple devices.
The reason you might want to do this is that it’s probably easier to do full account review sitting at your computer, but you might want to track expenses/receipts on your smartphone while you’re away from home.
When people you have maligned and persecuted show you compassion and give you aid, that should be humiliating and humbling.
Unfortunately it probably won’t have that effect on the people who need it.
There is no paradox.
Tolerance is a social contract.
If you abide by the terms of the contract (e.g. tolerance) then the contract applies to you and you are protected by it.
If you do not abide by the terms of the contract then it is broken, and you are not protected by the contract.
I have experience managing multiple network systems with user-facing endpoints. That’s irrelevant.
Nothing critical on a passenger-carrying vehicle should be remotely managed and it definitely should be frozen while the bus is in active service. The last thing a crowded bus in motion needs is the lights randomly going out because someone decided it was time for a patch install.
The right choice from a security and safety perspective is for any wireless interfaces on the vehicle to be read-only - they can send data out (like current location). Pushing software changes should require direct physical access, and should only work if the vehicle is parked. Anything else is a stupid unnecessary risk.