How do you expect the packets to actually route? If you run Tailscale and your VPN on your phone, they might fight with each other for control of the routing table.
If you’re trying to use Tailscale exit note to then route through Tailscale to one node running gluetun to Mullvad. That’s going to be complex because against they both want to mess with the routing table.
Tailscale natively supports Mullvad: https://tailscale.com/mullvad
Okay it was a little hard to read since your post was missing formatting. TS_SUBNETS is what controls what CIDRs are announced through Tailscale. Since you’re not using Docker networking for Jellyfin, it would be whatever subnet the host is on. Maybe it’s 192.168.x.y
Gluetun doesn’t make any sense here. You’re forcing all the traffic for from Jellyfin to go through Mullvad, but you need to be able to connect to Jellyfin because Jellyfin is a service you connect to.
Since your Tailscale is host network mounted, you’ll be able to expose your Docker network subnets over Tailscale then access Jellyfin. This is done via the TS_SUBNETS env variable. Docker will use a 172.16.0.0/12 subnet.
You probably intend to gluetun your downloading software, not Jellyfin.
Your options are to run smaller models or wait. llama3.2:3b fits on my 1080 Ti VRAM and is sufficiently fast. Bigger models will get split between VRAM and RAM and run slower but it’ll work.
Not all models are Gen AI style LLMs. I run GPU based speech to text models on my GPU too for my smart home.
I don’t think there is a technical issue or any kind of complexity at issue here, the problem seems trivial even though I haven’t worked the details. It is moot since it’s broken on purpose to preserve “They’s” business model.
I’m explaining what the technical problems are with your idea. It seems like you don’t fully understand the technical details of these networking protocols and that’s okay but I’ve summarized a few non trivial technical problems that aren’t just people keeping multicast from being used. I assure you if multicast worked, big tech would want to use it. For example, Netflix would want to use it to distribute content to their CDN boxes and save tons of bandwidth.
I don’t know who they is in the case, but let’s think about this for a minute.
Technically what do you need for this to work?
How many Multicast Addresses do you need? How are multicast addresses assigned? Can anybody write to any multicast address? How do I decide that 239.53.244.53 is for my file not your movie? How do we know who is listening? This is effectively BGP, but more tricky because depending on the answer to the previous question you may not benefit from any network block sizes to reduce the routing info being shared. How do you decide when to start transmitting a file? Is anybody listening? Does anybody care?
You seem latched on to assume that technically would work and haven’t asked if it is actually technically a good solution. P2P is going to work better than multicast
Multicast addresses are handled specially in routers and switches all over the world.
Changing that would require massive firmware updates everywhere to get this to work and we can’t even get people to adopt IPv6. Nevermind the complexity in figuring out to how manage IGMP group membership at the Internet scale.
Given the complexity with either change, its better to adopt IPv6 and use PeerTube. Multicast at the Internet scale won’t work and IPv6 is less work
Assuming multicast worked across the internet, it’s not going to work in practice. Multicast works by sending a packet and fanning it out to all receivers.
It works with broadcast TV like IPTV because everybody is watching the same few set of channels at the same time, but on YouTube I can watch any video at any time. How does a mythical Transmitter know what video packets to send when? Are they on loop? Are clients receiving packets for videos they don’t care about?
You might be interested in PeerTube which uses unicast peer to peer to distribute videos in a way that works.
I use a variant of this: https://github.com/linuxserver/docker-wireguard
You don’t need two different containers for this. They’re going to either fight each other for control over the networking tables or run wireguard in wireguard
So I had a chance to try this out. It wasn’t on Google Play Store, only F-Droid. There isn’t really SSO support, you either login with User/Password or a token. Instead, I login with my browser, get the token and paste it in. That works fine, but an ideal world is just pop up an browser WebView and go through the flow, then grab the token. Maybe it was intentional, but PaperlessShare registered as an Open handler for PDFs and the share menu, whereas this is only share menu. This seems to mean that I need to grant file access, whereas the open handler didn’t need that I think.
Overall, it does the job and gets my docs uploaded.
How hard would it be to contribute these improvements back to the project in the form of either distro package updates or documentation changes? Did you consider that?
Why do they need to wait for the UN vote to recognize another state? I could see a UN vote being needed to vote for the UN to recogize and incorporate them, but that shouldn’t stop a country from acting independently.
Can you expand on the OIDC/OpenID support? Does it support SSO based authentication to Paperless? That’s my biggest problem with PaperlessShare right now. I can’t actually sign in because I use an SSO provider.
I respect your strong ethics and sticking to them, but saying they people support genocide for using software hosted on GitHub is an extreme position.
I could easily change this: Do you drive a car or fly a plane? Then you must have no red lines against climate change.
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.
Executives have compensation tied to stock price. If the stock price goes down because nobody wants to invest in a bad company, those executives have incentive to become change their ways.
That compensation incentive is also why executives are so short term thinking nowadays.
The stock market is part popularity contest but it’s a lot more complicated than simple statements.
There’s different ways to be ethical in finances.
One option is to just not be anxious about investing in “bad” companies and make money, but then turn around and donate to charities, vote for aligned politicians, and vote in shareholder elections.
Or you could try to invest in “better” companies. ESG (Environmental, Social, Governance) based investing has been politicized and isn’t perfect because the scoring can be and is manipulated. But at least it’s trying. For example, normally ETFs management companies take the shares that you effectively own and vote along with the board recommendations which often aligns with making the most money over environmental and social concerns, but funds like $VOTE so those voting rights to vote in ways they think are more ethical. Vanguard has $ESGV. Black Rock, a huge investing company, offers voting choice which allows you to pick alignment strategy. For example, you could pick to vote for environmental reasons and they’ll influence the company that way. Support for that depends on your brokerage and the fund you own.
You could also pick individual stocks and never buy companies that don’t align with your ethics, but that has its own complexities because now you’re actively investing and probably not matching market returns.
Ultimately, ethics aren’t black and white. I don’t try to be perfectly ethical in my investing because it just causes too much anxiety asking is this company bad or good? I invest in broad market funds, I vote in all elections (both shareholder and government elections), I don’t invest in individual companies I don’t agree with, I invest in some climate friendly ETFs, and I donate to charities that I like.
This situation reminds me of a plot in The Good Place, a TV show, about how >!everybody went to the “bad place” because modern society had so many decisions that had small negative consequences.!<
I’ve been running my own mail for 10+ years. I recommend rspamd for spam filtering. It took the place of SpamAssasin, grey listing, SPF checking, etc. All in one single system.