This looks more comprehensive than Untracker, but maybe it is too complicated for some people?

You can use both at the same time and it is useful to have ULA if your ISP changes your assigned prefix.

BIOS menus aren’t the only way to adjust fan speeds on servers. You may be able to do it from Linux using a management interface.

Why RIP? It’s still alive.

This isn’t new. Even before AI, failing companies would use layoffs as a sort of loan on their quarterly numbers. If you lay off your employees, you’re really profitable for as long as you can continue collecting money for the work the employees had already done.

Setting the SSH service to a random high port doesn’t make security better and may make security worse. Linux has a restriction that low numbered ports require special permissions but high numbered ports do not. If an attacker manages to get low privilege code execution on your machine, they may manage to bind their service to the SSH port instead. If the server and client are configured correctly, this will cause a host key mismatch error. Continuing anyway could allow the attacker to take over your account on the server. It’s unlikely unless you are a high value target.

Root login and password authentication are already disabled, and it’s very uncommon for self hosters to use SSH certificates at all.

Changing the SSH port away from 22 does not improve security unless your password is “password” or “admin”. Anybody who’s even slightly sophisticated will find your SSH service on the correct port and make requests there instead.

Phishing campaign authors will love this. It normalizes users scanning barcodes they can’t read to go to unknown locations on a device where it’s harder to see the URL and there’s no IT watching for phishing activity.

This problem has nothing to do with NPM. Checkmarx was compromised last month, and during that compromise there were malicious VS Code extensions published to Visual Studio Code Marketplace. A Bitwarden developer says that somebody ran one of those malicious extensions, and GitHub API keys were stolen which were used in publishing the malicious CLI package.

It’s probably better that it happened on NPM. If the CLI were only downloadable from the Bitwarden website, it would have likely taken longer for somebody to notice something was wrong.

I’ve never heard of anything working that way. The preferred algorithm is RFC 8305 “Happy Eyeballs,” which uses whichever network responds first. Even if your clients prefer IPv4, having IPv6 available allows you to access some resources that are not available over IPv4.

Matter uses IPv6 but it does not require you to have IPv6 internet. As long as the router isn’t blocking IPv6 router advertisements and IPv6 traffic between devices in your LAN you should be okay.

I already switched to Immich. It’s pretty good at finding pictures, it doesn’t require a subscription, and it isn’t Google.

My old phone was constantly recommending that I send YouTube videos with spy query parameters to the e-mail address of a dead relative instead of Untracker. It’s like they designed the system to push users towards doing what they want users to do instead of helping users do what users want to do.

I have to use a Mac and I can confidently say that the experience of using a Mac has not gotten better every year. It just doesn’t get worse as quickly as Windows. It may be true that Apple Silicon has gotten better every year, but so has AMD.

Give it a few months and your phone will helpfully install it for you.

Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?

No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.

At least for some laptops, you cannot just remove the battery. If the battery is removed, the performance may be throttled. This is true of very old MacBooks.

In the US, most IPSs have remote access to your modem as well, even if you purchased it yourself from a store unaffiliated with your ISP.

The education system has been killing critical thinking for decades. Why start trying to save it now?

Enabling SSH password authentication is unnecessary and not a good idea, especially if your temporary passwords are simple. I haven’t used Hetzner but there is probably a way to upload a file or to paste into the console, or else if you fix your keyboard you could at least type a URL to download the public key from the internet. You may want to look into cloud-init instead of manually installing and configuring your VMs.

LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.