When metrics become targets they fail to be metrics any more

You can do reverse proxy on the VPS and use SNI routing (because the requested domain is in clear text over HTTPS), then use Proxy Protocol to attach the real source IP to the TCP packets.
This way, you don’t have to terminate HTTPS on the VPS, and you can load balance between a couple wireguard peers so you have redundancy (or direct them to different reverse proxies or whatever).
On your home servers, you will need an additional frontend(s) that accepts Proxy Protocol from the VPS (as Proxy Protocol packets aren’t standard HTTP/S packets, so standard HTTPS reverse proxies will drop them as unknown/broken/etc).
This way, your home reverse proxy knows the original IP and can attach it to the decrypted http requests as x-forward-for. Or you can do ACLs based on original client IP. Or whatever.

I haven’t found a way to get a firewall that pays attention to Proxy Protocol TCP headers, but I haven’t found that to really be an issue. I don’t really have a use case

Tests is the industry name for the automated paging when production breaks

I had a huge rant about this, but ditched it.

Steve is the actual politician, but will vote according to crowd sourced opinions on the topics.
And that’s where AI Steve comes in. AI Steve helps generate policy ideas, and they are voted on by the approved community members. Parliamentary topics are also voted on by approved community members.
So AI Steve is the lube, but it’s essentially direct democracy for the approved community members.

So, very cool idea (the direct democracy).
No idea if it would work on a wider/country scale.
Of course it’s a Tory doing it.
Pretty sure this could be done just with an online voting/polling platform and 1 or 2 people doing data entry/gathering.

However, the “better than the past few PMs” is a dangerous rhetoric. Cause all it needs is also a “both sides the same, labour is Tory lite, etc”, and suddenly a bunch of voters will vote disruptively and we get Brexit 2.0 (whatever that might be).
Voting disruptively is absolutely fine, but I’m fairly sure it’s the easiest method for foreign influences to meddle in elections

I was kinda hoping the UK was past exploiting the ill-informed, idiots and reckless. Especially after the wild wild success of Brexit.

But no, apparently not.
Exploit the AI hype that a lot of people probably don’t understand.
Somehow argue that a computer is more human than a human.
Put this absolute garbage of a solution on the ballet, and watch everyone go “well, politicians aren’t working, let’s try breaking the system” and vote for some untested hallucinating predictive text algorithm to lead a country, while employing twice as many staff to fix/feed/spin/manipulate/fake the results of the AI.

I wish there was a way to see what the default values in a config file are for a given distro.
I’m guessing there probably is, and I just don’t know it.

Maybe I should just make / a git repo…

It’s the SATA cable

When learning c++ you hate c++. Then suddenly you get it, and love c++. Then you learn more c++, and you end up merely liking c++

Windows IoT can be configured into a soft-realtime (realtimey-wimey). Disabling audio is one of the steps, so I doubt it’s rtos mode for teams.

IoTs target market is companies reselling an appliance that runs on windows. So a Teams Room appliance is a perfect use-case for IoT

Sure, but what you are describing is the problem that k8s solves.
I’ve run plenty of production things from docker compose. Auto scaling hasn’t been a requirement, and HA was built into the application (so 2 separate VMs running the compose stack). Docker was perfect for it, and k8s would’ve been a sledgehammer.

It’s not a workaround.
In the old days, if you had 2 services that were hard coded to use the same network port, you would need virtualization or a different server and make sure the networking for those is correct.

Network ports allow multiple services to use the same network adapter as a port is like a “sub” address.
Docker being able to remap host network ports to containers ports is a huge feature.
If a container doesn’t need to be accessed outside of the docker network, you don’t need to expose the port.

The only way to have multiple services on the same port is to use either a load balancer (for multiple instances of the same service) or an application-aware reverse proxy (like nginx, haproxy, caddy etc for web things, I’m sure there are other application-aware reverse proxies).

Well, I’m glad compressed audio is good for you. I know many people that couldn’t care less.
The person you commented on and myself have both found Spotify quality to be lacking.
I’ve found tidal, and it’s Spotify without the chuff and pays artists better. And it’s cheaper.
Maybe I can’t actually hear the difference, and a true A-B blind would show the truth, but I don’t care enough to do that. I’m enjoying music more, and I’m saving money

Surely you want to enable 802.1q? Like, that is vlan aware switching and routing. Or is that on the nas?

Edit:
Some troubleshooting:

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation

I’m gonna sound like a fanboy, but the alternative is Tidal.
Better audio quality, better (imo) suggestions, and not wasting money of podcasts and weird AI bs.

I’m loving tidal. Been a few months now.
I’m finding so much more awesome music now. Spotify seemed to get stuck in suggestions where I went “yeh, I guess that’s kinda similar, but that’s not actually what I like about those artists”.

That whole “shortest path” has caught me out before (tho in a different way)!
And firewall logs of “state violation” aren’t always helpful when that’s pretty much the default log message

If they are on the same subnet, why are they going via the router? Surely the NIC/OS will know it’s a local address within its subnet, and will send it directly; as opposed to not knowing where to send the packet, so letting the router deal with it.

I’m assuming you are using a standard 24 bit subnet mask, because you haven’t provided anything that indicates otherwise and the issue you present would be indicative of a local link being used - this possible

Just calling your ms-connected non-admin account “Admin” to feel cool.
Cause I bet Microsoft is figuring out how to disable admin accounts except for pro/enterprise.
Anything else you install will either have to be through the (revised & revived) app store, or installers will have to be both signed (as they are now) and approved

The xkcd explained brushes near it.

Many of the passengers would suffer extreme injuries from the changes of velocity (up to 230 mph based on a loop radius of 3 x ship length) and rotation (unlike rollercoasters, or even airplanes during simple take-off and landing, passengers aren’t normally strapped down).

So, is public accessibility actually required?
Does it need to be exposed to the public internet?

Why not use wireguard (or another VPN)? Even easier is tailscale.
If you are hand selecting users (IE, doesn’t actually need to be publicly accessible), then VPN is the most secure and just run a reverse proxy for ease & certs.
Or set up client certificate authentication, so only users that install a certificate issued by you can connect to the service (dunno how that works for 3rd party apps to immich)

Like I asked, what is your actual threat model?
What are your requirements?
Is public accessibility actually required?