Android 4 was the reunification of Android 2 for phones and Android 3 for tablets. I think it coincided with the launch of the original Nexus 7 and Google Assistant, and I think I was installing third-party Android 4 builds on one of the first US phones with 4G LTE.

You need to factor in other economic factors. How much is this in terms of median salary? How much is this in terms of child care costs? Currency conversion is based on how much the currency is worth in the other country.

We can all hate Elon and Twitter, but we’re really arguing in favor of internet censorship and extraditions for foreign citizens living in their home country that, knowingly or unknowngly, assisted or has employees that assisted people in circumventing that censorship.

Elon is not in Brazil, and making the service available via CloudFlare was not an action taken in Brazil. Brazil should be able to seize assets in Brazil and change how they block access to prevent Twitter from doing business in Brazil, but arresting people in other countries for something like this is extreme.

This is a bad idea. If breaking the law of any country can result in extradition to that country then people are going to be getting extradited for things like disrespecting the communist party.

Having a non-garbage domain provider can be a luxury. I used to work at a place where we were paying boatloads of money for certificates from Sectigo for internal services, and they were charging us extra per additional name and even more if we wanted a wildcard, even though it didn’t cost them anything to include those options. Getting IT to set up the DNS records for Let’s Encrypt DNS verification was never going to happen.

I’m pretty sure browsers stopped distinguishing EV certificates years ago.

A large percentage of those hosts with SSH enabled are cloud machines because it’s standard for cloud machines to be only accessible by SSH by default. I’ve never seen a serious security guide that says to set up a VPN and move SSH behind the VPN, although some cloud instances are inherently like this because they’re on a virtual private network managed by the hosting provider for other reasons.

SSH is much simpler and more universal than a VPN. You can often use SSH port forwarding to access services without configuring a VPN. Recommending everyone to set up a VPN for everything makes networking and remote access much more complicated for new users.

Shodan reports that 35,780,216 hosts have SSH exposed to the internet.

Moving SSH to ports other than 22 is not security. The bots trying port 22 on random addresses with random passwords don’t have a chance of getting in unless you’re using password authentication with weak passwords or your SSH is very old.

SSH security updates are very infrequent and it takes practically no effort to keep SSH up to date. If you’re using a stable distribution, just enable automatic security updates.

Having SSH open to the internet is normal. Don’t use password authentication with weak passwords.

It’s also ahead of gitea in some aspects: https://forgejo.org/faq/#is-there-a-roadmap-for-forgejo

You don’t need a static IP to have a domain name, and you don’t always need to pay for a domain name either.

That Pentum is a budget CPU from just over 10 years ago. It has PCIe 2.0. Maybe the “gigabit” ethernet is connected to the CPU by a single 500Mbit PCIe lane.

How is the drone going to determine that it is being used to commit a crime?

Docker Swarm encryption doesn’t work for your use case. The documentation says that the secret is stored encrypted but can be decrypted by the swarm manager nodes and nodes running services that use the service, which both apply to your single node. If you’re not having to unlock Docker Compose on startup, that means that the encrypted value and the decryption key live next to each other on the same computer and anyone who has access to the encrypted secrets can also decrypt them.

Aqara sells one that works with HomeKit and should work offline. They say it will get Matter support later, but Home Assistant can use it through HomeKit without having to buy any Apple devices.

Be careful with doing this. X-Real-IP and X-Forwarded-For are good for when the client is a trusted proxy, but can be easily faked if you don’t whitelist who’s allowed to use those headers. Somebody with IPv6 access could send “X-Real-IP: 127.0.0.1” or something and if the server believes it then you’ll see 127.0.0.1 in logs and depending on what you’re running the user may gain special permissions.

Also be careful with the opposite problem. If your server doesn’t trust the proxy, it will show the VPS IP in logs, and if you’re running something like fail2ban you’ll end up blocking your VPS and then nobody will be able to connect over IPv4.

If all you want is to break out the VLANs to NICs using a Linux PC instead of a managed switch, create six bridge interfaces and put in each bridge the VLAN interface and the NIC.

There’s a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.