If you’re running an email server for more than a handful of persistent users, I’d probably agree. However, there are self-host solutions that do a decent job of being ‘all-in-one’ (MailU, Mailcow, Docker-Mailserver) that can help perform a lot of input filtering.

If your small org just needs automation emails (summaries, password resets), it’s definitely feasible to do actually, as long as you have port 25 available in addition to 465, 587 and you can assign PTR records on reverse DNS. Optionally you should use a common TLD for your domain as it will be less likely to be flagged via SpamAssassin. MXToolbox and Mail-Tester together offer free services to help test the reliability of your email functionality.

I’m currently going through a similar situation at the moment (OPNSense firewall, Traefik reverse proxy). For my solution, I’m going to be trial running the Crowdsec bouncer as a Traefik middleware, but that shouldn’t discourage you from using Fail2Ban.

Fail2Ban: you set policies (or use presets) to tempban IPs that match certain heuristic or basic checks.

Crowdsec Bouncer: does fail2ban checks if allowed. Sends anonymous bad behavior reports to their servers and will also ban/captcha check IPs that are found in the aggregate list of current bad actors. Claims to be able to perform more advanced behavior checks and blacklists locally.

If you can help it, I don’t necessarily recommend having OPNSense apply the firewall rules via API access from your server. It is technically a vulnerability vector unless you can only allow for creating a certain subset of deny rules. The solution you choose probably shouldn’t be allowed to create allow rules on WAN for instance. In most cases, let the reverse proxy perform the traffic filtering if possible.

It doesn’t.

Ocis/OpenCloud can integrate with Collabora, OnlyOffice but don’t currently have things like CalDAV, CardDAV, E2EE, Forms, Kanban boards, or other extensible features installable as plugins in Nextcloud.

If you desire a snappy and responsive cloud storage experience and don’t particularly need those things integrated into your cloud storage service, then Ocis or OpenCloud might be something to look into.

Authentik has blueprints, which while not as simple as Authelia’s config, do provide a functional way to have version-controlled configuration.

You’re not referring to this satire article by chance?

For what it’s worth, I do think OCIS is worthy of switching to if you don’t make use of all of the various apps Nextcloud can do. OCIS can hook into an online office provider, but doesn’t do much more than just the cloud storage as of right now.

That said, the cloud storage and UX performance is night and day between Nextcloud/Owncloud and OCIS. If you’re using a S3 provider as a storage backend, then you only need to ensure backups for the S3 objects and the small metadata volume the OCIS container needs in order to ensure file integrity.

Another thing to note about OCIS: it provides no at-rest encryption module unlike Nextcloud. If that’s important to your use case, either stick with Nextcloud or you will need to figure out how to roll your own.

I know that OCIS does intend to bring more features into the stack eventually (CalDAV, CardDAV, etc.). As it stands currently though, OCIS isn’t a behemoth that Nextcloud/Owncloud are, and the architecture, maintenance is more straightforward overall.

As for open-source: OCIS released and has still remained under Apache 2.0 for its entire lifespan thus far. If you don’t trust Owncloud over the drama that created Nextcloud, then I guess remain wary? Otherwise OCIS looks fine to use.

You use Steam for games on Linux primarily. Independent native games exist as well. Many Windows-only titles will be best run through Proton: Valve’s modified WINE bundle. Other store titles can be configured to run through WINE or Proton via apps like Lutris or Heroic (GOG, Itch.io, Epic Games, etc.).

For multi-monitor: use Wayland. For 2.5Gbps Ethernet NICs, they never work properly on any system in regard to performance, but I presume you are referencing the subpar Realtek NICs not connecting? Depending on the distro, you likely won’t have the driver and/or firmware package preinstalled to make it work.

Just took a couple minutes to install and setup the fork to try it out. Turns out there is a flatpak on Flathub under the id dog.unix.cantata.Cantata that looks to be maintained directly by nullobsi. I’ll have to see where rough edges show up, but this fork looks good thus far. A full port from Qt5 -> Qt6 isn’t a trivial amount of effort, so mad respect to everyone working on this ported version.

https://librewolf.net/

A summary from its site and known technical details:

• no telemetry by default
• includes uBlock Origin
• has sane privacy-respecting defaults
• prepackages arkenfox user.js
• relatively well-maintained fork of Firefox that keeps up with upstream
• No major controversies AFAIK

As for Windows 7, nobody should really need to install Librewolf anyway on such a device. No device running Windows 7 should have access to the internet at this point. If you are asking about compatibility intending this use case, you have bigger problems to worry about than your choice of browser. If you just need to view HTML files graphically, even Internet Explorer or an older firefox ESR will do.

We are well beyond the point of a majority of common hardware having built-in kernel drivers and userland software for extra stuff like RGB control that the best advice is rather avoiding Linux, to instead avoid the trash hardware (NVidia for the time being, GoXLR, Broadcom, etc.). My GPU, audio hardware, network interfaces are both popular products and have worked out of the box for years now.

2-2-1 still insinuates having a remote backup. I don’t see how this particular threat destroys a 2-2-1 setup.

What makes Nextcloud unreliable for your use case? I’ve used the calendar (caldav) functionality for years without issue in sync.

Tbf to cloud sync, nothing is stopping you from using your own backup/restore service with your drm-free titles compared to the other features that Galaxy offers.

GOG has DRM for many titles: see Galaxy. As I understand it, it isn’t as pervasive as Steam, but is necessary if you want multiplayer on many titles or care about extras like achievements.

I have been utilizing BunkerWeb for some of my selfhost sites since it was bunkerized-nginx. It is indeed powerful and flexible, allowing multi-site proxying, hosting while allowing semi-flexible per-site security tweaks (some security options are forcibly global still, a limitation).

I use it on podman myself, and while it is generally great for having OWasp CRS, general traffic filtering targets and more built on top of nginx in a Docker container, the way Bunkerweb needs to be run hasn’t really remained stable between versions. Throughout several version upgrades, there have been be severe breaking changes that will require reading the setup documentation again to get the new version functional.

User-Centric Innovation: Unveiling the Industry-Leading Battery Life

We know how a smartwatch becomes integral to its wearer’s life, and battery life can’t be a concern. That’s why we went back to the drawing board, driven by community feedback, to ensure the OnePlus Watch 2 delivers an exceptional user experience. With up to 100-hour battery life in full Smart Mode, it sets a new industry standard, ensuring that your watch keeps pace with your life, uninterrupted.

Really impressive how OnePlus is touting a relatively mediocre 4-day (at best) battery life on a smartwatch as something exceptional or something that they (falsely) claim as industry-leading. Maybe it is good by typical WearOS device standards, but is by no means top of the line for the smartwatch industry.

I am not sure if jest, but you could always take a few seconds at protondb to see that yes, all of those games do in fact run on Linux. Forza in particular seems to have issues for some users, but everything else works with minimal hassle.

The desired alternative is not Matrix simply because privacy-conscious, open-source ecosystem vs. proprietary solution is not the goal. Matrix would still generally be terrible for support. What people want is publicly searchable content that is ideally indexed like a wiki. Many will happily settle for issue boards or even forums though. Discord has pathetic search capabilities in comparison to any search engine and has no way to properly and publicly backup information that is posted to the platform. With a website of any kind, one could clone the site for mirroring or simply get a web archive service to crawl relevant sections.