That’s what I like about Siyuan and Affine. I can have journal-like daily notes to quickly dump thoughts, but I can then re-arrange or cross-reference individual blocks in(to) other pages, that in turn can be in a nested folder structure and/or tagged. I can quite flexibly mix and match organization structures.

That, on the other hand, is only viable, if you are sure, data never needs to expire. Dedicated backup solutions work with retention policies.

Where I could see an LLM being useful is categorizing entries and maybe proposing sanitization (for example when the payment provider uppercases or abbreviates stuff)

Just to clarify: OwnCloud or OwnCloud Infinite Scale (OCIS)?

If it sells well on Steam, it also rises in the charts there, becoming more visible to an even larger audience. While the margin is lower due to the cost of the store, the profit might still heavily exceed the alternative (and since there’s no per unit cost for software, that’s quite nice).

“So I have this ultra portable gaming device…”

On mobile I indeed also had that issue once. However I made sure they can’t lock me out completely. The db is stored using the opensource sqlcipher, so one can open it and extract everything manually, if absolutely necessary. As long as they don’t change this, I am fine. In the worst case that would still be a lot of effort for me, but not impossible.

The export has also improved a lot. You can now also export to JSON which includes all the data one could need.

If you don’t have a hard requirement of it being fully (!) OpenSource, then I would recommend Enpass. Relatively pleasing UI that runs native on Win, Mac, Linux, Android and iOS. It has browser plugins for Chrome and Firefox that talk directly to the running fat client (so no multiple authentication with different browsers necessary).

The password db is completely local, but it offeres several sync mechanisms like WebDAV or Dropbox or also iCloud; basically whatever can store files. If it’s a NAS in your home, it simply will sync once you are back home.

It also offers “WiFi Sync”, in which case you designate one machine running Enpass as the server and link other clients to it, then you don’t even need to run a separate hosting for it (but that machine needs to be on and running Enpass when you want to sync, obviously).

It’s basically a less open but much more convenient and beautiful KeePass(XC).

I think CryptPad has delete-after-view.

Edit: yes, it has

Server written in C++ and client in Java and Lua… now that’s an atypical combination. It still peaks my interest.

No, I keep that private to minimize the information I leak about what I host, sorry. (I also don’t do git-ops for my server; I back the mentioned directories up via kopia so in case of recovery I just restore the last working state of data+config. I don’t have much need to version the configs.)

What I did to get rid of my mess, was to containerize service after service using podman. I mount all volumes in a unified location and define all containers as quadlets (systemd services). My backup therefore consists of the base directory where all my container volumes live in subdirectories and the directory with the systemd units for the quadlets.

That way I was able to slowly unify my setup without risking to break all at once. Plus, I can easily replicate it on any server that has podman.

No, since at the moment it wants to manage certificates, but I don’t intend to run pangolin as my main reverse proxy.

Pangolin is the most user friendly self hosted alternative to Cloudflare tunnels. There are dozens alternatives, but none with that feature set and such a UI.

That would be so damn awsome, if I could finally play 4k 120Hz GfN on Linux.

Yeah but it also shows the weird naming of WSL. It’s Windows (32) on Windows 64, but Windows Subsystem for Linux instead of Linux on Windows 64 (which would at least have fit the pattern).

I talk fully about software. Add appropriate nftable rules to the container network and that’s it.

Well, a big advantage of containers is, that you can isolate them pretty aggressively. So if you run a container that is supposed to serve content on a single HTTP port, expose only that port, mount no unnecessary volumes and run it on a network that blocks all outgoing traffic. Ideally the only thing left will be incoming traffic on the one port the service is supposed to serve.

Microsoft really has a knack for that. I also like WoW64, which contains the binaries for running 32 bit applications on Windows 64 bit. For historical reasons, the 64 bit binaries live in system32, obviously.

Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

Edit: oh and as an example how the actual rules file looks like:

#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

and with that I have my ipv4+6 firewall that allows pings and http