I feel seen

Sounds fun. Maybe I’m missing something but I wouldn’t expect a local restaurant to have rolled their own takeout backend. Are you actually seeing places that do? The branding might be subtle, but I’d be really surprised if they weren’t using a canned service.

Oops

Another potential option here is https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html

ip_unprivileged_port_start - INTEGER

    This is a per-namespace sysctl. It defines the first unprivileged port in the network namespace. Privileged ports require root or CAP_NET_BIND_SERVICE in order to bind to them. To disable all privileged ports, set this to 0. They must not overlap with the ip_local_port_range.

    Default: 1024

This is also per namespace so you could use it in combination with network namespaces if you really wanted to keep privileged ports.

It is a fantastic way to make sure things work across a team. We use Linux (bunch of different distro) and macOS at my company and once I started packaging things with nix environment related issues mostly went away. It’s not perfect and it’s not necessarily easy to learn nix, but I prefer it to sharing docker containers or other alternatives.

What’s the give away there? Not doubting just wondering.

I see impedance matched traces so seems like something fast, but that’s all I’d be able to guess.

An equal amount of wasted energy is output defending a trillion dollar corporation that doesn’t care about those defending them at all. Apple be fine. Let’s just use our computers and move on with our lives; it doesn’t have to be personal.

Honestly I wouldn’t even go so far as home assistant. Do you have any IP cameras or just USB webcams? If you have IP cameras all you need is the VPN and then just access them as if you’re at home. If you only have USB webcams, you’re going to have to stream the content and I believe ffmpeg is actually capable of taking /dev/videoX and serving it over RTSP somehow, but I don’t remember exactly how. I see some references to it in some quick searches though. Maybe start here (some blog) or here (Stackoverflow question)?

Another thing to remember is that you’re going to be limited by your upload speed. If you’re not on fiber and in the US that’s likely going to be pretty bad, so set your resolution and the like accordingly.

Sorry about your cat. We typically have a Rover stop in to check on our cats when we’re gone for a bit; it’s nice to get them some human interaction and they always send pictures and give updates.

I personally have a camera setup inside that just streams to HomeAssistant so we can check on them ourselves when we’re out just for the weekend. I disconnect it when Rovers are stopping by though because I don’t want them to feel spied on. No need for anything fancy really, but if you really want NVR I just use Frigate (for other things, the cat camera really is just a stream). It’s free and open source and really easy to set up.

WireGuard is a very easy way to set up the access. My router has just the single WireGuard UDP port forwarded

The real issue is definitely people not having total control over their own devices.

It doesn’t need permissions to be sent pictures from messages though, that’s all local and likely done via an exported Service. Good chance other Google products are or will make use of it in the future.

There are definitely good, non malicious reasons to have it as a separate app and that should actually be preferred. Off the top of my head:

• Separation of permissions - it only has the permissions it asks for instead of every permission messages has
• It can be disabled/removed without disabling messages
• it can be reused by other applications if that’s a desirable feature

Some people might actually like this: thinking of women getting unsolicited dick picks in particular

Yea, but there are also some things AppArmor just can’t do. Although in my experience most aren’t as big of a deal. Things like saying “only processes of this type can bind to port X” for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?

They both have really bad documentation though :(

AppArmor is great but it isn’t nearly as powerful as SELinux. Way more user friendly though.

I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.

I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.

One of the few with SELinux by default