This is the answer
This is the answer
Yes, it will be enough if your services are not exposed via port forwarding , tailscale / zerotier are super convenient for this.
Honestly, if I were you I would start thinking in having a small computer just to act like a proxy / firewall of you synology, or even better, just run the applications on that computer and let the nas only serve files and data.
It is much easier to support, maintain and hardening a debain with a minimal intallation than nay synology box just because the amount of resources available to do so. In this easy way you could extent the life of your nas far beyond the end of life of the Sw
I use the tchapi docker image for the caldav server (die to the LDAP support for the user Auth) and davx5 for the android integration.
In Desktop thunderbird already have a native integration and with iPhone is also working fine.
No problems so far in almost a year, they work reliable and smooth. The only point I somehow miss is the lack of push notifications from the server to the devices, but it is not a deal breaker from me
Another one selfhosting contacts, calendar, notes and so on with that non-interoperable protocol.
And for the shake of honesty I need to say that while doable it is true that the situation could be highly improved with a lot of non standard stuff that private apps are implementing outside of the standard compliance
Don’t make it available from internet. This will solve the issue.
If it is not possible, once the cve is published and properly described, perhaps there is another way to secure it via an external proxy or even a waf.
If you have unsupported Sw, it is always a pain in the ass to keep them secure so try to figure out always the first point
Can someone be so kind to explain me what I am seeing?
Because it seems like I am not celvee enough to get it
The answer is mTLS.
But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution
This thing reduces the attack surface of the inmich installation.
If it is good, or bad or fitting to your security model can only be said by you. But honestly it sounds like a sensible thing to do
Even if you have a valid point, modern fingerprinting technics usually is done through your data and the connection dependencies of them (which accounts are activated from the sane computer and so on).
Selfhosting remove some links between your data set like the files you store in drive, the people who appear in your photos, your contact list, to whom you email… Etc etc
Suddenly all this data is vanishing from the big techs, so, in theory it would be possible to make that association process more difficult
Then follow that path, once you are comfortable with the approach you can start hosting more and more services,to the point that you can selfhost your own messenger services or ms teams services.
Once you are in that situation, you can think in accounts rotation and/or burner identities to address the services you can not pull from the big techs
OK, thanks for the feedback. Perhaps I am doing something terrible wrong with it.
I will recheck the system again.
Thanks
You need to start reducing your fingerprint on internet.
The only reliable way to do so is selfhosting your stuff.
There are a few communities here in lemmy, so check on them
Would you mind to elaborate a bit more about your experience witht he sophos?
I got a reused xgs115 a few months ago and I found the experience not so pleasant. The device lags a lot with the web page interface, the learning curve is steep in my opinion and I have problems to setup some services in a reliable way (they tends to hangs up, but this is perhaps my own problem)
Do you know by chance if they are able to have the Ds-lite tunnel for an ipv6 to ipv4 working?
How the average quality from those IKEA plugs?
In my experience Ikea quality in electronics range from ok to a big ball of crap without any apparent way to distinguish in which side they are.
This, this author has a specific style portraying situations that is fabolous.
But the books are a bit hard to understand in Spanish for a non-native speaker due to the use of not so common words
Thank for the suggestions, I will take a look because it is true that I focused myself on the link manager but perhaps a link sync tool could do the job.
Thanks again
I didn’t know floccus, I will take a look.
Thanks for the suggestion
Thanks for the suggestion, but as far as I know there is not any plugin for the browser available, right?
I couldn’t disagree more with you. If you are running something REAL life critical the moment there is a patch you install it and deploy as fast as possible. And if it contains any severe patch it is even the vendor who recalls all the equipment with service bulletin and advisory letters.
With life critical you don’t wait the bug to appear because It maybe too late to avoid deadly consequences.
No idea at all, but I am highly interested in your experience. So it would be great if you could came here back to share it with us