But why? If you don’t need moving parts, don’t use moving parts. Simplicity is king.

My password database contains a few hundred entries. Good luck memorizing that.

Enpass uses the open source library sqlcipher (which is an sqlite fork with encryption). So while Enpass as a whole is not fully open source, you can still exfiltrate your passwords with open source tools, should they ever vanish or radically change their business model. You can then use for example enpass-cli.

That gives me enough confidence to trust in Enpass, since they can’t easily hold my data hostage.

Sorry, but log files can contain any amount of PII that is absolutely unsuited to be sent over an unencrypted channel to a person/company that should not even need some details.

I sure as hell also skim over logs before I send anything out and remove anything that I don’t want to leak.

So you didn’t fully read the mails either, did you?

Many security experts I know consider AV software to be snake oil. I do so too. They are so complex and need so far reaching permissions to be somewhat effective, that they become the attack vector and/or a large risk factor for faulty behavior.

Add in lots of false positives and it just numbs the users to the alerts.

Nothing beats educating users and making sure the software in use isn’t braindead. For example Microsoft programs that hide file extensions by default is a far bigger security problem than a missing AV tool. Or word processors that allow embedded scripts that can perform shit outside the application. The list goes on …

Happy to help.

Replacing a python service (searxng) by one written in rust? Count me in.

I mean … that’s basically how the internet works today. And even if you don’t “run” proprietary stuff on your end, their service as a whole is still proprietary. So it seems like a pointless battle, IMO.

I would rather ensure to use a browser where I trust its sandbox to properly isolate the shit it has to run inside.

But he said “proprietary software to run”, not to “setup” or “register” or whatever.

But as I said: once the DNS entries are set up, everything is routed directly to your machine. What runs there is completely in your hands. Same with VPS/root server: SSH is free. Pick the client you like.

I don’t know of a single registrar or hoster that I can’t run without libre software.

What exactly do you mean? Typically you go to a website, register the domain, setup payment and then setup the nameserver. No need to install anything on your end.

Same with hosting. You sign up, setup payment, order a machine (root or virtual) and then you get SSH credentials and are good to go.

Oh wow. Good to know! Thanks!

But the thing is: B2 is cheap for storage, but retrieval and traversal are very expensive. And if that happens transparently on the filesystem (because you accidentally run grep or the service in question regularly hashes the files or something), you would implicitly download everything stored. And IIRC retrieval costs ten times the storage costs… each time.)

What’s your use-case? What do you want to achieve?

Using blob storages as filesystems doesn’t work well and could - with B2’s pricing structure - became excessively expensive. Blob storages are designed for easily writing and reading individual blobs. Filesystems are designed for random access, listing, traversal, etc.

Sure? It certainly detracts bots that now don’t discover the SSH port anymore. Against a targeted attack it’s less useful, but that is a very hard problem in any case. If someone is out to get you specifically, it will be a tough battle.

It looks like docspell might even be heavier than paperless-ngx, given that I need to spin up at least 3 JVMs. Thanks for mentioning it anyway; don’t get me wrong. But my current quest is for a lightweight solution.

Current contender might be SeedDMS, but it’s a more generic DMS, not so much focused as paperless-ngx. I miss the gallery view, for example.

CryptPad might work. Most of the heavylifting is clientside.

I wish there is a Go alternative.

Exactly what I was wishing for. Or Rust. Don’t care. At least something that doesn’t eat resources for breakfast.

I actually contemplated starting such a thing. But before I dive into another project I likely don’t finish, I was hoping for something out-of-the-box.

It’s easier to share (so my wife can maintain and use the collection as well) and I am not locked into the apple eco system. Plus, I can then define different views and queries.