Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?

No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.

At least for some laptops, you cannot just remove the battery. If the battery is removed, the performance may be throttled. This is true of very old MacBooks.

Of course I understand the EO perfectly.

Why 7 days? It should be illegal for them to have the data in the first place, especially in the EU where they have better ways of doing age verification. There are situations where the law says that you need to verify somebody’s identity, and age checking should not be one of them.

In the US, most IPSs have remote access to your modem as well, even if you purchased it yourself from a store unaffiliated with your ISP.

If there was another 9/11, Trump wouldn’t be able to decide whether it was bad because America was attacked or good because he doesn’t like New York City.

Not all of the American children will be brown, but they’re probably poor and they will be praised for their bravery so people don’t feel as bad,

The Epstein files are the distraction. The United States government, particularly but not exclusively Trump and his appointees, is committing a new crime every week but everyone keeps going back to the probable suspicion that Trump was involved in the sexual abuse of minors years ago. There is no way that Trump will be removed from office because of the Epstein files when the Department of Justice is running an illegal coverup for him. Complaining that the DOJ is withholding files that probably exist about something that Trump probably did is too abstract for anything to happen in Congress. Get them out for the recent crimes that aren’t just probablies first and then talk about the Epstein files when over half of the government isn’t trying to cover them up.

Enabling SSH password authentication is unnecessary and not a good idea, especially if your temporary passwords are simple. I haven’t used Hetzner but there is probably a way to upload a file or to paste into the console, or else if you fix your keyboard you could at least type a URL to download the public key from the internet. You may want to look into cloud-init instead of manually installing and configuring your VMs.

LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.

This is only technically true. He’s found a loophole where he makes an obviously illegal order, and that order is in effect for months before it is struck down, and then he can just make a new order like he’s doing right now with tariffs. He keeps getting away with it because the legislative branch is complicit.

What happens if he declares that to prevent voter fraud, voters need to prove eligibility in a way that prevents poor people, or people who have changed names, or people who live in a home owned by somebody else, or nationalized citizens, or people living in selectively restricted voting districts, or people who have a skin tone inaccurately recognized by specifically choosen facial recognition software, or people who are “accidentally” detected to be inactive voters, or people who are just afraid of being disappeared by ICE from voting, and it is enforced long enough to impact the election? Will he finally be thrown out of office before the election? If not, will the people illegally prevented from voting have their votes counted after the order is struck down? Would those people be able to vote before some other illegal order goes into effect or would elections and their results be constantly delayed?

curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.

This is great for the shareholders.

If you’re running insecure services, you can restrict them to be accessible by vpn. I have a mix of internet accessible and vpn accessible services using the tailscale nginx plugin.

If you want to send all your traffic over a vpn, you will either need to route all your traffic through your own vpn or use some sort of multiplexed vpn. tailscale can do this with mullvad, but it’s not yet possible with headscale.

That’s 182.5k a year. They’d need to be making several times the average US lawyer salary to shrug that off. Most lawyers don’t make that much money post taxes.

If you’re suspected of drug trafficking and not a donor, it’s a drone strike. If you’re convicted of drug trafficking and a donor or potential donor, it’s a free pass.

Kubernetes is much more complicated and powerful than Docker, and Docker Compose is more similar to the way you work directly with Kubernetes than it is to Helm, which adds in a templating system. Basically, from a Docker perspective, Helm allows you to configure your compose file, but not just by substituting variables. Helm can make structural changes such as completely adding or removing sections based on the variables used when loading the chart. The output of Helm is YAML, sort of like a compose file.

Kubernetes has a much more complicated system for describing workloads and their resources than Docker Compose, and it is extensible. For example, if you are running on AWS you can have Kubernetes attach EBS volumes to your pods, or if you’re on bare metal you might use LVM, and it’s not limited to things that Kubernetes natively understands like storage volumes: Cert Manager is a common piece of software that is deployed into Kubernetes that takes care of issuing and renewing TLS certificates for other software in Kubernetes.

I used to run Kubernetes at home with ArgoCD, but I’ve moved on to NixOS instead. NixOS is less powerful because it doesn’t have dynamic workload scheduling, but I don’t actually need dynamic workload scheduling or all the configuration necessary to facilitate dynamic workload scheduling in my house, and Nix is much nicer to work with than Helm’s gotmpl templating. Unless you like this kind of stuff or want to get into Kubernetes, you probably want to avoid it for running a few things on one host.

Helm is what is used for real world software deployments. It has its problems but it’s better than Docker Compose.

Just be careful with SD cards if you’re using SBCs. Home Assistant does a lot of writing and if your SD card can’t handle repeated writes you may suddenly lose everything. Keep backups to another device and have a replacement SD card ready if extended downtime is going to be a problem for you.

I have 1 podman container on NixOS because some obscure software has a packaging problem with ffmpeg and the NixOS maintainers removed it. docker: command not found

Quarto and Docusaurus are for documentation. You may be looking for a more general static site generator like 11ty.