guess what, I know how these work. running 2 dozens of services over two machines, and as I said above, I use my own root certificate… that’s how I know that lots of apps have problems of varying severity with custom root certs! usage of user-installed certs is opt-in nowadays for smartphone apps, it’s not at all like on windows or linux.

you are telling how to do things. the whole thread has been about you telling us to rent a domain for certificates and stop complaining about it being the only viable way…

Sure, but you can’t access your home network anyway if your router is turned off…

of course but most routers won’t do anything like this. and by router I mean the all in one devices people have, not enterprise gear.

Asus routers, even my 15 year old tplink archer A7 could

with factory firmware?

the only router firmware I have seen be able to do that is openwrt, and maybe mikrotik’s. none of these are common though, but if you can do this then yes this is a pretty efficient solution

You can also generate your own certs and use your own ca.

I do this, with a custom root cert, but it has problems. some apps don’t accept it, some only accept it by totally disabling cert verification.

installation is also very cumbersome: you go to a weird, badly structured menu on your phone deep in the settings, and select the certificate from storage where apps could have had replaced it while you were navigating the menu.
it does not ask you for confirmation, does not show anything important about the cert, like its fingerprint you could use to quickly check its not been modified, any name constraints, validity period, etc. users cannot tell what that cert will grant its creator, because the system does not tell them anything so that they could decide, other than a generic “your connection may be monitored” message at all times. and when they refuse to install your cert, they are right, because this way it is very risky.

so please tell me “how to do things right”, or shut up if you can’t tell any useful info

Then VPN in, send a signal to the esp using one of various methods to tell it to send the packet.

this sounds like it requires another computer already turned on

yes you need if you want HTTPS that is accepted by the smartphone client apps of your services.

domains are a constant expense

we shouldn’t need to pay for a domain to be able to self host.

yes, I made a mistake when writing. I was hoping I edited it soon enough that nobody noticed

element call is still a separate thing, but I guess it’s better integrated now

element also has their own service for that, element call. that too can be used without login, or selfhosted

ps: I was wrong it’s not a fork, but a different thing doing the same and more

It’s this one: https://git.gammaspectra.live/git/go-away

the project name is a bit unfortunate to show for users, maybe change that if you will use it.

some known privacy services use it too, including the invidious at nadeko.net, so you can check there how it works. It’s one of the most popular inv servers so I guess it cannot be bad, and they use multiple kinds of checks for each visitor

there’s a fork that has non-js checks. I don’t remember the name but maybe that’s what should be made more known

its not beta anymore since 2.0

its not beta anymore since 2.0

its definetly not lossless, but it works quite efficiently

I am running the AIO and here it has the slowest webapp by a large margin, on desktop, laptop and phone

Take the ZFS plunge - My only real concern is the overhead

you shouldn’t worry about ZFS overhead if you are planning to use mergerfs.

you can tune the memory usage of ZFS significantly. by default it targets using half of your RAM, but on a home setup that’s wasting resources, you should be able to limit the arc cache to 1-2 GB, maybe somewhat more depending on how you want to use it. It’s done with sysctl or kernel parameters.

And the issues are locked so if something nefarious happens, discussion will only occur somewhere else instead of the repo

people shouldn’t count on that anyways because the repo owner can delete issues, comments, also edit them

and the code must be a replicable build by F-Droid’s internal apk signature copying process

that’s not a requirement. or was it already being built reproducibly?