This isn’t an option for op, they’re collaborating with others for work, so they can’t change the involvement of MS.

You didn’t really include any details about your current VPN setups, your subnets, your routing rules, etc for anyone to give you a useful answer.

They likely need to track changes, which look and act weird when using LO on ms docs.

1. A tool used by a state employer only wouldn’t need e2ee, since they hold all the servers.
2. The French government has long been trying to make encryption in use by its citizens inspectable by them (the French government)

I guess the point is, what’s the use of an open non corporate controlled linked in?

LinkedIn serves no other purpose but showing others how much you “play ball” and always has. So I suppose the answer is “nothing”.

I don’t really understand the rest of tour comment.

I mean… It would work fine to use ROS for this, and truly, my mikrotik devices are definitely hands-off except updates and few rule adjustments, but this isn’t really any different from a Linux box. You have about as much initial config in a hardened immutable box as this.

The other thing is that mikrotik code isn’t open, which might be an issue for some.

I want to add that I respect this approach, it just seems like about as much work as any other roll-your-own solution.

Lately? LinkedIn has always been that. Facebook for corporate douchbags.

Finally killed my Discord account and moved my monitoring notifications to a self-hosted ntfy server. Works well.

Very nice, checking out the changes now.

Fair enough.

I am trying to be careful not to disparage the technology, it’s not the tech, it’s the mad rush to AI everything that’s the problem. And in our space, it is causing folks who normally think critically to abandon basic security and stability concerns.

It wasn’t my intention to criticize your choice. Have a good one.

Jeez, i re-read my answer and I always come across more severe than I wanted.

It’s definitely a good milestone for someone potentially getting carried away with buying gear, if only to stop and figure out what one is trying to accomplish. And I say this as a person who worked in it for 25 yrs and has waaay too much gear.

Everyone keeps forgetting

No, I read it the first time.

They show you what commands it’s going to run.

When it works, sure.

I review everything it will do.

Then what, pray tell, is the point of the agent if you need to check its work each time?

I will point out how many posts, articles, and comments there are about how agents with this level of access have repeatedly and consistently failed to follow “safeguards”.

Ultimately, if you feel informed enough, by all means use it.

• Bot can write to file
• Bot can execute code

You honestly think there isn’t an issue with that?!

Not really. Think of FIM like tripwire but for more than just userland files accessible at run level 3.

This is neat, and I see that lots of folks are getting a good look at their laid out setup costs. However, you should stop using project management budget coding words. Also:

1. You are confusing roi with payback period.
2. There are intangible factors to consider like command of your data, control over security, etc.
3. Opex and capex are values used for fixed-term projects, they aren’t meant to quantify ongoing efforts past project outset.
4. Hardware is absolutely NOT a “one-time purchase”. If you are amortizing the cost of equipment, you must include projected failure rates, particularly for disks. Please refer to green-cycling.
5. Information projects are different than physical processing projects because they “expire”, meaning your i5-7200 is OK now, but will likely be nearly useless in 2030 when everyone is pretty much moved to 4k.

22. There are usually one or two of those that are just experimental and might get trashed.

only 1gbE

What needs more than 1gbe? Are you streaming 8k?

Sounds like you are your own worst enemy. Take a step back and think about how many of these projects are worth completing and which are just for fun and draw a line.

And automate. There are tools to help with this.

“tippon” is just a local POSIX mapping to whatever uid assigned that user, typically the first user beyond system users in Linux or Unix is 1000. So using “tippon” instead of uid=1000 won’t make a difference.

I’m looking forward to the changes to editing. I was happy to see the tools built in (just the simple crop/rotate/mirror), but then being prompted to save to gallery instead of just keeping it in immich was a dumb choice, it defeats the purpose of the edits altogether. Plus, the new image had new metadata?? Like I have to find the old pic, get the metadata, copy it to the new image upload new image and delete old image?? Wtf is the point of that?

Otherwise, immich works well. But man, the editing just isn’t thought out at all. Also no editing options in web ui, which baffles me.

Edit: It works! Finally real edits! Such a quality-of-life update.

I switched to using Radicale a year ago, and I use my android contacts app to add and maintain that info. CardDAV has enough fields for me to add.