BioMyth (He/Him)

Like others are saying, a simple fix to this is to setup the homeassistant machine for https & a self signed cert. Then on the Caddy machine you can configure the https to not verify the origin. That would make the communications more robust, but I think it is still vulnerable to MITM attacks.

Man I love Dungeon & Chill. Just great vibes.

While this is a risk, it is only a real risk if the system is already exploited for regular user access. Or if there is an untrustworthy user of the system. So for most, it is not a major concern.

I like the Kobo options a lot, I have a device from them that was the Kobo Aura HD from Ebay that was $50 dollars in great condition. Kobo has better support for loading whatever you want on it without any annoying issues and it is running linux under the hood and has a lot of expand-ability because of it. These days I use a kindle paperwhite 4 and honestly, it just isn’t as well thought out. It is waterproof & has a higher resolution display but I found the Kobo OS was faster & the device with buttons had a much better design overall. So, I wish I had gone for an up to date Kobo alternative when I upgraded. So, go Kobo, don’t look back, & get second hand if you want to save some $$$.

I have determined that foot is best for me personally, like alacritty and a couple others, it is very barebones. No tabs or anything like that without tmux. But it doesn’t rely on GPU acceleration and is just as fast (or faster) than my experience using GPU accelerated terminals. Easy to configure and since it doesn’t have the GPU requirements it works on old hardware like a dream. Only possible issue is that it is wayland only but since that is all I like to use it is perfect.

I find a lot like ghostty and wezterm try to include too many features. All I need a terminal emulator to be is a terminal emulator. But then a lot of these then add tabs, build in multiplexers & more and it is more bloated than I like a simple utility to be. Additionally, I don’t need native tabs as a lot I do in the terminal uses SSH so it is easier just to use tmux/zilji and not have to manage it as much.

This sounds like you want ideas to spin up a crypto pump & dump scheme tbh.

What does your compose file for CODE look like? It took me a while to get those environment variables set so it would work correctly.

Don’t worry about girls, don’t worry about showing it to girls. Go have fun with your friend and make some good memories doing something goofy.

Yes Yes I did, sorry! Collabora CODE server configuration in Caddy.

office.DOMAIN {
        @collabora {
                path /browser
                path /browser/*
                path /hosting/discovery
                path /hosting/capabilities
                path /loleaflet/*
                path /lool/*
                path /cool/*
        }
        @local-ip {
                remote_ip private_ranges
        }
        reverse_proxy @collabora https://nextcloud-office:9980/ {
                transport http {
                        tls_insecure_skip_verify
                }
        }
        reverse_proxy @local-ip nextcloud-office:9980 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

Nextcloud section, may look different from yours I use the FPM image but it should be similar, enough. There are also some limitations on the urls based on local vs public access but that is an attempt at hardening rather than necessary configurations.

nextcloud.DOMAIN {
        root * /var/www/html

        file_server

        php_fastcgi nextcloud:9000

        header {
                Strict-Transport-Security max-age=31536000;
        }

        @phpFiles {
                path_regexp phpfile ^/(remote|public|cron|core/ajax/update|status|ocs/v1|ocs/v2)\.php
        }

        rewrite @phpFiles {http.regexp.phpfile.0}

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        @local-ip {
                not remote_ip private_ranges
                path /settings/admin
                path /settings/admin/*
                path /settings/users
                path /settings/users/*
                path /settings/apps
                path /settings/apps/*
        }
        #respond @local-ip 404

        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }
        respond @forbidden 404
}

Then in nextcloud you just point it to the CODE server domain above & you even have tls securing the communication layer.

deleted by creator

I have! But I don’t have time to post it now. I’ll try to send an update in the morning.

Like others have noted, for signal do a backup using the built-in feature. Then wipe the apps storage to clear messages.

For SMS/MMS I have usedSMS Import/Export before to transfer that data between devices easily without any issues so it should work as well.

I would also make sure to enable the feature to disable USB when the screen is locked. Just in case you get TSA stopped & they take your device for any reason.

Wireguard could be helpful if you used a SSL terminating proxy in front of it but then you have to know the data format to parse it. So unless you are a researcher it is a long path ahead of you without any OOTB tools to do it for you.

Most cookies don’t store any data themselves. Instead it is a session/device token that tells googles servers what device is connecting and then they look up the data they have about you server side. Cookies can store more than that situationally but that is the most common use.

To get what data Google has on you check out Google takeout and you can get a “full” export of what data has been gathered.

It is amazing! A couple years ago I played through the Metroid series (not every game original/remake counted) and it was one of my top games. It did have one issue IMO, once you get the screw attack there is an expectation that you are familiar with how to use it, which as a new player, took me a very long time to get past. But other than that I loved my time with it & didn’t have any complaints!

As someone in a similar environment, there are others who care. It just isn’t worth the risk to my job & professional relationships to talk about. Most people who don’t care I won’t sway anyways and anyone who does care doesn’t need to talk to me. So, for the betterment of my family, I stay quiet at work. Outside of work though I’ll talk to my friends & anyone who will listen about the risks of the current regime.

Based on this added info I think it would be a major improvement. So I’d say go for it!

Honestly it largely depends on your main PC specs, but like you are hearing from others. It probably isn’t a good idea.

It is the largest reason. Storing the password is one thing but to make the device reasonable to use I would likely store the key’s in TPM with a backup key. I don’t think she would be technical enough to use the backup keys were something additional to happen.

BioMyth

I understand that giving the keys can partially solve the access problem. But she would still possibly be unable to use the device. Additionally, I don’t know that she would be capable of using the keys without additional assistance and we don’t have other techies in our community who could step up in that capacity.