No shit, the most left-wing politician in the US would be considered a far-right fascist dictator in Europe.

In the US there’s no left, because left would imply socialism that eventually lead to communism and that goes against the ideia of America, the American dream, the constitution etc. The entire country was built and maintained on the ideia of being against any form of communism.

They forgot the part where margins should be included on things… once again.

This has nothing to do with people… we’re talking about leftist govts that want to track what people own and what money is moved around in order to tax people more.

That looks like a DDoS, for instance that doesn’t ever happen on my ISP as they have some kind of DDoS protection running akin to what we would see on a decent cloud provider. Not sure of what tech they’re using, but there’s for certainly some kind of rate limiting there.

3. Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;

In my case I can simply have a bridged setup where my Internet router get’s one public IP and the exposed services get another / different public IP. If there’s ever a DDoS, the server might be hammered with request and go down but unless they exhaust my full bandwidth my home network won’t be affected.

Another advantage of having a bridged setup with multiple IPs is that when there’s a DDoS/bruteforce then your router won’t have to process all the requests coming in, they’ll get dispatched directly to your server without wasting your router’s CPU.

As we can see this thing about exposing IPs depends on very specific implementation detail of your ISP or your setup so… it may or may not be dangerous.

Oh well, If you think you’re good with Docker go ahead use it, it does work but has its own dark side…

cause its like a micro Linux you can reliably bring up and take down on demand

If that’s what you’re looking for maybe a look Incus/LXD/LXC or systemd-nspawn will be interesting for you.

I hope the rest can help you have a more secure setup. :)

Another thing that you can consider is: instead of exposing your services directly to the internet use a VPS a tunnel / reverse proxy for your local services. This way only the VPS IP will be exposed to the public (and will be a static and stable IP) and nobody can access the services directly.

client —> VPS —> local server

The TL;DR is installing a Wireguard “server” on the VPS and then have your local server connect to it. Then set something like nginx on the VPS to accept traffic on port 80/443 and forward to whatever you’ve running on the home server through the tunnel.

I personally don’t think there’s much risk with exposing your home IP as part of your self hosting but some people do. It also depends on what protection your ISP may offer and how likely do you think a DDoS attack is. If you ISP provides you with a dynamic IP it may not even matter as a simple router reboot should give you a new IP.

It depends on what you’re self-hosting and If you want / need it exposed to the Internet or not. When it comes to software the hype is currently setup a minimal Linux box (old computer, NAS, Raspberry Pi) and then install everything using Docker containers. I don’t like this Docker trend because it 1) leads you towards a dependence on property repositories and 2) robs you from the experience of learning Linux (more here) but I it does lower the bar to newcomers and let’s you setup something really fast. In my opinion you should be very skeptical about everything that is “sold to the masses”, just go with a simple Debian system (command line only) SSH into it and install what you really need, take your time to learn Linux and whatnot.

Strictly speaking about security: if we’re talking about LAN only things are easy and you don’t have much to worry about as everything will be inside your network thus protected by your router’s NAT/Firewall.

For internet facing services your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as https://freedns.afraid.org/.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service https://freedns.afraid.org/ and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need remote access to;
3. Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
4. If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
5. Configure your ISP router to assign a static local IP to the server and port forward what’s supposed to be exposed to the internet to the server;
6. Only expose required services (nginx, game server, program x) to the Internet us. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
7. Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
8. Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
9. Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
10. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard or required services port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
11. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connections from your country and more details here.

Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. Here a decent setup guide and you might use this GUI to add/remove clients easily.

Don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare tunnels and how to setup and alternative / more private solution.

Note: iptables is “deprecated” you should be using nftables. Even Debian is on nftables nowadays.

“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made yet another non-standard implementation of something that already existed, this time a crypto wallet." :)

This is a cool board indeed, and it has proper documentation and schemtics unlike the Wemos ESP-Wroom-02 D1 Mini.

Welcome to the communist Europe! This is what the friendly left got us.

I’m certain that the market isn’t eagerly waiting, with bated breath, to purchase x86 SBCs just because GPIO is included in the package.

Some industries are. Those ARM CPUs are unable to pass most harsh compliance tests and GPIOs on the industry are expensive and not as practical as they could be with a SBC. Right now the industry depends on very closed solutions that are a hard and expensive to deal with, or in big x86 machines with FTDI bridges for I/O.

Even if the SBCs can only serve a very small fraction of professional users during COVID we saw what happened to the stocks and that the Pi guys had to prioritize those markets.

Hobbyist users of SBCs are just the testing ground and initially the way to make it popular, the industry has the real numbers and scale but you can’t just enter that market as easy.

You may also want to read this: https://lemmy.world/comment/11259594

Sounds like less of a tax problem and more of a things are to expensive problem.

I believe it’s both problems… because 40% of your income in taxes it a lot, if that value was around 20% people would be able to live much better.

Or government needs to regulate more problem and you have corrupt politicians.

Yes, a lot of corrupt politicians.

All these companies are profitable right? Then they can pay more.

Most of them (at least on energy, transportation, basic utilities, etc.) where public companies that got privatized because they went into debt and the govt couldn’t manage the abyss anymore. Those companies may show some profits and usually pay a bit over the average eg. so you may get to the 30k range if you’ve a masters engineering degree or something higher education but not much else.

Even at that level it’s kind of hard, if you pay an employee 2.5k/month gross he will get a net of 1.9k/month. if you scale to 3k/month gross = 2.1k/month net. As you can see it’s hard to increase wages because you get run over by taxes. Bigger companies usually get around this by renting cars for employees and giving our a few other benefits that while may be helpful completely hinder the ability for families to grow and save some money.

When you’re required to pay an extra 500€/month so the employee gets just an extra 200€ you’ve to go get that money from somewhere and somewhere is the market… so prices raise and people can’t afford the stuff they need etc. etc.

Meanwhile the majority of the population works for small companies that are barely surviving drowning in debt and trying to comply with all the stupid legal requirements in place. People here make way less and work more overtime.

Let me give you an example of how pathetic things are: there aren’t many houses however there’s a lot of space to build but building is expensive because you’ve to get a bunch of licenses and fulfill a lot of requirements.

One of those is you’ve to submit a project for a gas boiler and stove even if you don’t plan to install and use those. Even more ridiculous, if the place where you’re building doesn’t have the public infrastructure to deliver natural gas to you then you’re still required to deliver. A project like this may add 10-20k to your total cost for no reason and without it you won’t be allowed to build the house.

10k seems small on a house but if you start pilling bullshit requirements like that you’ll reach 50k or more in useless stuff. You also have construction permits and whatnot.

Paid health care is way worse. (…) Most articles say Portugal healthcare is better or on par with America’s system for patient outcomes.

It may be but at the same time since COVID our healthcare has been a total mess. Waiting lists are crazy, sometimes you can’t get simple tetanus vaccines or you can’t get healthcare unless it’s something really urgent because there aren’t any doctor to attend you on a regular basis.

Have a look at this https://www.theportugalnews.com/news/2022-05-03/hospital-waiting-times-concerning-portuguese/66794 and https://www.statista.com/statistics/1477807/portugal-waiting-time-by-medical-specialty/. When you’ve to wait 120 days for a cardiology consultation you’ll most likely die in the meantime. There are a lot of cases of people waiting months or even years for simple surgeries.

A guaranteed pension is super strong versus a retirement plan that is in the stock market because a crash could wipe out the whole fund.

Well the thing is that we don’t really know how guaranteed it will be and what values we will be talking about in a few years. Maybe minimum wage for everyone independently of the money you payed each month of your working life - it’s looking a lot like that and that’s not fair at all.

Lastly why isn’t the rich not paying more in salaries and why isn’t money more equitable In Portugal?

Because it’s hard for most companies to pay employees 30k or more. Consider this, for a 30k income the employee will pay 37-43% income tax + 11% social security, then the employer pays another 11% among other useless crap and legal compliance stuff.

To be fair if you look at millionaires in Portugal the biggest majority came from somewhere else. It’s really hard to make money in these economic context, people have almost no disposable income it’s a race to the bottom in every market, large monopolies rule over sectors backed by corrupt politicians.

The country needs more entrepreneurs and businessman but they can’t survive the corporate taxes, crazy interests on loans and all the crazy regulations put in place to gatekeep new companies from the market.

Sublime Text is much faster to use a quick editor and IntelliJ is much better as a full featured IDE and totally worth the cost. IntelliJ saves me on a ton of time on merge conflicts, it much faster in large projects, code analysis to find unused stuff and issues is better… VSCode can handle merges but it requires extensions and isn’t as good / you’ll have do to more manual work.

but 31k isn’t a livable salary in the country by my metrics that being said (…) Even if you made 31k with 0 tax I don’t see how that would be livable

Yeah it isn’t.

still not worth breaking tax system because idk what other welfare you all have but losing free health care would make your country worse off

Probably not, but you’re still assuming that the “free healthcare” works while in fact it doesn’t.

other welfare you all have

You pay an extra 11% of your income for social security that will give you a retirement pension (assuming the fund doesn’t go bankrupt), unemployment protection (around minimum wage for a period of time) and that’s about it.

Is there a use case for CrowdStrike on any platform? No, there isn’t. Anything that messes with the kernel at that level should be considered a security threat on the basis of potential service disruption / threat to business continuity. Do you really want to run a closed source piece of malware as a kernel module?

They completely fuck over their customers in the business continuity aspect, they become the problem and I bet that most companies would never suffer any catastrophic failure this bad if they didn’t run their software at all. No hacker would be able to take down so many systems so fast and so hard.

I guess this was your source: https://taxsummaries.pwc.com/portugal/individual/taxes-on-personal-income

It’s a good read for all non-Portuguese people and also because there’s already an extra tax for the ultra-rich:

Additional solidarity rate In 2024, an additional solidarity rate, which varies between 2.5% and 5%, applies to taxpayers with a taxable income exceeding EUR 80,000 and EUR 250,000, respectively.

Yeah and then a 1 bedroom flat will cost you around 1200€/month. So… it’s no longer about being rich but about being able to afford housing and food on a 27k salary.

Me too, but we’re not the majority.