As someone living in Russia, it indeed works to trick complex DPI systems. Unlike classic Wireguard, it works.

Alternatively, you can download Amnezia VPN client app on your phone or PC, and it has this amazing function where you provide the IP and root credentials, and it installs server software automatically.

Obviously, only use it when you don’t have other things running on your server.

Advantages:

• No need to install anything manually, just direct Amnezia VPN client to a blank Linux server or VPS
• You can install all sorts of protocols in this manner, not only AmneziaWG (which often fails in Russia, for example). Options include OpenVPN (basic and over Shadowsocks/Cloak), classic Wireguard, IPsec, Xray.

Disadvantages:

• It doesn’t show the SSH terminal as it goes installing things on your server and goes fully automatic, reducing user control and troubleshooting capabilities.

Sure, but it is way more convenient for many to tap the phone, and when there’s demand, there must be the supply.

After all, making privacy and security convenient is the number 1 issue in the adoption of good practices by regular users.

I think it’s rather about NFC-powered (i.e. “tap your phone”) payments. These are automatic, which comes with different security issues.

No worries, answer anytime :)

Since LXC works on top of the Linux kernel, anything that works with it can be easily used as an image. For example, you can just throw any distribution .iso into it, and it will handle it as a container image. Proxmox does all the interim magic.

Say, you want to make a container with programs running on Debian. You take the regular Debian .iso, the one you use to install Debian on bare metal or VM, feed it to Proxmox and tell it to make an LXC container out of it. You specify various parameters (for example, RAM quotas) and boom, you got a Debian LXC container.

Then you operate this container as a regular Debian installation: you can SSH/VNC into it and go from there. After you’ve done setting everything up, you can just use it, or export it and use somewhere else as well.

Proxmox can work with VMs and LXC containers.

When you need to always have resources reserved specifically for a given task, VMs are very handy. VM will always have access to the resources it needs, and can be used with any OS and any piece of software without any preparations and special images. Proxmox manages VMs in an efficient way, ensuring near-native performance.

When you want to run service in parallel with other with minimal resource usage on idle, you go with containers.

LXC containers are very efficient, more so than Docker, but limited to Linux images and software, as they share the kernel with the host. Proxmox allows you to manage LXC containers in a very straightforward way, as if they were standalone installations, while at the same time maintaining the rest behind the scenes.

What exactly is proxmox?

In layman terms, it’s a Debian-based distro that makes managing your virtual machines and lxc containers easier. Thanks to an advanced virtual interface, you can set up most things graphically, monitor and control your VMs and containers at a glance, and just generally take the pain away from managing it all.

It’s just so much better when you see everything important straight away.

As always, there’s a relevant XKCD:

https://xkcd.com/927/

Well, since intelligence is artificial, why not demand?

Afaik, you can set it up not to have any image, or have any other one.

We’re unlikely to see the grand price fall in the coming year. Can get a bit cheaper, though.

The expenses are mostly upfront though. I’ve spent like $400 on a relatively fancy NAS and two 3TB WD Red CMR drives five years ago, and since then, there was that.

Of course, depending on your use case, there could be extra expenses as well, some of them recurring:

• Bigger drives
• Backup storage (I already had a place I could back up to)
• Domain name and DNS records (if you expose it to the public Web with a URL; you can otherwise just use a VPN tunnel to access NAS from outside the home network, which is free unless you do anything fancy)
• Some kind of paid software (if you don’t enjoy the perfectly good collection of open-source apps)
• Etc.

Now, for the streaming alternative:

• Netflix Standard: $18/mo
• Spotify: $12/mo
• Total: $30/mo, or $360/yr. Just these two services alone.

Your NAS system will pay off in a little over a year (maybe two years if you go all in with huge drives, fancy NAS configs, extra expenses here and there), and it’s smooth sailing from there.

My unit works for 5 years already with no maintenance, is still fully supported by the manufacturer, and I don’t expect to replace it in a few more years.

Self-hosting allows you to have all your files on all your devices, like many have used to with the streaming services. Also, some smart TVs specifically require to connect to some server to grab movies from.

If you don’t need any of that, regular hard drive will suit you best.

I would argue either RAID 5 or ZFS RAIDz1 are inherently unsafe, since recovery would take a lot of read-write operations, and you better pray every one of 4 remaining drives will hold up well even after one clearly failed.

I’ve witnessed many people losing their data this way, even among prominent tech folks (looking at you, LTT).

RAID6/ZFS RAIDz2 is the way. Yes, you’re gonna lose quite a bit more space (leaving 24TB vs 32TB), but added reliability and peace of mind are priceless.

(And, in any case, make backups for anything critical! RAID is not a backup!)

Yay!

Yay!

Can’t it automatically be renewed?

F I N A L L Y

Now tell me it supports IPv6 and I’ll be the happiest man alive

I would be fairly comfortable running a direct WireGuard connection even without Tailscale, but my location and use case simply won’t allow me to.

Your setup is valid, nothing wrong with it, and yes, it is more secure. Just can’t be used in my case.

I mean any connection through these protocols is just not working over the Internet. DPI equipment detects respective packets and cuts the connection, irrespective of the port you assign.