I’ve never heard of anything working that way. The preferred algorithm is RFC 8305 “Happy Eyeballs,” which uses whichever network responds first. Even if your clients prefer IPv4, having IPv6 available allows you to access some resources that are not available over IPv4.
Matter uses IPv6 but it does not require you to have IPv6 internet. As long as the router isn’t blocking IPv6 router advertisements and IPv6 traffic between devices in your LAN you should be okay.
Would the MacBook Pro or rpi4 with a second Ethernet nic running a firewall before the routers also fix the issue of not getting security updates?
No. For most routers, this provides no additional protection to the router. Your router should not be accepting connections from the WAN side that would be blocked by the firewall, but consumer routers almost always initiate connections to the WAN side, indistinguishable from normal client traffic to your firewall, and accept connections from the LAN side, invisible to your firewall. If the firewall blocks all incoming requests, it would create problems for UPNP, effectively giving you CGNAT, even if the firewall does not perform address translation.
The education system has been killing critical thinking for decades. Why start trying to save it now?
Enabling SSH password authentication is unnecessary and not a good idea, especially if your temporary passwords are simple. I haven’t used Hetzner but there is probably a way to upload a file or to paste into the console, or else if you fix your keyboard you could at least type a URL to download the public key from the internet. You may want to look into cloud-init instead of manually installing and configuring your VMs.
LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.
curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.
If you’re running insecure services, you can restrict them to be accessible by vpn. I have a mix of internet accessible and vpn accessible services using the tailscale nginx plugin.
If you want to send all your traffic over a vpn, you will either need to route all your traffic through your own vpn or use some sort of multiplexed vpn. tailscale can do this with mullvad, but it’s not yet possible with headscale.
Helm is what is used for real world software deployments. It has its problems but it’s better than Docker Compose.
Just be careful with SD cards if you’re using SBCs. Home Assistant does a lot of writing and if your SD card can’t handle repeated writes you may suddenly lose everything. Keep backups to another device and have a replacement SD card ready if extended downtime is going to be a problem for you.
In old computers, CD audio worked by physically connecting an audio cable between the optical drive and the sound card. PC emulators can emulate this, but it’s more complicated for CD emulators running on a real computer.
Quarto and Docusaurus are for documentation. You may be looking for a more general static site generator like 11ty.
Wireguard normally runs with higher than root privileges as part of the kernel, outside of any container namespaces. If you’re running some sort of Wireguard administration service you might be able to restrict its capabilities, but that isn’t Wireguard. Most of my devices are running Wireguard managed by tailscaled running as root, and some are running additional, fixed Wireguard tunnels without a persistent management service.
Are you looking for a VPN or are you looking for an IPv6 tunnel broker like Hurricane Electric?
Would Wine be better with Microsoft working on it? The frequency and severity of regressions in Windows has been increasing for years now. Maybe for Wine to be a more accurate representation of Windows 11 it needs more bugs and less functionality. The Windows team is good at that.
You can use OpenEBS to provision and manage LVM volumes. Host path requires you to manually manage the host paths.
That sounds like build automation. You can use some Git forge software.
It’s not even good. It’s just scripts for some starter Arch rice, not a serious distro.
Some Unity games may be launched with a parameter that causes them to execute arbitrary code. It seems like it only makes sense on Android. Windows and Linux games can normally only be launched by a process with the same or greater privileges than the process being created, but on Android you can elevate privileges by invoking another app. In practical terms, another app can access the save data of your mobile games.
There was also something about games that register to be launchable directly from a webpage, which would allow web sites to escape the browser sandbox, but it didn’t sound likely.
This problem has nothing to do with NPM. Checkmarx was compromised last month, and during that compromise there were malicious VS Code extensions published to Visual Studio Code Marketplace. A Bitwarden developer says that somebody ran one of those malicious extensions, and GitHub API keys were stolen which were used in publishing the malicious CLI package.
It’s probably better that it happened on NPM. If the CLI were only downloadable from the Bitwarden website, it would have likely taken longer for somebody to notice something was wrong.