• 0 Posts
  • 16 Comments
Joined 9 months ago
cake
Cake day: October 17th, 2025

help-circle
  • You’ve made a great start. How much further you go depends on your needs and threat model.

    Rsync is ok as a start but there are dedicated backup tools that will give you access to your files at any point in time. This is important if you delete a file and later need it back after an rsync has already run and deleted it remotely too.

    Rsync will not encrypt your backups. If a burglar takes your Pi will they have easy access to all your files too?

    With rsync+ssh you are also vulnerable to either yourself (more likely) or a rogue process on your own machine deleting the files over ssh (e.g. ransomware attack).

    The answer to that is append-only backups. A backup tool like restic has a backend you can host that does exactly this:

    The --append-only mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.

    https://github.com/restic/rest-server

    Take a look at restic to see what else you gain from switching to a dedicated tool versus rsync:

    https://github.com/restic/restic#design-principles

    There are others too such as borg.







  • I’m not familiar with Pikapods but Monica v4 has trouble with notifications. First you need to ensure it’s been configured right to even send a test email, this can be triggered with a command if you have access:

    php artisan monica:test-email

    Various Monica environment variables must be set to configure this, it should be in the docs somewhere if not I can fish my config out for you.

    Even once that’s working you’ll need Monica to run its regular jobs for sending notifications, there’s config for that too. Finally the code has bugs and will often miss reminders in my experience. There are some open bugs still on this and I guess the devs have moved onto their rewritten version (chandler):

    https://github.com/monicahq/monica/issues/5681





  • I think you are absolutely right to examine whether your system defaults to too much convenience versus security for your threat model. For GNOME keyring:

    Any application can easily read any secret if the keyring is unlocked. And, if a user is logged in, then the login/default collection is unlocked. Available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used by default and would be easy to bypass anyway.

    The GNOME project disagrees with this vulnerability report because, according to their stated security model, untrusted applications must not be allowed to communicate with the secret service.

    Applications sandboxed via Flatpak only have filtered access to the session bus.

    https://wiki.archlinux.org/title/GNOME/Keyring#Security

    So while flatpaks that play the game are ok everything else is on trust. For the average user perhaps this is the right balance, though your Signal example suggests it’s too lax for anyone nowadays.

    I would like to see system secrets protected however they are accessed, not just for flatpaks.



  • Have you tried stomach massage? It can help. If he’s spending time sitting on the toilet anyway maybe try a massage instead. Might also help diffuse any mental anxiety/pressure about toileting by adding something new. Could take time and effort to have an effect so approach with patience.

    Also I assume your paediatrician has mentioned the usual things that can help: hydration, walking, fiber. Small changes can add up.




  • The danger being raised with the licensing is that you can’t license something if you’re not considered to be the author. There are growing examples of courts and lawmakers determining AI output to be public domain:

    The US Supreme Court recently refused to reconsider Thaler v. Perlmutter, in which the plaintiff sought to overturn a lower court decision that he could not copyright an AI-generated image. This is an area of ongoing concern among the defenders of copyleft because many open source projects incorporate some level of AI assistance. It’s unclear how much AI involvement in coding would dilute the human contribution to the extent that a court would disallow a copyright claim.

    https://www.theregister.com/2026/03/06/ai_kills_software_licensing/

    This is an evolving, global situation and hard to know what to do right now. I think what you’ve got is fine though - you’ve made it clear your intention is to license with AGPL. It’s just that depending on the jurisdiction it might be public domain instead.

    This is another reason to be clear about the use of AI in the README so your users can make an informed decision.