Apologies for the delay. On the VPN termination point, you have to set the allowed IP addresses. On the case of a client, a /32 is enough. It means that only this IP would be receiving responses. A client with a different IP address would be able to inly send packets, not to get any back, thus not able to get a TCP session. I think it is enough and rhat no additional FW rule is needed.

Is Termux still up to date? I thought it wasn’t available on android anymore. Is it on something else?

You don’t really need forwarding as you don’t need NAT here.

A part of the filtering can be done by wireguard by setting the allowed IPs correctly. Just check if only one service is listening on the server port you’ll allow.

Now a question: all without tls right? ;)

Same situation here. But Signal is a solution (if you can’t self-host nor convince your friends to use something whatsapp-y).

And there’s no encryption at rest so you can do it yourself.

Give me your threat model so I can laugh. You have no idea of what being secure is. Thank you for being yet another troll.

You wrote “you people”. You exclude yourself with some controversial headline. I stopped reading.

🫂

Which country is it?

This is my point: if you can’t afford a server powerful enough then don’t use an AI.

If you can’t afford a server but use an AI you have to accept some compromises. One of those is to be spied on. The true question isn’t to use AI but to accept to be heard, recorded, analysed, and perhaps used against you.

A start-up is a company which hopes to be bought by a bigger one. To be bought at the higher price, they need to have something a big company would like to have. Like data. Especially since those companies are cutting corners to reach the market and survive.

Some aren’t bought but it’s not the majority.

Our trademarks include Andi™, “Search for the Next Generation”™, GenAI™, “Generative AI Search”™, “Andi - Next Generation Search”™, Andi Search™, AndiSearch™ and LazyWeb™, “Deep Answers”™, “Social Search Engine™”, “Andi - Radically better search”™, and “Andi - What are you looking for?”™

Seriously?

The only private AI is self-hosted.

I wouldn’t check that high level before asking which hoster they use.

I trust Europ but not AWS, GCP, and Azure less.

People missed those are warnings. They have no imagination so they took those as advices or even manuals. In a sense, they learnt.

With this logic, any country could be reduced to its leader. The reality is less manichean.

By the state, not by the nation.

I use Shelter to enable the work profile. It permits to copy apps between standard and work profile. So it is possible to have google services (with an account set I mean) in the work profile.

Apps like for Banks can’t be copied though. But most of the others can.

I thought I would be the only one to try this. Would you share more details on your setup? I am interested because to me Wireguard is in the kernel so how could it be in a container.

There’s another challenge available, without javascript.

I would add that you can run kubectl apply on directories and/or have multiple yaml structure in the same taml file (separated with —, it’s a yaml standard).

The source I assume: challenges/metarefresh.