From IPv6.rs FAQs I get the impression that they only provide IPv6 route through their tunnel. I think self-hosting something only reachable via IPv6 would cause you trouble accessing it in IPv4 only networks - which are still far more common compared to IPv6.

Hurricane Electric provides such IPv6 over IPv4 tunnel facility with /48 block routed to your network. I’ve only used this service for testing my IPv6 knowledge, so performance-wise I’m not sure how good it is. Thus, if IPv6.rs provides a significant performance over the HE-TunnelBroker, then I’d suggest you go with IPv6.rs given a decent price for the service.

If you are considering a simple to set-up tunnel utility for your self-hosting applications, I’d suggest you consider other tunneling options which have both IPv4 and IPv6 capabilities. Some widely used ones are Cloudflare Tunnel and Ngrok. You may also use Tailscale to connect both server and client via VPN. Using Cloudflare or Ngrok would involve some privacy concerns, as they can see the traffic passing through the tunnels in plain text.

E: better words substitution

Few things which makes achieving reproducible/deterministic builds hard are - timestamps of generated/compiled files, continuously updating versions of build tools(+support libraries), output binary difference compiled across different OS.

We can use docker based build system for this, but it would require very carefully configured Dockerfile to keep the build tools+libraries on specific version. And if we do a pre-built Docker Image, then the Reproducibility of that Docker Image has to be proven first. It is indeed a difficult task, but not an impossible one. With F-Droid providing a sound framework for reproducible build generation, I believe we would have majority of large Android Apps reproducible in next few years.

Just a reminder that even though the tunnel itself is encrypted, the whole connection is not E2E encrypted between your remote client and the server. Cloudflare as a CDN/PoP provider can see the traffic in plaintext.

In all other aspects, this is a great solution, as we even get to use the edge caching(over top of all others mentioned above) facility - which further reduces the requests to origin server.

I’m a web-app developer myself. So I don’t mind configuring things if needed. I can opt to configure if it meets my goals better. I’d check out nagios. :))

Not as part of core GrapheneOS, but an app called “Private Lock” can detect sudden force via accelerometer and disable the fingerprint based unlocking for next unlock.

But yeah, an erase passcode feature with opening a decoy profile would be a great feature to have.

E: grammar

Simple Mobile Tools the company behind Simple Apps has been bought by ZipoApps. The repo is no longer maintained by original developers, and it is speculated that ZipoApps would soon introduce advertisements in the Simple Apps.

A fork of SimpleApps is continued as Fossify Apps.

+1 for recommending Fossify over ‘SimpleApps’

Extending the reply for ‘Sandboxed Play Store … F-Droid … Aurora Store’ -

1. In case of Sandboxed Play Store - we’d need to login via a Google account in order to be able to download apps. Also, when we allow network access to the Play Store, it may send device info, app downloaded, updated etc related telemetry to Google. Also expect the promoted apps/games ads in the Play Store home screen.
2. In case of Aurora Store - we can use it via Anonymous User or we can supply our own Google Account. Aurora Store just uses the credentials to download apps from Google Play, but other telemetry is limited compared to Play Store.
3. In case of F-Droid store - It mostly hosts open-source Apps. And has cautions whenever an app uses proprieray libraries, code or needs access to specific network(eg - Telegram FOSS needs Telegram Servers access to function) in order to work.

I’d recommend you have both - F-Droid and Aurora Store. If you need to access the Play Store subscriptions, then you’d need to install Play Store as well.