Well to be frank, the fact that you’re asking this shows you haven’t really understood what makes something secure or insecure, or it isn’t as important to you as you claim. If you want your stuff to be secure, your phone is the only “thing” that generates the 2nd factor. Especially things that are critical shouldn’t have duplicate devices being able to also generate codes. If you do want to generate codes for less critical accounts somewhere else, you should register a 2nd TOTP generator with that service and use one each per other machine. That way, if something gets compromised, you can just revoke those devices preventing any damage without having to re-setup existing 2fa again for the devices that weren’t compromised.

Now aegis is Android only, like you said. It also has no way of syncing with another instance (by design). It’s local only, it can just do backups. Having it send the highly critical information anywhere kind of defeats the security-purpose of it being local only. It adds a whole communications protocol that has to be secured, and somehow you have to authenticate the other side and so on. This also probably doubles the complexity (or at least size of the codebase) for the project, which then makes audits harder et cetera. Aegis currently does one thing (generate TOTP codes), and does this very well and as secure as it can without compromises.

Now for an actual answer: Most password-managers can also generate TOTP codes, like KeePass or KeePassXC to name two open source ones. But it’s their secondary purpose, with the primary obviously being storing the passwords. I’m not going to get into the implications of storing a TOTP code generator secret together with the password of the account it protects, let’s just say there are some. Since the actual secrets are stored in a (secured) database, you can sync these between devices. Or you can just create multiple TOTP generators for a single service and keep them separate.

Or we circle back to something server based, like BitWarden, which is primarily a password manager but also does TOTP. It’s a commercial, server based solution that is free for individuals. I’m not sure what the current limitations are for those accounts, like number of entries or just who you can share stuff with and so on. There is a open source implementation of their protocol called VaultWarden, where you can self-host the back end and not rely on the company securing their servers properly (and/or not being collateral damage in a breach of some kind). Again, combining password + TOTP-storage in the same service that is accessible online should be done with considerable thought to how it’s secured, but you could use this to only store the 2fa aspect as well.

2a. No 2fa, so this is a reduction in my current security

That’s open to interpretation. Your current solution you thought was secure, but you used a service that as it turned out had bad security practices, which you just didn’t know (arguably couldn’t know). ANY online/cloud service that you don’t host yourself has this issue with being a black box of unkown quality. Any online service you do host has to be secured by you (or you need to trust that the base setup of that tool is “sufficiently secure”), and is in essence limited by your knowledge of the tool and technology used. Also if you’re reusing any passwords, anywhere, just stopping that practice is likely more secure in practice compared to 2fa in isolation.

2fa in general isn’t just plaing “better” than not having it, security is rarely this black and white. It also depends on what is allowed to be the “second factor”, and since yours included SMS, it really wasn’t secure at all (like others have also mentioned in this thread). And it depends on the password of course. For example if you use a really secure password (30+ characters), and don’t reuse it, it will in practice be more secure than a short(ish) password and a 2nd factor that allows SMS. Generally 2 factor is used as a term for 2 categorically different athentication methods: one thing you know (password, pin) and one thing you own (phone, physical device/key, or a file works too). The problem is that SMS doesn’t require your phone. It’s incredibly easy to get the SMS without having your phone (even easier with physical proximity) or flat out faking owning your phone number (dpends on a lot of factors how easy or hard that is in practice, doesn’t require physical proximity). Basically, if someone actively targets you and/or that account secured by SMS 2fa, it isn’t overly hard, but it’s good enough at preventing giving access through a data leak for example.

So, back to the security of “solution 2a”: how would someone get access to a long password you don’t use anywhere else, that isn’t written down anywhere (or nowhere accessible), and where you essentially never need to use/access the account in the first place? Nobody would even know that whole account exists unless you specifically tell them, let alone knowing how to get in. Note that this can also be combined with the concept in solution 4, so you’re then using it to only restore a single 2fa code. So that “safety net fallback account” very rarely needs to be updated with a newer Aegis-Backup, making it even more obscure/unknown. That 2fa code then lets you access your normal account and backups, and you restore the full suite of 2fa you need.

It boils down to this: local 2fa with a backup means you need to get access to a single file to securely restore full access to everything. That file can be transmitted insecurely (due to strong cryptography and hopefully a good password not used anywhere else), but I wouldn’t store it out in the open either. On the other hand, any cloud based solution is an inherent black box. You trust them to properly do things, and you only know they didn’t once it’s too late (like Authy). It also means they are, by nature of what they do (storing account access information), a target and if the attacker is successful, you’re the collateral without having been explicitly targeted. Maybe there are sevices out there that let third parties audit their security and publish the results, but I don’t know of any and it would probably increase the price by an prohibitive amount for most people.

Well I thought this was kinda obvious what I meant, but I guess not. What you say is a requirement (sms recovery of a cloud account) is just one of many solutions to your specific problem. I’ll just list off a few solutions below that involve neither SMS (the most insecure communication method in common use today) and only optionally a cloud account. For cimplicity sake I’ll stick to Aegis, where you can create password-protected local backups you can then put wherever you want. This password needs to be very strong for obvious reasons: I would recommend a long sentence (40 characters or more) that you can just remember, like a quote from a movie/tv show/book/poem or something, including normal punctuation as a sentence for example.

Solution 0: This is more of a trivial solution I wouldn’t actually recommend. You can allow account recovery via eMail and have your eMail not use 2fa, but a long/good password so you can login from memory (see above). This is probably more secure than SMS for the recovery-case, but less secure for the everyday use case of eMail, therefore “not recommended”.

Solution 1: USB Sticks are tiny, as in the size of a USB port (slightly longer but slimmer for USB-C). If you want to have a backup “on you”, I’m sure you can find a place where it wouldn’t get robbed with the phone/wallet. A tiny pocket somewhere, a string around your ankle, make a compartment in your shoe, or just have it with your luggage at the hotel. I’m sure you get the point. You get your new phone, you plug in the USB, you install Aegis and restore the backup.

Solution 2a: Dedicated “online” storage. This can be self hosted, or a free account of any cloud provider, but the important part is that it does NOT require 2FA and you do NOT use it for anything else. You have the backup in there. It also needs a very secure password (again: long, but easy to remember, no garbled letter nonsense), but obviously not the same as the Aegis-Backup. So you now need to remember 2 long passwords. You get your new phone, you log in, get the backup and proceed as usual.

Solution 2b: If not having 2FA is not an option for the solution above, you can have a friend/family store the 2FA on his phone. To log in, you go to the login page and enter your password (which your friend doesn’t need to know), and you ask him over the phone for the current 2FA-Code, which he tells you and you can log in, download the backup and proceed as above. I assume such a high security isn’t that critical, since you have been using something involving SMS. Restore then goes as per usual.

Solution 3: Store the whole backup with a friend and when you need it he just temporarily puts it somwhere you can access, and removes it again after. Since the backup is protected by a monster of a password, and the accessibility is temporary anyway, this isn’t security critical.

Solution 4: If you absolutely must, you can find a cloud-provider for 2FA, and use it only as the “first stage”. The only 2FA code in there is the one you need to get access to your main online storage/account where you then have your real Aegis-Backup and/or other files. Obviously this service would need to allow you to login without 2FA, and the usual password rules resulting fom that apply. You can just add the 2FA of your primary service to more than 1 app or service, or if it allows for this, you can generate multiple authenticators so you can also revoke them serperately if needed.

The point is you physically and locally back up the database. Put it on your computer, or a flash drive or whatever. You can set a different, longer password for backups, and I would recommend you do that. When you get your new phone, you just copy the database into it and load it into a freshly installed Aegis. You don’t even need to self host anything, there is nothing to host.

Not everything needs to be “in the cloud”. I think this event illustrates nicely why.

Yeah I was just so confused when I found out that this isn’t possible. Like, it’s a file hosting and sync-ing application. That’s like absolute basics. It isn’t even “just” an open source project any more, there’s a company behind this product now. I am the last person to be angry about an open source project, run by a volunteer or three, not being feature complete.

For what it’s worth I think it works in the iOS version of the app (possibly always has?). But that’s doesn’t exactly help me either.

The native Android client just can’t do two way sync. Just put a text file or something into any folder (from the web or desktop). Now sync that folder to Android. Now edit it on the web/desktop, and look for the changes on Android (without actively telling it to “sync”). Then change the file on Android, these 2nd changes are never sent back to the server unless you explicitly tell it to “sync” again, manually. That’s what I mean with 2 way sync.

There are quite a few files where you just need that to work to use them properly, like the database of a password manager as a prime example. Mine can talk to Nextcloud natively, so I don’t need the client for that, but I was incredibly close to just switching to syncthing, if I didn’t have active users that use the web office integration of Nextcloud.

I think the typical recommendation would be “the 100” (Link to GitHub). There are a few other projects like it. I think that should be a good starting point for a search though if that particular one is not your cup of tea.

We’re in the age of easily accessible, great quality hardware though. Just from a performance point, 3d printing will be worse in most respects comparatively (still “good enough” though if using a modem design). Look at a Voron V0 kit as an example (or one of the other printers for ants, if you’re looking for more complexity). Uses nothing but readily accessible parts, reasonably priced and incredible performance.

Nextcloud can’t do two-way sync on Android. At all. That’s like core functionality for the product IMHO and there’s a feature request open I think. When I found that out, I basically spit out my coffee. It’s fine if you just want to upload photos you take, that kinda works (but my god is it fragile).

Nextcloud is pretty good at quite a few things, including extensibility, but having some omissions in functionality that boggle the mind.

Any particular reason? That’s a 10 (ish) year old design. Outside of nostalgia or deliberately checking out designs from that era, I see very little reason to pick this as a project.

Another name, depending on the exact context, is “hairpin NAT”. Should make googling with the specific router OP has easier.

Since you’re specifically looking to replace OneNote, you might want to take a look at BookStack. It has similar organizational concepts, and I think it’s FOSS.

One small addendum/correction: I meant Stealth changer (which is based on Tap changer), but got the names confused.

Not trying to make the choice harder, but mailbox.org seems to fit into the choices as well (also hostesd in Germany). Also in terms of hosting in Switzerland, keep in mind that it’s not actually part of the EU, which is the primary/original source for many of the privacy laws you probably care about if you’re looking into these providers.

Because they don’t want you to host things at your house, even though that’s perfectly fine from a technical standpoint. They might want to sell you a “business” line for this, or they just don’t want the traffic (since at least in my area, traffic is always included in any home Internet connection).

I know this post is quite a few days old already, but I still wanted to add a bit to the discussion.

The printers you list vary wildly. Both in terms of design goals (“what is the printer meant to do well”) and assembly requirement (from “ready to print in 10 minutes” to “you build this for like a week until something moves”). A Qidi is basically ready to go, a Prusa will take some time to put together (how much depends on if you got it as a kit or fully assembled). A Voron 2.4 takes about a week to build just for the printer, not including ERCF and/or tool changer, let alone tuning of said ERCF/tool changer.

Also there’s the Troodon, which is a Formbot prebuilt that is closer to a real Voron 2.4 than a Sovol SV08, just to add to your list. It has a stock stealthburner tool head compared to the proprietary thing that Sovol uses, for example.

I’ve recently built a Voron 2.4r2 (Formbot kit) and loved it, but it was like my 4th printer (and a previous printer was a self-sourced scratch build). So do you have experience with 3d printers, and building them or tinkering with them? I would probably not recommend building one otherwise, but it’s not impossible either, just expect a relatively steep learning curve if you have no prior experience.

Do you want to mostly just print in colors but same filament ype, or do you want to mainly have multi-material capabilities? So do you need 5+, or would 2 colors with the option to expand work for you?

If the Voron is a real option for you, I’d highly recommend it. Just make sure you’re going with a can-bus based build/kit (like Formbot). These days I wouldn’t go with an ERCF due to the complexity of building it and then setting it up, as tuning is supposedly a bit of a process. Also you mentioned that the amount of waste during multi-color prints is a real factor for you, and that puts single-nozzle systems inherently at a disadvantage as you just have to purge the hotend on every change. So I would suggest a tool changing system, and I would either start with that (but just 2 tool heads), or add it as the first project. Specifically, I would suggest using the Tapchanger as a modern system. Frankly adding a tool head like that is much less effort than building an ERCF, but also just adds 1 filament each and not like 9 at once.

Without more information what exactly you want to do/learn, that’s kinda hard. Racing? Acrobatics? Micros/Woops (flying in your home/garage)? Drone as a cinematic camera (DJI-style) or faster camera work (chasing motocross riders for video for example)?

Also specific recommendations for hardware heavily depend on this and just personal preference, and what else you might want to do with the radio and/or video equipment. As an introduction and overview, like someone else has already commented, check out Joshua Bardewell on youtube. He literally makes everything from introduction, basic tutorial, to advanced guides and deep dives into anything drone-related as his full time job.

All of the OpenTX/EdgeTX radios work on Linux as a controller, and generally most radios that support this probably will, because they just appear as a joystick (HID profile). There are also ways of connecting them other than just plugging the radio into usb and selecting “controller mode”, but even those usually result in a joystick device I think? So which radio in particular mostly depends on what kind of drone you want to fly, if you want to fly other things (plane, helicopter, scale models), or drive other things (cars/boats/crawling/scale models). Also ergonomics (size of hands, similar to a classic radio or similar to a game controller?) and just personal preference, mostly.

As for the Sim, I think Liftoff has a native Linux port, but these days most of the sims should just work anyway with the recent developments of valve for the steamdeck.

No matter which kind you pick, you always start with a simulator unless you have more money than sense. There are free ones, and good ones aren’t expensive either. Radios these days can just be plugged into a computer so you’re using your actual controller for the simulator, too.

Very short answer: Get any of the opentx/edgetx transmitters (like radiomaster, jumper). go for expressLRS as a protocol for transmitter/receivers (2.4g). The default firmware for flying yourself is betaflight (racing, acro, some camera drones like cinewhoops). If you want the drone to fly itself (gps missions) it’s probably ardupilot, but check legality in your area first. I have no direct recommendation for video for you, sorry.

Of course they can interact with it just fine, look at “sponsorblock” plug-in. It would also solve this problem completely. It already exists and works well, it just isn’t “AI” nonsense.