Yes. DMZ on router 1 exposes router 2 IP to internet.

No, this is all happening in the browser, there are no other image manipulation tools being called.

I just tested the new release. Consider defaulting PNGs to convert to JPEGs unless they have a PNG-specific feature like transparency. Lots of screenshots are initially PNGs, but not because they need any PNG-specific features. Consider: In a test screenshot, it compressed 3.4% with the default 80% setting and PNG->PNG, but for PNG->JPG, it compressed 84.6%.

MCP sounds like a standardized way for AI clients to connect to data sources, the Model Context Protocol.

https://www.anthropic.com/news/model-context-protocol

It sounds like it may compete some with Google’s A2A protocol, which is for AI agent to agent communication.

Both share the same goal of making services easier for AI to consume.

Do you have a source to cite for the literal 99%?

The top-rated answer to this question on the Security StackExhange is “not really”. https://security.stackexchange.com/questions/189726/does-it-improve-security-to-use-obscure-port-numbers

On Serverfault, the top answer is that random SSH ports provide “no serious defense” https://serverfault.com/questions/316516/does-changing-default-port-number-actually-increase-security

Or the answer here, highlighting that scanners check a whole range ports and all the pitfalls of changing the port. Concluding: “Often times it is simply easier to just configure your firewall to only allow access to 22 from specific hosts, as opposed to the whole Internet.” https://security.stackexchange.com/questions/32308/should-i-change-the-default-ssh-port-on-linux-servers

Using a nonstandard port doesn’t get you much, especially popular nonstandard ports like 2222.

I used that port once and just as much junk traffic and ultimately regretted bothering.

I’m glad to have some competition for the Frost Oven Squoosh, which is being lightly maintained. I opened some issues in the Mazanoke issue tracker for some features to consider.

One feature I started on for that project but got stuck on was implementing a STDIN / STDOUT CLI workflow.

https://github.com/frostoven/Squoosh-with-CLI/issues/10

As I said there, the goal was a workflow where I take a screenshot, annotate it, optimize it, copy it and paste it into my blog… without creating any intermediate temp files.

At least on Linux, all the the steps of the pipeline are solved, except for a CLI image compressor that could accept an image STDIN and produce a compressed image on STDOUT.

Sounds like an oversight. Consider filing a bug with them.

https://github.com/frostoven/Squoosh-with-CLI

Nice. I use Squoosh for this, which is also free and runs in the browser.

https://squoosh.frostoven.com/

Https give you encryption in transit. The files you view will be accesible to the host.

Same idea with email.

Not true that most incoming email will plaintext. It’s the opposite:

“Most of today’s email services, including Gmail, employ transport layer security (TLS) to protect emails in transit”

Ref: https://umatechnology.org/gmails-new-encryption-can-make-email-safer-heres-why-you-should-use-it/

It uses layers, the same way a phone keyboard has a separate layer for numbers and symbols. Holding down one of the three thumb keys on either side activates a new layer. Since you can use your thumb and fingers at the same time, there’s no lose in typing speed. Indeed, the layout puts numbers and symbols closer to the home row on a layer than using a physical number number.

For all symbols, you would have needed a shift-modifier to access those before. With this design, the symbols are closer but use a layer switch key instead of a shift key to access them.

Everyone who uses a phone keyboard has learned a new compact keyboard layout. It’s not so hard.

Modern web services are served on port 443 over HTTPS with secure certificates, not on port 80 over HTTP.

Make sure you have a cert issued and installed for your server, that port 443 is not blocked by any firewall and that curl is explicitly connecting to https.

There’s no indication that running caddy in a container was a problem here.

For a high security context, you would want to figure out private inter-pod networking.

For what you describe, host networking sounds OK.

Tried it a couple times. Went back to the CLI.

If you know the CLI or are willing to learn, the GUI is yet-another layer for bugs to exist.