Melmi

I don’t think the relevance of the TLD matters. It’s worth being aware of whether you’re using a ccTLD, especially in the case of countries like Afghanistan, but you also used .io as an example which is overwhelmingly used by non-British Indian Ocean Territory sites and is proven reliable. It’s even managed by an American company.

Then .app isn’t a part of the original TLDs, but actually a part of the new wave of modern gTLDs. And if you’re considering .app, there’s no reason not to consider the thousands of other generic TLDs out there.

Like with the ccTLDs, the only thing you have to consider is the trustworthiness of the managing org.

Yes, but only if your firewall is set to reject instead of drop. The documentation you linked mentions this; that’s why open ports are listed as open|filtered because any port that’s “open” might actually be being filtered (dropped).

On a modern firewall, an nmap scan will show every port as open|filtered, regardless of whether it’s open or not.

Edit: Here’s the relevant bit from the documentation:

The most curious element of this table may be the open|filtered state. It is a symptom of the biggest challenges with UDP scanning: open ports rarely respond to empty probes. Those ports for which Nmap has a protocol-specific payload are more likely to get a response and be marked open, but for the rest, the target TCP/IP stack simply passes the empty packet up to a listening application, which usually discards it immediately as invalid. If ports in all other states would respond, then open ports could all be deduced by elimination. Unfortunately, firewalls and filtering devices are also known to drop packets without responding. So when Nmap receives no response after several attempts, it cannot determine whether the port is open or filtered. When Nmap was released, filtering devices were rare enough that Nmap could (and did) simply assume that the port was open. The Internet is better guarded now, so Nmap changed in 2004 (version 3.70) to report non-responsive UDP ports as open|filtered instead.

WG uses UDP, so as long as your firewall is configured correctly it should be impossible to scan the open port. Any packet hitting the open port that isn’t valid or doesn’t have a valid key is just dropped, same as any ports that are closed.

Most modern firewalls default to dropping packets, so you won’t be showing up in scans even with an open WG port.

Just because you can work with one monitor doesn’t mean multiple monitors isn’t more comfortable though. You can have multiple windows open at once, at full size, and glance between them freely. No need for them to share the limited real estate of a single monitor.

I run Sway on my laptop because it lets me take full advantage of my single monitor, but on my multi monitor desktop setup I use a regular floating DE.

It definitely encrypts the traffic, the problem is that it encrypts the traffic in a recognizable way that DPI can recognize. It’s easy for someone snooping on your traffic to tell that you’re using Wireguard, but because it’s encrypted they can’t tell the content of the message.

Goes to show I don’t know much about SSO I suppose. Time to do some more research

I had issues connecting to Nextcloud from mobile clients when using Authelia, they didn’t like it, but if there’s a workaround for that that’s great

Most things should be behind Authelia. It’s hard to know how to help without knowing what exactly you’re doing with it but generally speaking Authelia means you can have SSO+2FA for every app, even apps that don’t provide it by default.

It also means that if you have users, you don’t need them to store a bunch of passwords.

One big thing to keep in mind is that anything with its own login system may be more involved to get working behind Authelia, like Nextcloud.

We already have a confusing abbreviation: B vs b. One is bits, one is bytes.

It’s a pretty drastic difference. One Gb per second is only 125 MB per second. Don’t mess up your capitalization!

These are all rough averages, of course, but Tweets can be rather bigger than 140 bytes since they’re Unicode, not ASCII. What’s Twitter without emoji?

Why would a random browser extension take it upon itself to snoop on your traffic to ensure that the websites you’re using can’t be used for illegal things, and then intentionally break it if it detects something it thinks it’s illegitimate? That’s a huge breach of privacy. It’s just malware at that point. It’s not like a court of law would hold your browser extensions responsible for your piracy. That’s like blaming a cup holder because the car was used in a robbery.

No, I think this is just a bug. Especially since people have reported that the extension breaks other websites too.

As far as I’m aware, there’s nothing preventing a PluralKit equivalent from being made for other platforms. In fact, a quick search turned up a WIP Matrix port on github.

So no, I don’t think this is true. Lack of PluralKit isn’t what’s preventing people from switching en masse. It’s the opposite—lack of people switching means there’s a lack of demand for a PluralKit port in the first place, so even though there is a port people don’t know it exists and thus it doesn’t get as much dev attention.

It comes down to network effects, ultimately, and just plain inertia. If you’re already on Discord, and all your friends are on Discord, it’s hard to convince you to switch. And being more familiar with the Discord bot ecosystem (like PluralKit) is just one more thing that adds to the inertia.

Interestingly the source you linked says that they do have an in-house web index, they just use it alongside other sources rather than using it as their only source

What incentive would a bank have to release their apps as FOSS?

You probably could create an open source banking app and use it to run a bank on a primarily open source software stack. But banks are not software companies, and they have no reason to engage with the FOSS world. We could think up lots of potential reasons for why a bank might not want to release their apps as FOSS, but the simplest answer is “why would they?”

I’d love to live in a world where free software is the norm, but we’re not in that world. So if the bank has no incentive to do it other than the comparatively niche interests of the FOSS community, they just won’t do it.

I don’t get why they call hosting a mail server being your own ISP. It’s a very very loose definition of the term “ISP” there. ISPs may provide mail services on the side, but that’s not what makes them an ISP imo—its providing internet access that makes them an ISP.

On looking it up, apparently some people consider email providers ISPs in their own right though? Seems like confusing terminology.

This project uses mDNS, which is specific to the .local TLD. The whole reason that people are against the use of .local is because it would break mDNS. So you can set a custom TLD, but it doesn’t matter because this is actually the correct context for .local to be used, and changing the TLD will actually break things for a lot of clients.

You’re right that the post is badly written, because it just sorta says “this is a place that promotes paraphilia!” But in this particular case, this server hosts reprehensible content and is not just a community for kinky people that happens to have pedos on it.

It’s like if there were a knife enthusiast instance where the largest local community was about committing crime, where the admin self-identifies as being into commiting crimes. It’s absolutely true most knife enthusiasts have no interest in committing crime, and therefore the knife enthusiasts who don’t want to commit crime probably wouldn’t join the server that promotes crime.

The analogy falls apart a bit because it’s true that they’re not doing anything illegal over there, at least not publicly. But they’re still promoting viewing kids sexually, promoting sexual contact with kids, even talking about nude photos of kids.

10.50.50.0 is not a valid IP address in most configurations. Have you tried 10.50.50.1?

Docker containers are more like LXCs—in fact, early versions of Docker used LXC under the hood, but the project diverged over time and support for LXC was eventually dropped as they switched to their own container runtime.

The HTTP protocol isn’t really the problem, I2P uses HTTP same as the clearnet. It’s just the fact that I2P is a closed network, so anything hosted on I2P will only federate with other instances on I2P—which as far as I’m aware, is none of them.