Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

Edit: oh and as an example how the actual rules file looks like:

#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

and with that I have my ipv4+6 firewall that allows pings and http

The shopping list alone is beautifully done. Glad that I could help 🙂

There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.

– Leon Bambrick

Regarding your requirement, you might want to take a look at KitchenOwl.

If you prefer freestyle notes/lists, Joplin can share and sync note collections as well.

KDE is one of the main reasons for me to use Linux. I immensely like the performance, silence and battery lifetime of MacBooks. But if I have to work with anything but KDE, it’s not worth it for me. The only thing OSX does better than basically any other desktop out there, is the ability to drag whole virtual screen between monitors.

CryptPad is absolutely fantastic. Easy to host and secure design.

I can understand Hellwig’s fear, though.

From what I gather as a bystander, it’s apparently common that a refactoring in your module that breaks its API will involve fixing all the call-sites to keep the effort on the person responsible for the change. Now the Rust maintainers say “it’s fine; if it breaks, we’ll deal with it” which is theoretically takes away the cross-language issue for the C-maintainer. Practically I can very well see, that this will still cause friction in the future.

Let’s say such a change happens and at that time there’s a bit of time pressure and the capacity on the rust maintainers is thing for whatever reasons. Will they still happily swallow that change or will they start to discuss if it’s really necessary to do that change? And suddenly, the C-maintainer has a political discussion on top of the technical issue they wanted to solve.

As someone who just wants to get shit done, I would definitely have that fear.

(That doesn’t mean it’s still a bullet not worth swallowing. The change overall can still be worth the friction. I am just saying that I think it’s not totally unwarranted that a maintainer feels affected by this even though current pledges from the other parties promise otherwise; this stance can change or at least be challenged over and over.)

It was an example. I don’t have a fucking clue how all the maintainers are named.

The main question was: why can a maintainer NACK something not in their responsibility? Isn’t it simply necessary to find one maintainer who is fine with it and pulls it in?

Or even asked differently: shouldn’t you need to find someone who ACKs it rather than caring about who NACKs it?

Can a maintainer really NACK any patch they dislike? I mean I get that Hellwig said he won’t merge it. Fine. What if for example Kroah-Hartman says “whatever, I like it” and merges it nonetheless in his tree?

Damn, so that was the issue. I spent 2h trying around with different packages I suspected to cause an error during start. Then I desperately moved my .config dir out of the way to rule out an incompatible config and lo and behold… it worked. I then moved it back and tried to delete configs more finegranular. After a few iterations without success I just removed almost all kde and plasma related configs and reconfigured everything from scratch. I should have scrolled through my feed earlier 😁

Is that really a relevent attack vector in your day to day use, that full disk encryption wouldn’t cover? My browser is rarely closed when I am on the PC, so it would be accessible (because unlocked).

Stalwart is 95% awesome. What holds me back is, that Mails are stored in a Database and not Maildir. Maildir is insanely trivial to backup incrementally and to restore individual mails if necessary. That currently holds me on dovecot.

It’s more comparable to Snikket. Both Snikket and Prose use Prosody as server with their own extensions.

You could look into prose. The interface of slack/discord/mattermost, built on XMPP, with E2EE.

Bitwardens local cache does not include attachments, though. If you rely on them, you have to rely on the server being available.

I don’t understand how that hybrid is supposed to work. Monospace is a binary attribute; either all chars have the same width or not. So what is the font now?

Most people in my company use OSX, followed by a few dozen Linux users (various distros; whatever each one prefers), followed by a few Windows users (whyever they want that). So essentially: we can choose what we want to use.

They also fuck over their own OS. I don’t think they deliberately broke dual boot installs, they simply don’t put enough effort in QA. (See their recent problems with BitLocker after an update. Or that one update that fails because some internal partition is too small. And so on.)

Fli4l is still around?! Crazy. I used that back in 2002 or so to turn an old i386 with 3 ISA HP 100Mbit network cards into a router + fileserver combo. Good times.

glibc’s malloc increases the stacksize of threads depending on the number of cpu cores you have. The JVM might spawn a shitload of threads. That can increase the memory usage outside of the JVMs heap considerably. You could try to run the jvm with tcmalloc (which will replace malloc calls for the spawned process). Also different JVMs bundle different memory allocators. I think Zulu could also improve the situation out of the box. tcmalloc might still help additionally.