iptables should still work, but these days it gets converted to nftables so you may as well just learn nftables.

Having said that, I find it a pain to manually configure iptables or nftables. There might be a better way to do what you want.

If you see bad translations in open-source projects, please help by fixing them :)

It’s a straightforward way to contribute to open-source, even if you know nothing about coding, and it helps a lot. It’s hard for open source projects to find good translators.

The other thing that really helps is improving documentation. Developers hate writing docs :)

The end goal is to have no reliance on tailscale as i am preparing for the eventual enshitification.

Tailscale is mostly open-source. If they do anything bad then someone could fork the project. The coordination server isn’t open-source, but you could self-host Headscale as a replacement.

If it still doesn’t suit your use cases, there’s some alternatives.

I personally wouldn’t directly deal with iptables or nftables rules, and instead use some other software to deal with that.

iptables is deprecated… If you really do want to do your own custom thing you should learn nftables.

All the data gathered by Cambridge Analytica was gathered through the public API though, after users had consented to share it (by logging into a quiz app that requested the permissions). That’s why the API is very locked down now, and the approval process to get any sort of data access is very strict.

The main issue was that they gathered data from people whose profiles were set to be visible only to friends. If someone logged into the quiz and granted permissions, their friends’ data was also accessible via the API.

aggressively guard

tbh it’s a hard balance for any social media company.

Guard content too little and you end up with Cambridge Analytica, which was literally because the public APIs allowed too much access (third-party apps could see any data through the API that you could see through your Facebook account, including friends profiles). You also end up with headlines talking about big data leaks which really just end up being compilations of public data (which has happened to both Facebook and LinkedIn).

Guard content too much and you restrict users’ freedom too much.

It’s not too bad if you use an outbound SMTP relay for sending. SMTP2Go is pretty good, and they have a free plan with 1000 emails per month. I use Mailcow and you can configure relays in their web UI, but it works just as well with the sender_dependent_relayhost_maps setting in Postfix.

Sure, it’s not fully self-hosted, but the interesting part to self-host is the storage of your emails, not the sending (which will just relay through other SMTP servers along the way anyways).

You don’t absolutely need a central repository for Git. It’s decentralized. You can learn the basics (committing, branching, rebasing, amending, merging, resolving merge conflicts) entirely on your computer.

My advice would be to get familiar with using Git locally first. Simulate things like merge conflicts - have two branches that both change the same line in a text file, then merge them together and resolve the conflict.

Once you’re more comfortable with using it locally, learn about code forges like Github or Forgejo.

It’s called a “merge request” in Gitlab, which is a much better name.

At least it’s open source so anyone can look at the code and figure out why it asks for the permissions.

You’re thinking of apt full-upgrade. dist-upgrade is the old name for it.

The only difference between upgrade and full-upgrade is that full-upgrade will delete packages if necessary (like if you have a program installed that conflicts with a new version of another program), whereas upgrade will never do that. upgrade is safer for day-to-day updates.

If you do an upgrade and there’s packages that need you to run full-upgrade, you’ll see a message saying that some packages have been held back.

full-upgrade is mostly safe. You just need to read the output carefully before continuing.

Make sure you have the security repo enabled in /etc/apt/sources.list. It should be enabled by default. Just search that file for “security”

Then just run apt update, apt upgrade, and reboot.

Are there any actual issues in those commits though? I spot checked a few and they look pretty benign, and don’t really look vibe coded to me.

Just because someone uses an AI tool doesn’t mean their work is vibe-coded slop. An experienced developer that knows what they’re doing can use AI as a tool to take care of boring/mundane parts and write a rough plan for their work, while still paying attention to the business logic and system design, and still fully reviewing everything themselves.

A lot of the recent commits are in the test suite, and building test suites, fixtures and harnesses is something AI is fairly decent at if you give it a good prompt (give it the input, expected output, and expected side effects).

Printing doesn’t change very often. The main protocols (like PostScript, PCL, and IPP) haven’t had any major changes in a very long time. Software like SavaPage probably mostly “just works” and doesn’t need a huge amount of maintenance or have a huge number of issues.

I’ve been using Linux for over 20 years and yet I’ve never tried Gentoo. Good idea. I’m not sure how well compilation would work on a 256MB system, but I could probably build a system in a VM locally then use Clonezilla to copy it to the production system.

The 256MB RAM systems are from https://hosting.gullo.me/ and https://natvps.net/. It looks like the latter no longer sells the 256MB systems - their site shows 512MB as the minimum now.

For most use cases, I use GreenCloudVPS or HostHatch. The GreenCloud “Budget KVM Sale” VPSes have 2GB RAM, 20GB space, 10Gbps network, for $15/year.

I’m using the small 256MB systems because they’re being provided for free for dnstools.ws in exchange for a link in the footer. Can’t beat that price :D

That’s an interesting idea that I didn’t consider. .NET does seem to have some support for WebAssembly.

Many of the current systems were provided by various hosts for free though, which is how I expanded to so many locations. The 256MB RAM systems are only a few dollars per year, so those hosts were happy to provide a few for free.

In my case it needs to be a VM rather than a container (because that’s what the hosting company offers), but Alpine is looking promising so far. No issues with booting from the ISO and installing it on a system with 256MB.

I got my app running on Alpine too. Now I just need to update my Ansible playbook to handle Alpine, and do more thorough testing. Will look into it later in the week.

I was using debian-installer in lowmem mode, but it OOMd during the install. I haven’t tried adding swap yet though.

The Trixie system that I did manage to setup was an upgrade from Bookworm. That’s the one that’s hitting the memory deadlock on boot.

That’s what I was thinking. I might try the cloud kernel (linux-image-cloud-amd64). It only has drivers required for VM platforms, so maybe the initramfs might be smaller? Otherwise I could build a custom one with just the things I need (only ext4 and swap, only drivers for KVM, etc).

I’m trying Alpine as well, which looks promising.