Maybe easier to get anything runnin quickly. But it obfuscates a lot of things and creates additional layer of stuff which you need to then manage. Like few days ago there was discussion about how docker, by default, creates rules which bypass the “normal” INPUT rules on many (most?) implementations. And backup scenario is different, it’s not as straightforward to change configuration than with traditional daemon and it’s even more likely to accidentally delete your data as a whole.

As I already said, docker has its uses, but when you’re messing around and learning a new system you first need to learn how to manage the ropes with docker and only after that you can mess around with the actual thing you’re interested of. And also what I personally don’t really like is the mindset that you can just throw something on a docker and leave it running without any concern which is often promoted with ‘quickstart’-type documentation.

You absolutely can run services without containers and when learning and trying things out I’d say it’s even preferable. Docker is a whole another beast to manage and has a learning curve of it’s own.

Containers can of course be useful but setting everything up, configuring networking, managing possible integrations with other components (for example authentication via LDAP) it’s often simpler just to run the thing “in traditional way”. With radicale you can just ‘apt install radicale’ (or whatever you’re using) and have a go with it without extra layer of stuff you need to learn before getting something out of the thing. And even on production setups it might be preferred approach to go with ‘bare metal’, but that depends on quite a few variables.

On residential connections it’s a bit pain in the rear, but if you get VPS (or something similar) it’s perfectly manageable. You just need to maintain stuff properly, like having proper DNS records, and occasionally clear false positives from spam lists. The bigger issue is to have proper backups and precautions, I’ve hosted my own emails for over 10 years and should I lose all the data and ability to receive new messages it would be a massive personal problem.

because the EU is slow

That, and also because sanctioning China is not a politically trivial question.

Docker spesifically creates rules for itself which are by default open to everyone. UFW (and underlying eftables/iptables) just does as it’s told by the system root (via docker). I can’t really blame the system when it does what it’s told to do and it’s been administrators job to manage that in a reasonable way since forever.

And (not related to linux or docker in any way) there’s still big commercial software which highly paid consultants install and the very first thing they do is to turn the firewall off…

Do we start to build our own DNS servers too, now? I mean, not just the pihole everyone and their dog are running on local network, but independently ran network of trustworthy (whatever that might be, I’m not quite sure) DNS servers for anyone to use.

Here in Finland operators are legally in a pretty good place right now, but who knows when that might change on todays world. My own network uses root servers, but it’s still traditional DNS and prone to MITM attacks, specially from operator level. So far that’s been quite enough for my needs but on this echo chamber (of sorts) which Lemmy provides it feels more and more like I should start to harden and secure my stuff better.

With >60GHz frequency and very narrow beams from antennas. If you have suitable conditions that seems like pretty decent piece of technology, but that’s not going to penetrate anything, so line-of-sight is practically required.

And that’s very fundamentally different than starlink. Unifi Device Bridge or Mikrotik Cube are similar devices. Think your home wifi router on stereoids instead of internet connectivity from the sky.

I need goatse.

It’s in wayback machine under original URL. Just scroll to oldest copy of the site.

I think it was EEVBlog (and likely many others) who made calculations on these ideas few years ago and even if at face value that seems like it should work (train tracks, like roads, cover a significant area) it’s still not feasible. You can’t tilt panels on roads/tracks towards the sun, the panels need to be way more robust so that they’ll survive the conditions and thus less effective than purpose built solar plants, vibrations (specially with trains) shake pretty much everything apart and so on.

It doesn’t make sense even on power alone when you put the numbers in and much less in a business case where you’d need to make a profit out of the installation.

Edit: Here’s one discussion on topic https://www.eevblog.com/forum/blog/eevblog-1234-more-epic-solar-roadways-fail!/

Vpns don’t hide mac addresses from phones that pass the access points.

Pretty much every phone can use random MAC addresses, so you can’t be tracked that way. Obviously there’s a ton of other ways to achieve that, like via that app.

You’re correct. All packages installed via dpkg/apt are on that list. What isn’t included are appimages, flatpacks, snaps and other non-dpkg software if you happen to have any.

I’m not sure about this latest approach but previously these have suggested that operators should provide either keys to decrypt the messages or straight up backdoors on server software to intercept messages there. At least I haven’t heard about a mandated user end scanner.

The whole idea is catastrophically bad on multiple fronts. It’s sold (as usual) via some twist of “protecting the children” or “protecting the populace” but in practise it would often just make it easier for criminals (CSAM spesifically) to stay under the radar and undermine all kind of privacy for EU citizens in the internet (whistleblowers, reporters, oppressed minorities and groups like that would be first to feel the effects). We need better politicians who actually understand what they’re proposing.

And setting permissions on directories get’s them inherited by newly created/added files in there, right?

No. They’re created based on ‘umask’ and changing directory permissions doesn’t automatically change permissions on underlying files (unless you set privileges recursively) nor new files in the directory.

So how can i remove the ability from my homedir to execute current and new files but keep the traverse permission?

For new files set your umask on what you want. By default it’s usually either 0002 or 0022. For existing files you can use find: find ~ -type f -exec echo chmod a-x {} \; (remove echo once you’ve confirmed that it does what you want).