I use Iceraven with ublock, privacy badger, decentraleyes and canvasblocker.

Oh right

Because it’s a decent competitor to the GitHub monopoly. It also has a few unique features when compared to it. Just guessing why OP uses it though (many people do)

DIE

Just ordered the PCBs for my second, custom layout split keyboard, the triboard. I’m also working on a service status watcher + page called swec. It will eventually be able to notify you through gotify whenever your services are down, and maybe even redirect clients to the status page. Some other features include custom downtime messages.

Seeing how unethical the company is in general, it would’n’t surprise me if the anticheat was just the worst. Even forgetting the anticheat part, I would NEVER play it.

(Unethical is actually a pretty big euphemism here)

Yeah, most anticheats are actually just rootkits (running at kernel level with unlimited privileges). This is also a big security issue, some games like genshin impact have also been used to create botnets since there is only one privilege escalation from the game itself to the kernel.

Whenever you use an anticheat, you just have to take the company’s word for what they are doing with that kernel-level access.

Use librewolf instead of Firefox to get rid of the whole spyware part of it. Librewolf only has a single request when starting, to “check for updates”. But using Firefox is the second best thing you can do both for your privacy and to fight Google’s " Web Environment Integrity" crap.

Framaforms + framacalc.

My servers have names of Spanish words humorist El Risitas says in his mythical video where he laughs with no real reason.

The biggest server is named “cocinero”, because I can (jokingly) easily imagine a very fat cook.

Then there is plancha, a lenovo thinkcentre which has the size of a plank.

My raspberry pi’s have names of tapas: chorizo, keso etc.

Wow, great it could be so helpful!

what is the reason you shy away from ubuntu? Canonical. Snaps. Ubuntu is the first server OS I used, and while it was quite good I think I prefer using a base distrobox instead of a derivative. If I’m going to use Debian, I’ll use Debian. Not Debian with corporate stuff on top.

As for SELinux: I’ve tried around a year ago. But as soon as I started doing stuff with users and tweaking docker permissions things went wrong and I just set it to permissive. Maybe I’ll try that again soon, because other parts of managing servers have become much easier over time as I learned. I agree that having a server without SELinux is quite dumb and not very professional.

You convinced me for immutable fedora. Maybe I’ll try it out sometime on our backup/testing server and maybe it will make its way to production if I’m happy with it.

As for distrobox I’ll see.

The main reason I used Gentoo is because of being able to reduce the attack surface with USE flags. But as it seems the tradeoffs with it are greater than the advantages (the mastodon issue I mentioned). If I don’t switch the server to immutable fedora, I’ll just use something like plain fedora or debian I think.

To me, this is only one of the few advantages of immutability. I have already used nixOS on a server and I really didn’t like having to learn how to do everything the right way. As for distrobox, to me it sounds quite like an additional failure point: it is an abstraction over the containers concept that hides the actual way it is done from you. I’d say if you run an app in a container, go all the way: make the container yourself. To me it just sounds like a bad idea, and I didn’t really like distrobox when I tried it. I just want to say that both of these concepts (immutability, distrobox) would be great if it was perfectly done. But the learning curve of nixos and the wackiness of distrobox drove me away.

On X11 Linux, install redshift with your package manager. Run it.

Yes. But p10k has many downsides:

• requires using oh my ZSH, which alone is quite bad because of how much slower it makes the shell.
• is a piece of software you’ll have to either install on each new device or have the software in your dotfiles. Bad practice. I very much prefer having no additional dependencies or overhead, plus the way I do it I can do whatever I want without the limitations of a prompt made by someone else, for which I’d have to dig in a lot of documentation. Compared to this, I only spent half an hour making a prompt exactly how I like, which doesn’t add overhead and doesn’t require a third party piece of software which I’d have to install on every new device.

Free software tells you “do whatever you want, you’re free” but open source completely misses the point: it means you can read the code, but not necessarily recompile, modify and redistribute. Plus the term was invented for the confusion that would come from it. For example, a lot of AI models like LLM’s claim they are “open-source”, which basically means nothing: it’s far easier to say that than to claim it’s a free model, because that would imply freedoms to modify, reuse, redistribute the training data, weight etc. (no AI model allows that for now, and there will probably never be one that does).

I totally agree. But I just wouldn’t necessarily say gentoo is a bleeding edge distro: it’s kinda up to the user. They are free to configure the package manager (portage) however they want and can even do updates manually. I just like the idea of having newer packages at the cost of stability, because I also use the server as a shell account host (with an isolated user ;-)) and need things like the latest neovim. These days I would know if an update failed because I would literally be in front of the process and test services are working after the updates, so I’d know if I have to rollback. This makes it basically like a stable distro IMO (even though the packages aren’t battle tested before being pushed as updates).

Unattended updates are 10x better because those programs allow you to only do security updates. Plus they are much more stable, and something like this would never happen on a stable distro.

I’m surprised this strategy was approved for a public server

The goal was to avoid getting hacked on a server that could have many vulnerable services (there are more than 20 services on there). When I set this up I was basically freaked out by the fact I hadn’t updated mastodon more than a week after the last critical vulnerability in it was found (arbitrary code execution on the server). The quantity of affected users, compared to the impact it would have if hacked, made me choose the option of auto-updates back then, even if I now agree it wasn’t clever (and I ended up shooting myself I’m the foot). These days I just do updates semi-regularly and I am subscribed to mailing lists like oss-security to know there’s a vulnerability as early as possible. Plus I am not the only person in charge anymore.