Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

Edit: oh and as an example how the actual rules file looks like:

#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

and with that I have my ipv4+6 firewall that allows pings and http

The shopping list alone is beautifully done. Glad that I could help 🙂

There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.

– Leon Bambrick

Regarding your requirement, you might want to take a look at KitchenOwl.

If you prefer freestyle notes/lists, Joplin can share and sync note collections as well.

KDE is one of the main reasons for me to use Linux. I immensely like the performance, silence and battery lifetime of MacBooks. But if I have to work with anything but KDE, it’s not worth it for me. The only thing OSX does better than basically any other desktop out there, is the ability to drag whole virtual screen between monitors.

CryptPad is absolutely fantastic. Easy to host and secure design.

I can understand Hellwig’s fear, though.

From what I gather as a bystander, it’s apparently common that a refactoring in your module that breaks its API will involve fixing all the call-sites to keep the effort on the person responsible for the change. Now the Rust maintainers say “it’s fine; if it breaks, we’ll deal with it” which is theoretically takes away the cross-language issue for the C-maintainer. Practically I can very well see, that this will still cause friction in the future.

Let’s say such a change happens and at that time there’s a bit of time pressure and the capacity on the rust maintainers is thing for whatever reasons. Will they still happily swallow that change or will they start to discuss if it’s really necessary to do that change? And suddenly, the C-maintainer has a political discussion on top of the technical issue they wanted to solve.

As someone who just wants to get shit done, I would definitely have that fear.

(That doesn’t mean it’s still a bullet not worth swallowing. The change overall can still be worth the friction. I am just saying that I think it’s not totally unwarranted that a maintainer feels affected by this even though current pledges from the other parties promise otherwise; this stance can change or at least be challenged over and over.)

It was an example. I don’t have a fucking clue how all the maintainers are named.

The main question was: why can a maintainer NACK something not in their responsibility? Isn’t it simply necessary to find one maintainer who is fine with it and pulls it in?

Or even asked differently: shouldn’t you need to find someone who ACKs it rather than caring about who NACKs it?

Can a maintainer really NACK any patch they dislike? I mean I get that Hellwig said he won’t merge it. Fine. What if for example Kroah-Hartman says “whatever, I like it” and merges it nonetheless in his tree?

Damn, so that was the issue. I spent 2h trying around with different packages I suspected to cause an error during start. Then I desperately moved my .config dir out of the way to rule out an incompatible config and lo and behold… it worked. I then moved it back and tried to delete configs more finegranular. After a few iterations without success I just removed almost all kde and plasma related configs and reconfigured everything from scratch. I should have scrolled through my feed earlier 😁

The second one gives you the necessary flashbacks to catch up if you should intend to follow the story. It also explains all the basics of the game mechanics as part of the quests.

I even heard people being surprised it’s not Geralt. When they were surprised I started to question myself if I just dreamed that they announced that wayyyy back.

Or preferably: don’t care about the game at all until it releases. Ignore previews or alpha demos, beta footage, gameplay trailers/teasers, etc. That way you don’t build up hype that has a big chance to disappoint you. Take the game for what it is at release and either like it then or not.

Is that really a relevent attack vector in your day to day use, that full disk encryption wouldn’t cover? My browser is rarely closed when I am on the PC, so it would be accessible (because unlocked).

Ah, good to know. Thanks!

There is some documentation in the forum about how to add new device support or where to request it. Read it and then decide what to do.

Even CD Project Red added such shit. Instead of directly launching Witcher or Cyberpunk I now have to go through a(nother) launcher now. Pointless.

Baldurs Gate 3 needed one from the beginning as well.

I don’t get it.

What ZigBee Coordinator do you use? I know deconz and zigbee2mqtt have the ability to add support for new devices via config files. But that’s a bit of a rabbit hole into the ZigBee protocol. They also have forums/issue trackers where one can request support for new devices.

Stalwart is 95% awesome. What holds me back is, that Mails are stored in a Database and not Maildir. Maildir is insanely trivial to backup incrementally and to restore individual mails if necessary. That currently holds me on dovecot.

But that’s the neat thing: the system is well structured into different layers and subcomponents. They are not all involved to control lightbulbs; that’s mostly your local hue bridge. One component will make sure, Alexa can control your bulbs (if you want that). If that component fails, only Alexa stops working. Another component handles push notifications to your mobile devices. If that fails, the rest is unimpacted. And so on.

That was, for a long time, the main reason I heavily recommended Hue: the bridge can be used completely offline and still offered a good local API and pairing system. Unfortunately last year that made online accounts a requirement. I assume besides the App you can still use many things even if your network connection is broken, though.