I’ve been trialing Vaultwarden for a while and while I do like the server sync setup and clean web access, the Bitwarden browser plugin is just okay despite being an “enterprise” solution. It misses probably about 20% of websites when creating a new account, forcing you to grab the password from the generator history and make a new entry manually.

KeepassXC is much better in that regard, and it’s almost as good as the default credential handler of Firefox, and it lets you set up a bunch of custom stuff to extend the functionality if you want. Plus it has some neat kbdx options aside from AES256.

Only downside is syncing, which I’m debating how I’ll deal with something better than syncthing on android (protocol is great, android makes it a PITA to have a background process if its not Google spyware).

Bans and heavy moderation of content.

I’m glad some of the reddit copy communities here like DankMemes died quickly because it was being run by the same loser mods from reddit.

So far I’ve only been banned from I think maybe 2 communities ever. The only one I remember is one of the NCD communities because the lead mod was a dumb dumb.

I don’t really care about complaints of specific instance users because unpopular opinions and comments deserve to be seen, otherwise you create an echo chamber.

So long as there is no brigading, it is much healthier to see everyone’s input.

Also I hope the r/Chodi crowd never finds lemmy lol.

Fedora

OpenSUSE if you want something non American and not directly related to RedHat

A pretty hefty amount of popular mobile games were actually rips of flash games with microtransaction added lol.

Yeah I can’t wait for when enthusiasts want my stacks of 2004 laptop RAM sticks and LCD panels.

The demand will open up any second now

I seriously would not mind RCS if Google didn’t monopolize it.

I will be forever on MMS because I’ll never use Google’s crappy message app.

No one is sending anything substantial over SMS for me anyway, so it’s not an issue where I need an e2ee channel with someone who doesn’t have signal

Sideloading APKs is an easy vector but so is the Google Play Store. It’ll take scammers like 5 minutes to just perma move to GPlay shenanigans, and its already well known to have poor quality control and tons of malware available to download with the useless play protect logo.

This is just Google’s public justification for creating their walled garden. They already pulled this exact scam with Chinese OEMs which is how Huawei got banned, and others stopped selling in the US. They huffed up some story about CCP spyware and then mandated that GPlay be installed in full, otherwise face consequences from congress.

Even Samsung got pulled in and they essentially agreed to use GApps as the de facto communication suite for their phones in exchange for allowing Samsung to continue to use their Galaxy store.

They see stuff like AOSP as a threat because anyone can just fork the OS and make their own non google Android, and they don’t want any OEM to replace GPlay like what Motorola is attempting right now (hence the increased urgency to lock down Android).

Google’s monopoly in the mobile space revolves around every phone using GPlay, so they’ll do anything to maintain their control.

(I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.

Wireguard on 443 or OpenVPN + Stunnel on 443

Wireguard is easier to setup because there’s no OpenVPN app that packages stunnel (afaik), so you have to run 2 apps on your phone to make it work.

A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

Wireguard uses UDP, so just run whatever you want on 443 TCP with caddy (unless you want QUIC for some reason?)

Anything beyond that and you’d be looking at using a proper obfuscation solution like Shadowsocks or obfs4, in which case you should look into Amnezia or Tor bridges.

Hey to be fair I know several people who do know, but so poorly that they’ll still be defnitley grinding your gears lol.

Define right wing because the last time I used that insult, it was against users spamming DNC propaganda lol

Use our easy bash oneliner to install our software!

Looks inside script

if [ $(command -v apt-get) ]; then apt-get install app; else echo “Unsupported OS”

Still less annoying than trying to build something from source in which the dev claims has like 3 dependencies but in reality requires 500mb of random packages you’ve never even heard of, all while their build system doesn’t do any pre comp checking so the build fails after a solid hours of compilation.

Gamefreak used an additional hardcoded RSA public key auth in Pokémon Black/White because for some reason they didn’t trust OpenSSL to not fail for their HTTPS API connections, and yet here we are in 2026 with unauthenticated API endpoints.

Was ChatGPT unable to generate swagger docs they could have lazily plugged into an API scanner bruh

Or better yet notice the big fat “unathenticated” label when you look at the endpoint list.

sneak up into a dark street corner at night

“Ay you got that ed25519?”

No sweat, try mirroring a private tracker and you’ll very quickly run out lol. You need a couple of petabytes worth.

The real problem is the price of HDDs not going down due to lower production in light of SSDs.

I fully expect WD to drop this as some stupidly expensive SAS drives that almost no consumer will buy. They should at least apply the dual heads for speed tech so we get faster HDDs for the same price.

Very critical. GNOME and KDE have two very different UX paradigms.

Usually people used to Windows opt for KDE, and Mac or older Ubuntu users opt for GNOME.

The thing is though, a golden standard DE can easily be setup to act as both. XFCE is so customizable that I’ve seen both DE types setup as UNIX like or Windows like workflow.

I’m not sure if KDE or GNOME can do the same because I’m pretty sure they focus on a target audience.

What are your issues with KDE exactly? I always hated GNOME’s lack of standard window buttons and handling multiple windows in a Mac like fashion. Also the app menu which gives me flashbacks of ChromeOS.

I tried protonmail not for the privacy purpose but just to have a normal web email client.

After wasting an hour before finding out you can’t disable the “sent from protonmail” footer without manually deleting it in each draft you make, I said screw it and deployed my own email server with stalwart lol.

It’s receive only because outgoing SMTP is a pain to make reliable these days and my ISP blocks outgoing SMTP anyway, but for everything else I now use Thunderbird.

Been on it permanently for years now. Only complaint is that I found XFS to be better than BTRFS, though most people probably wouldn’t notice.

Only other “complaint” is Fedora doesn’t have a lot of support for embedded arm devices, so you’re on your own if you want an RPM style distro on something like an Orange Pi.

If you want to ruin a concert’s day, change the thermostat a few clicks lol.

Funny thing is you can actually conduct pretty well with just your hand.

Also a good conductor is usually an astoundingly good player of multiple instruments themselves.

It’s kind of like how football (soccer) team managers are retired players that can still play better than the entire stadium wearing loafers and a suit.

How I sleep knowing Fedora + podman actually uses safe firewalld zones out of box instead of expecting the user to hack around with the clown show that is ufw.

I could be wrong here but I feel like the answer is in the docs itself:

If you are running Docker with the iptables or ip6tables options set to true, and firewalld is enabled on your system, in addition to its usual iptables or nftables rules, Docker creates a firewalld zone called docker, with target ACCEPT.

All bridge network interfaces created by Docker (for example, docker0) are inserted into the docker zone.

Docker also creates a forwarding policy called docker-forwarding that allows forwarding from ANY zone to the docker zone.

Modify the zone to your security needs? Or does Docker reset the zone rules ever startup? If this is the same as podman, the docker zone should actually accept traffic from your public zone which has your physical NIC, which would mean you don’t have to do anything since public default is to DROP.