Thank you!

I’ve found the Seedstudio thing after posting this too and it looks like the thing I’d be looking for!

What’s your experience w.r.t. coverage?
Obviously that highly depends on where exactly you are – you certainly aren’t going to have coverage in the outback – but I’m mostly concerned with places where people actually go and would take my bag/laptop/bicycle to. 'Stralia is going to generally be quite different from Germany too of course but it would be a good reference point from which I could extrapolate.

PM is automayically E2EE too if the recepient’s server supports WKD or has uploaded their pubkey to keys.openpgp.org.

Well, they have – I think. When you download an edited image, it supposedly downloads an image with edits applied. The original is optionally available too.

If you download the edited image, this is effectively equivalent to the status quo of image editing.

The issue is not the instruction set of the processors. That’s actually quite well standardised with ARM (albeit unfree) and there is plenty of generic support for it because of that.

The issue is all the “peripheral” devices such as WiFi, WWAN, display etc. that are wired up in extremely bespoke device-specific ways. They are usually implemented in vendor kernels with millions of lines of divergence to mainline at best and/or proprietary blobs at worst.

Changing the ISA from one well-supported closed standard to a less well-supported open one will not change that issue one bit.

Are there any (ideally waterproof) compact devices with long battery life (months~years)?

On the website I only found a long list of supported devices with brand name search and protocol type. grep showed no LoRaWAN devices though?

My use-case is theft tracking. I only need the device to be able to locate itself after a theft actually occurred and I request it remotely. (Perhaps also periodically with very low frequency.)

SearXNG is not a search engine, it’s a search engine proxy. The actual search engines that are being proxied are still the same old google, bing etc.

I’d highly recommend you actually read it. Once you look past the LLM-ish phrasing, it quickly becomes clear that the actual information contained is human-made with a great amount of valuable thought put into it.

I’ve been here for a long-time (go and check if you’d like). There wasn’t a single thing in that post that made me think the author hasn’t understood the principles of the fediverse that make it so valuable or reasoned wrong about them – quite the opposite.

This post idenifies many (if not most) of the major problems that I have had with Lemmy over the years. The onboarding improvements you’ve seemed to have at least glanced at are just the tip of the iceberg.
I use Lemmy despite of these limitations but I am also a technical person with quite a bit of tolerance for such technological pain. The high-level improvements proposed here would meaningfully diminish these; allowing less technologically capable or tolerant people to benefit from Lemmy too.

This is actual UX requirement engineering.

If broader (and less technical) user adoption is a goal of the Lemmy project, I’d consider the vision outlined in this post to possibly be one of the most valuable non-technical contributions to Lemmy as a whole.
Seriously.

Yikes, lot’s of bad advice in this thread.

My advice: Go develop an actual threat model and find and implement mitigations to the threats you’ve identified.

If you can’t do that, that’s totally okay; it’s a skill that takes a lot of time and effort to learn and is well-compensated in the industry.

You will need to pay for it. Either through an individual assessment by someone who knows what they’re doing, managed hosting services where the hoster is contractually liable and has implemented such measures, by risking becoming part of a botnet or by not hosting in a world-public manner.

My recommendations:

• Pay for proper managed hosting for every part of your system that you are not capable of securing yourself. This is a general rule that even experienced people follow by i.e. renting a VPS rather than exposing their own physical HW. There are multiple grades to this such as SaaS, PaaS and IaaS.
• Research, evalue and implement low-hanging fruit measures that massively reduce the attack surface. One such measure would be to not host in a manner that is accessible to the entire world and instead pay for managed authenticated access that is limited to select people (i.e. VPN such as Tailscale)
• git gud

It works for me, even with substrings.

It’s sometimes a bit fiddly though as adding even the tiniest bit of data that is not contained in the address as OSM knows it will invalidate the entire search.

Kagi is a search engine where you just simply pay with money rather than being instrumentalised in all kinds of awful ways in order to make the operator money.

I was very sceptical at first too. I highly recommend to simply try using it with the gratis 100 searches. That lasted me for a few days and I quickly noticed what there is to love about it.

It’s the best (and to my knowledge only) search engine money can buy.

The first two points have nothing to do with HTTP‽

The last one is just August before Eternal September ¯\_(ツ)_/¯

(but-with 'nix (lots-of 'parenthesis))

That’s for encrypting your data to protect against an untrusted storage back-end.

They also have e2ee for users though where the server cannot see the plaintext either.

https://nextcloud.com/encryption/

And this is why you want atomic updates folks…

Did you/your distro set up realtime ulimits correctly such that pw can acquire rt priority?

Thanks for the explanation!

Though it ought to be possible to only respond with the new self-signed cert when LE does the challenge and with the previous, properly signed cert otherwise.

I found https://codeberg.org/neilpang/acme.sh/wiki/TLS-ALPN-without-downtime which demonstrates one method to achieve that but I lack practical experience judge whether that’s optimal.

Forgive my ignorance but why would that incur a downtime?

The only way I can think of for downtime to happen if you switched certs before the new one was signed (in which case …don’t) or am I missing something?

It also strikes me as weird that LE requires 80 but does allow insecure 443 after a redirect. Why not just do/allow insecure 443 in the first place?

The same that happens when you update to receive a breaking change on a rolling distro. It’s version number go up, just at a different point in time.

That’s a very odd example to choose given how trivially interchangable kernels are.

At NixOS, we ship the same set of kernels on stable and rolling; the only potential difference being the default choice.
I’m pretty sure most other stable distros optionally ship newer kernels too. There isn’t really a technical reason why they couldn’t.

To be able to predict when something you depend on breaks.

This “something” could be as “insignificant” as a UI change that breaks your workflow.
For instance, GNOME desktop threw out X11 session support with the latest release (good riddance!) but you might for example depend on GNOME’s X11 session for a workflow you’ve used for many years.

With rolling, those breaking changes happen unpredictably at any time.
It is absolutely possible for that update to come out while you’re in a stressful phase of the year where you need to finish some work to hit a deadline. Needing to re-adjust your workflow during that time would be awful and could potentially have you miss the deadline. You could simply not update but that would also make you miss out on security/bug fixes.

With stable, you accumulate all those breaking changes and have them applied at a pre-determined time, while still receiving security/bug fixes in the mean time.
In our example that could mean that the update might even be in a newer point release immediately but, because your point release is still supported for some time, you can hold on on changing any workflows and focus on hitting your deadline.

You need to adjust your workflow in either case (change is inevitable) but with stable/point releases, you have more options to choose when you need to do that and not every point in time is equally convenient as any other.