Verrückte Menschen. Ich stehe ja eher auf Firmen, die ihre Auftragsbücher voll haben und eine langfristige Strategie verfolgen. Aber das kann man wahrscheinlich so oder so halten. Ergibt Sinn, dass beim Spekulieren andere Dinge zählen. Danke.

Solid choice. I like Flask’s design. They have good documentation as well. And PieFed (and probably lots of other projects) also rely on flask-login and all these extensions.

I think Quart is the more modern (async) Flask successor. Or people use FastAPI, … That’s where active development happens. The Flask ecosystem is more stable, mature I guess? There’s plenty old plugins without recent updates. But most I had a look at were written in a very clean way, and they’re probably perfectly fine. Unless they’re niche or you find some discussion about security-related stuff in the bugtracker.

Warum kacken gerade eigentlich die Rheinmetall Aktien so ab? Hatte ich nicht mal gelesen, dass unsere Rüstungsindustrie in nächster Zeit noch 40% Wachstum erwartet? Wegen voraussichtlich mehr Kriegstreiberei? Oder war die Erwartungshaltung einfach nur zu überzogen? Ich meine die hatten sich ja schon verdreifacht seit Trump an der Macht ist…

Thanks for the link! But I’m afraid it doesn’t tell me much. a) FreeBSD isn’t even on the list, so I don’t know the numbers to compare it to. and b) there’s things like survivorship bias. Looking at numbers like this is literally the textbook example of how to do it the wrong way. You have to do statistics the proper way around. For all we know by those numbers, Linux could be the best battle-tested OS in the world. I mean they fixed 3 times as many vulnerabilities as Microsoft did for any of their products?!

Sometimes I wish people would back up their factual claims with numbers and studies.

Also: FreeBSD phone, when??

I think the added benefit of an OpenWRT router is, you get 3 more ports (for your TV, Playstation and PC), plus a Wifi network. And it’s really hard to break it. But a MiniPC with OPNsense, of course will be more powerful. And some more advanced things have been notoriously difficult to set up in OpenWRT, maybe OPNsense does it a bit better.

I dislike it. Usually I’d use packages from my Linux distribution. Or package it myself and maybe upstream the effort if my distro has a user repository. Now (this way) it’s down to everybody download random files from the internet and execute them. Specifically what every Linux tutorial instructs you not to do. Plus there’s no updates, no security, no version control or transparency. It’s not licensed in any free way, so I can’t fix it or adapt it to my liking, I can’t help you write better Python code…

But it’s your software project. You’re perfectly fine to do whatever you want with it. And it’s certainly commendable to write software, whether you do it for yourself, or put it out there in some way.

Shouldn’t the upgrade also update the bootloader’s default entry to a new kernel? The way I’ve been doing it was apt update && apt dist-upgrade. And then reboot once every 1 to 2 years if I feel like it, am bored, or there’s all these news articles about a severe bug in the kernel.

Ich könnte auch den Pool einlaufen lassen. Ist bestimmt ab heute Saison. Oder ein schönes Bad nehmen, während ich eine unvernünftige Menge Bolognesesauce für 3h einkoche… Mal überlegen. Fitnesfahrrad gibt’s hier nicht 😆

Warte kurz, ich helfe mit.

Syncthing or Nextcloud. There’s a bunch of Linux sync software: https://awesome-selfhosted.net/tags/file-transfer--synchronization.html

Traditionally, you’d just put it on a NFS volume and be done with it. Or make it a boring plain old independent laptop with nightly backups configured, if your users always work from the same machine and don’t like… switch to a different computer in the middle of a task.

I have a port forwarding without any tunnel to third parties and Wireguard.

The entire page is an advertisement for an AI tool that helped uncover it. Guess that’s the demonstration on how it augments a report.

I think there’s pros and cons to everything. That way would have been less of a dickhead move towards the Forgejo developers. But a big letdown to admins as they don’t know what’s up with the software they’re running on their servers. The way the author chose gives some new intelligence to admins, and they can now act on it, since it’s public knowledge. But it’s annoying to the devs.

I guess I as a Forgejo user am kinda greatful they did it this way. Now I got to learn the story and can allocate 2h on the weekend to see if my personal Forgejo container is isolated enough and whether the backups still work.

(But that’s just my opinion after reading one side of the story. Maybe there’s more to the story and they’re being a dick nonetheless…)

Edit: And regarding just dropping the security team an informal mail… I don’t know if that’s clever. You’d normally either follow some security policy, or don’t engage. Sending them other kinds of mails which violate their policy (an internal carrot) might not be the best choice.

Thx very much. That’s valuable info. I edited my comment and crossed it off my list of software to evaluate for future projects. I already got the vibe-coding and a bit of sketchiness by scrolling through the latest commits and issue tracker.

Thanks for pointing it out. Yeah it does. I just copy-pasted what I found and didn’t check.

Danke 😊 Ja das muss ich auch mal machen. Ist wahrscheinlich sowieso einfacher als zu versuchen da Scheiben draus zu machen. Da zerbröselt eh viel und dann muss man sich überlegen was man daraus macht.

Mint is based on Ubuntu. It’s not strictly tied to any Debian release channel?! There’s LMDE as well. That’s based on stable.

Yes. I’ve been somewhat lucky as well. Upgraded my homeserver to 48GB to run a few virtual machines and maxed out my old laptop well before prices skyrocketed. Got to check if I still pay the ~8€ a month for my netcup VPS or if they increased price for existing customers as well…