I’ve been trialing Vaultwarden for a while and while I do like the server sync setup and clean web access, the Bitwarden browser plugin is just okay despite being an “enterprise” solution. It misses probably about 20% of websites when creating a new account, forcing you to grab the password from the generator history and make a new entry manually.

KeepassXC is much better in that regard, and it’s almost as good as the default credential handler of Firefox, and it lets you set up a bunch of custom stuff to extend the functionality if you want. Plus it has some neat kbdx options aside from AES256.

Only downside is syncing, which I’m debating how I’ll deal with something better than syncthing on android (protocol is great, android makes it a PITA to have a background process if its not Google spyware).

Guys its finally the year of the linux desktop

Yeah I’ve said it many times that NTFS’s allocation algorithm is total ass, and the only reason Microsoft never bothered to make a successor FS is because SSDs eliminated the need for avoiding fragmentation.

ext4, ufs, and apple’s FSs all do a vastly superior job on HDDs, with ext4 not even beginning to fragment until you hit like 95% drive capacity.

Ahaha jokes on you, I haven’t updated my dependencies in years so I only have to deal with debilitating CVEs

Still got nothing on Moonshell 2

(I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.

Wireguard on 443 or OpenVPN + Stunnel on 443

Wireguard is easier to setup because there’s no OpenVPN app that packages stunnel (afaik), so you have to run 2 apps on your phone to make it work.

A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

Wireguard uses UDP, so just run whatever you want on 443 TCP with caddy (unless you want QUIC for some reason?)

Anything beyond that and you’d be looking at using a proper obfuscation solution like Shadowsocks or obfs4, in which case you should look into Amnezia or Tor bridges.

The modern web is an insult to the idea of efficiency at practically every level.

You cannot convince me that isolation and sandboxing requires a fat 4Gb slice of RAM for a measly 4 tabs.

There was a thread on one of the tech communities about CS horror shows, and one of them was a guy telling a story about how Amazon had to completely redesign their smart home printer function to run through some monkeychain cloud pipeline because right before launch because they realized one of the libraries related to CUPS was AGPL, which is a blacklisted license at Amazon.

The kicker was that the library also offered a lifetime corporate license for $100.

Amazon redesigned their entire printing functionality stack to avoid paying $100 (or following AGPL lol).

Ted Ts’o being awoken by the “next gen fs” devs screaming outside his house

Use our easy bash oneliner to install our software!

Looks inside script

if [ $(command -v apt-get) ]; then apt-get install app; else echo “Unsupported OS”

Still less annoying than trying to build something from source in which the dev claims has like 3 dependencies but in reality requires 500mb of random packages you’ve never even heard of, all while their build system doesn’t do any pre comp checking so the build fails after a solid hours of compilation.

Gamefreak used an additional hardcoded RSA public key auth in Pokémon Black/White because for some reason they didn’t trust OpenSSL to not fail for their HTTPS API connections, and yet here we are in 2026 with unahtenticated API endpoints.

Was ChatGPT unable to generate swagger docs they could have lazily plugged into an API scanner bruh

Or better yet notice the big fat “unathenticated” label when you look at the endpoint list.

Can’t relate, I use Pakistan International Airlines where port forwarding is a guaranteed service

No sweat, try mirroring a private tracker and you’ll very quickly run out lol. You need a couple of petabytes worth.

The real problem is the price of HDDs not going down due to lower production in light of SSDs.

I fully expect WD to drop this as some stupidly expensive SAS drives that almost no consumer will buy. They should at least apply the dual heads for speed tech so we get faster HDDs for the same price.

Aside from nightly, I thought the repo release was up to date? I’m pretty sure its included in the default repo for Fedora.

Is this sarcasm about git/svn or are you serious?

Knowing full well this would be coming from a FAANG company, a funnier answer would be to replace the switch with the equivalent smarthome switch, and then spend the next 20 minutes explaining their uttery stupid network pathway from your phone, through the cloud, back to your device to turn on a lightbulb.

Stack Overflow was the antithesis of “Just say something wrong on the internet so that someone will correct you with the real answer” because none of the negative threads actually answered the question lol.

idk let’s ask yaml

zsh was and I think still is technically an extended superset of bash.

It’s pretty much exactly what you’re looking for if you want bash scripting with fish features and plugin extensibility.

The downside is you gotta take some time to set up your .zhrc and choose if you want to use a backend like oh-my-zsh.

I think the reason its on MIT license was because it was essentially just a bunch of scripts bundled together and maintained by a wide variety of people with no intention of making it the default shell like fish or bash is.

How I sleep knowing Fedora + podman actually uses safe firewalld zones out of box instead of expecting the user to hack around with the clown show that is ufw.

I could be wrong here but I feel like the answer is in the docs itself:

If you are running Docker with the iptables or ip6tables options set to true, and firewalld is enabled on your system, in addition to its usual iptables or nftables rules, Docker creates a firewalld zone called docker, with target ACCEPT.

All bridge network interfaces created by Docker (for example, docker0) are inserted into the docker zone.

Docker also creates a forwarding policy called docker-forwarding that allows forwarding from ANY zone to the docker zone.

Modify the zone to your security needs? Or does Docker reset the zone rules ever startup? If this is the same as podman, the docker zone should actually accept traffic from your public zone which has your physical NIC, which would mean you don’t have to do anything since public default is to DROP.