Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

Edit: oh and as an example how the actual rules file looks like:

#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

and with that I have my ipv4+6 firewall that allows pings and http

The shopping list alone is beautifully done. Glad that I could help 🙂

There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.

– Leon Bambrick

Regarding your requirement, you might want to take a look at KitchenOwl.

If you prefer freestyle notes/lists, Joplin can share and sync note collections as well.

KDE is one of the main reasons for me to use Linux. I immensely like the performance, silence and battery lifetime of MacBooks. But if I have to work with anything but KDE, it’s not worth it for me. The only thing OSX does better than basically any other desktop out there, is the ability to drag whole virtual screen between monitors.

CryptPad is absolutely fantastic. Easy to host and secure design.

But that’s the neat thing: the system is well structured into different layers and subcomponents. They are not all involved to control lightbulbs; that’s mostly your local hue bridge. One component will make sure, Alexa can control your bulbs (if you want that). If that component fails, only Alexa stops working. Another component handles push notifications to your mobile devices. If that fails, the rest is unimpacted. And so on.

That was, for a long time, the main reason I heavily recommended Hue: the bridge can be used completely offline and still offered a good local API and pairing system. Unfortunately last year that made online accounts a requirement. I assume besides the App you can still use many things even if your network connection is broken, though.

You could look into prose. The interface of slack/discord/mattermost, built on XMPP, with E2EE.

What’s wrong with that? Do you expect their backend to run off a single server with a little PHP script? The components seem pretty reasonable (with the actual business logic being just a small part).

I don’t understand how that hybrid is supposed to work. Monospace is a binary attribute; either all chars have the same width or not. So what is the font now?

Most people in my company use OSX, followed by a few dozen Linux users (various distros; whatever each one prefers), followed by a few Windows users (whyever they want that). So essentially: we can choose what we want to use.

They also fuck over their own OS. I don’t think they deliberately broke dual boot installs, they simply don’t put enough effort in QA. (See their recent problems with BitLocker after an update. Or that one update that fails because some internal partition is too small. And so on.)