I do, and I agree about their utility. My users and aliases are in OpenLDAP but it’s pretty easy to add new ones.

Separate accounts are preferable if you’re actually going to be responding to messages. I’ve had some embarrassing encounters where I’ve given an alias to a business that I didn’t realize was going to actually use it for real email conversations with a human. By default roundcube web mail lets you hit reply anyway and the reply goes out with your real address, which can lead to confusion.

I host my own for mspencer dot net, used this 15-ish step walkthrough from linuxbabe dot com. Only maybe three instances of spam in two years, gmail and outlook receive my messages just fine, etc. (Successful spammers were using legitimate services, and those services took action when notified. Greylist delays emails by a few minutes but it’s extremely effective against most spammers because they never come back to retry messages after a few minutes, while legitimate senders will.) I don’t know if I would accept blanket advice against self hosting.

Fundamentally if your mail server can see the addressee, it can see the content. SMTPS encrypts both in the same channel. So at the point where you accept messages and store them in a mailbox, the messages have to be readable.

Encrypting them at rest isn’t something I currently do, but if you’re going to later serve those messages to an email client that expects to receive clear text, your server needs both the keys and the messages. They can be stored in different places.

Most of your needs could be met with full disk encryption on the box hosting Dovecot. If you’re worried about being compelled to decrypt, there’s always the deck of cards trick: The pass phrase for full disk encryption consists of a memorized portion plus the letters and numbers of the top N cards in this deck of cards you keep by the server. If someone were to shuffle that deck of cards, and the server were powered down, the encrypted volume would be impossible to recover.

I’m eager to learn what other Dovecot tricks people can recommend to improve security.

Deceased users’ estates still haven’t agreed to the new terms, have they?

Apropos of nothing, my ham radio call is NO0K, November Oscar Zero Kilo. If I decide to do the ham radio license plate thing again, I should pair it with some kind of Tom Nook sticker or something.

Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.

In a general sense, you are discussing a way to control other people and organizations, and to make them stop talking about you. (Communicating and storing your information) This isn’t always possible or practical.

If you pay a merchant with your payment card, that merchant is allowed to know your payment card number. If you call a toll free number, the recipient of your call is allowed to know your phone number.

If they decide to share what they learn about you, and they do so legally, there’s not a whole lot you can do to stop them. I’m not saying this to antagonize or hurt you. I invite you to think differently about what you can control and what is worth worrying about.

Remove these blank lines.

I’m not seeing unit tests for this.

Unnecessary comment.

BLAM

Ow! Also, this could’ve been a smaller calibur.

That does make a lot of sense.

I think I’m feeling embarrassed about not being a perfect ops person, while I was going to school for computer science. Like, part of me wants to create this unrealistic private cloud thing, like I’m going to pretend “I’m still around, where have you been? See your old password still works, and look at all the awesome stuff I can do now!”. I already have my 20+ year old passwd file imported into OpenLDAP / slapd and email is using that already.

It’s not realistic. I feel fondness for the internet of 20-25 years ago, but it’s not coming back. If people can log in with 20 year old passwords and upload web content, we both know what’s really going to happen.

I just feel like such a failure for letting it rot away. Really, any place that accepts submissions requires a live audience and staff to keep it moderated, and accepting new submissions is the only reason to even run original code. What you’re describing is probably the only sane way to do this.

Edit: although I do still feel that the world needs that sort of private cloud in a box. Sure Facebook has taken all the wind out of the sails of many private web hosting efforts - the “family nerd” no longer gets love and gratitude for offering to host forums and chat, they get “that’s stupid, I’ll just use Facebook” - but we still need the capability.

And an open security architecture to clone would help cover the daylight between “here’s a web app in a docker container” and an actual secure hosted instance of it. It would require more inconvenience than necessary for the substantial security benefits it would offer. (A better designed, more customized solution would help that, but one step at a time.) But that would give the average homelab user protection against future attacks that today would feel like wild “whoa who are you protecting against, the NSA?” paranoia.

Last time I went snooping:

15 installs of phpbb, which would require work to put back online as their communities are of course gone. Remove spam, undo defacement, etc.

7 installs of Dormando’s Oekaki BBS Clone

5 installs of WonderCatStudio BBS

4 installs of OekakiPotato / RanmaGuy etc.

and several users who just used php to ‘include’ headers and table of contents page parts.

(Yes I was quite the weeb. Still am, but I was one too. :-) )

I’m part of the problem, a tiny bit. For altruistic reasons - ok more like “I’m kinda weird, maybe this will make people on IRC like me more” reasons - I ran mspencer.net and hosted web pages for people for free. Ended up with web content for around 100 people, and they weren’t all just using it as a drop box. (Older than wikipedia.org by 199 days, woo!)

Hosted on ancient hardware, nothing even remotely approaching a modern security architecture, I eventually left it to run un-maintained until the IDE HDD died. More recently I got the data off of it. (Heads unstuck themselves while in a cardboard box for a decade? Dunno.) But I don’t know how to get everything back online in a safe way.

I’m a proper software engineer now, I can kinda see how work handles securely hosting web services. Now just throwing everything together on one box feels too lazy and insecure. But I can’t figure out a reasonable security architecture to use. I thought I had one, but I failed to account for VM jackpotting attacks. And it feels like it takes me a month to do what a competent ops person can do in a day.

But that’s a discussion for a different comment section.

As a Flight Simulator / study-level airliner add-on enjoyer I want to point out / supplement the above, that the main point of a real-world airline transport pilot is handling exceptions and problems. Sure I can American-Truck-Simulator-Airbus-Edition my way through a flight from cold and dark at one gate to cold and dark at another. I do not know how to handle failures.

Makes for a fun shower thought. And a fun exercise in task saturation, going into the menu and triggering a bunch of random failures. You usually need a bunch for a fun challenge because, in a study level thingy, the list of potential faults is huge and most of them are just a reduction in redundancy, a “crew awareness” item, or loss of a convenience feature. But I do not belong on a flight deck under any realistic circumstance.

Gives you huge appreciation for how massively redundant airliners are, how much “we already thought this through and here’s what gives you the best chances at a safe outcome” research went into every checklist and procedure, and how much study and practice goes into training and maintaining every fight crew member, cabin crew included.

So I’m curious . . . what reference am I missing that helps me understand what menu settings cause exactly which pieces of personal data to be shared with which Apple services? I want to RTFM, and while I appreciate people wanting to be helpful, comment replies are not themselves documentation.

(I switched from Android to ios in 2020 and haven’t really figured out details beyond turning icloud sync off for specific apps. I’d like to add more devices and learn to trust that sync method but I don’t understand where crypto is used and how the keys are handled.)

Plagiarism should be part of the conversation here. Credit and context both matter.

How much stock ownership remains with the nonprofit Raspberry Pi Foundation? And will that be enough to hold off shareholder complaints that they aren’t being evil enough?

God that sounds awful in headline form.

Pride month is absolutely not an excuse to say “current homophobes will never get better, so they all need to blah blah”. Their current behavior is intolerable, but through continued exposure and humanizing influences, the people can be reached. It’ll go from hatred to extreme discomfort to mild discomfort to … something more normal.

Unfortunately I’m a crappy communicator and I can’t figure out a way to reduce that to a headline without making it some kind of division-promoting reductionist garbage. Sigh.

Giving up land to an invader was ever acceptable? LOL

Clearly my comment annoyed you. What should I have done differently? Apart from switching away from Windows, what plan or idea should I have attempted to rally support for?

Ok that tears it. What firewall rules do I need to set so I get security updates and absolutely nothing else?

Wait don’t do that. They garnish wages for student debt. They’re happy to do it, too, as they get to keep a big chunk of extra fees that way.

Agreed. They are deliberately taking advantage of the fact that people don’t understand how autopilot is actually used in aircraft.

Sure, the most pedantic of us will point out that, with autopilot enabled, the pilot-flying is still in command of the aircraft and still responsible for the safe conduct of the flight. Pilots don’t** engage autopilot and then leave the cockpit unattended. They prepare for the next phase of flight, monitor their surroundings, prepare for top-of-descent, and to stay mentally ahead of the rapid-fire events and requirements for a safe approach and landing. Good pilots let the autopilot free them up for other tasks, while always preparing for the very real possibility that the autopilot will malfunction in the most lethal way possible at the worst possible moment.

Do non-pilots understand that? No. The parent poster is absolutely correct: Tesla is taking advantage of peoples’ misunderstanding, and then hiding behind pedantic truth about what a real autopilot is actually for.

** Occasionally pilots do, and many times something goes horribly wrong unexpectedly and they die. Smart, responsible pilots don’t. Further, sometimes pilots fail to manage their autopilot correctly, or use it without understanding how it can behave when something goes wrong. (RIP to aviation Youtuber TNFlygirl who had a fatal accident six days ago, suspected to be due to mismanagement of an unfamiliar autopilot system.)