ajosh's comments

My experience has been that MAIB version updates are usually very smooth. Regular OS update (apt update/apt install) are smooth. The big problem is that the recommended path is to install on a fresh system when moving between OS versions. In the most recent release that required that, I actually did an in-place upgrade of the OS by running do-release-upgrade twice and leaving the config files as-is. I followed some steps that were posted on the forum. I ran into one or two minor issues but they were the sorts of things I'd expect to see running an "unsupported" upgrade. Other than the OS updates which just take time to download and install, the total work doing it this unofficial way was maybe a couple of hours. That's necessary every 2-3 years, I think?

I do have a few things that I've customized. Updates to MIAB will overwrite them if they're involved in the services it provides. Recently NextCloud updates have been better about removing all of your plugins. The only problem I ever had with it during an update was when the SQLite DB got corrupt. That basically made it so you had to reset NextCloud.

FWIW, I use MIAB and my e-mails aren't dropped regularly from what I can tell. Before this, I was using a mix of CPanel and gmail but for a variety of reasons, I wanted to take greater control of my e-mail.

I signed up with a small VPS/hosting provider that offered a decent amount of storage space with their VMs. I don't send spam and have maintained the domain name for a lot of years. I checked the IP for blacklists before migrating the domain to it. I may have had to e-mail one blacklist provider about being removed but if I did, I don't remember it.

Since MIAB sets up DKIM and SPF, your deliverability is pretty good out of the box. I don't send spam and so I think the IP's reputation has been getting better and better over the last few years. The truth is that for personal e-mail, the majority of messages are inbound and that's really not a problem.

If my memory serves the project started around the time of a popular blog post called NSA-Proof Your E-mail[1]. It may have been Josh's inspiration for the project, I'm not sure. In any event, the techniques described are pretty standard mail hosting and so MAIB's techniques are pretty much the same. I think it's just saying that while it does improve some things, it's not going to be what that blog post promised.

[1] https://medium.com/@cyberpunk_networks/nsa-proof-your-email-...

Sitelutions.com still offers this. Without a paid account, the only limitation is the TTL.

You have to think about Postel's law in terms of protocols and mistakes in your implementation. You assume your implementation isn't perfect and neither is the other. Do your best to be perfect and if you get something that isn't quite right, do your best to handle it well. That doesn't mean you don't validate inputs, it means that if data should come with a \n but instead comes with \n\r, you should treat it as a \n.

Why not use both? You can support the content creator with a higher per-view rate and still block ads in other places.

I agree with you 100%. I've had it for quite a while. When I see Youtube without being logged in, I really can't imagine using the at all with the current level of ads - it's gotten way worse in the past few years.

I also like having access to YouTube music but like so many things with streaming, you're not certain to get continued access to stuff you like. I've started buying MP3's of songs that I like again so that I don't have to worry that Google will stop carrying the music any more or raise prices on YouTube Premium to a level I don't like.

I have less and less trust for the big companies that provide these services so I'm focusing more on self-hosting and some form of ownership. It's not just MP3's. I'm also making sure that I'm using FOSS for my note taking (Joplin), backups (duplicati) and other such things. Some of this stuff is too valuable to me to risk losing access to.

I'm self hosting with mail-in-a-box as well. It comes with a nextcloud install. It hasn't been flawless but it's been good and I'm happy to have some control.

With e-mail, I haven't had any problems with one exception. When e-mailing the local school system, they reject my e-mails. I looked into it and it turns out that their spam provider was blocking me because I was a private domain or something like that. It was a configuration on their side. Their tech support told me that I should "get an e-mail address with a normal extension."

Outside of that issue, my e-mails have gotten delivered. Between graylisting and the built-in spam filter software, I haven't had any spam issues. It's been smooth as far as that goes. The webmail (roundcube) isn't as nice as gmail but desktop and mobile clients are good in any event.

The mail-in-a-box nextcloud install does use sqlite which means that you should make sure to backup contacts in case sqlite breaks. It broke for me once but I was able to copy my contacts from Thunderbird back into the system without any real problems.

Calendaring works pretty well with Nextcloud but I haven't found any calendar software that I really love. The web software is good but not super fast. Lightning has gotten better but still feels bolted on. Kontact calendar is too groupware-oriented for my personal use. Evolution never quite felt right to me. The built-in Apple calendar and Samsung (Andriod) calendar apps work fairly well.

Back when I ran slackware, it was pretty easy. You installed packages from the disk sets and the packages had the files they needed. It kept track of which packages wrote out which file in some text file so on removing a package it would know if removing the file was safe.

If I found software that didn't have a package, I would compile it. When I got more advanced, I'd create slack packages for the software. Since I'd compiled it on my system, dependencies were already met. I don't remember for sure, but I believe that the tools to build autoconf software were something in the core package set.

Knowing a number of foreign medical grads, I'd have to agree that they are not, as a rule, skethcy.

I like the idea of something like this that encourages you to start writing. It can be hard to get yourself to start creating. Having an easy outlet like this is a cool idea.

I also like and use Joplin - it can sync with anything that uses file sync but recently released its own server which is supposed to be faster.

Actually, they do. You pay half of the payroll tax and the company pays the other half. This is payroll tax and not income tax, that is Social Security and Medicaid. This is why if you're self employed, there is a self employment tax.

That said, I think that the parent is making a different point. I think the parent's point is that if the owners and employees of a company are paying taxes, then taxing the profit of a company taxes twice, once for the profit and then again for the income that comes from the dividend.

In KDE, in addition to being able to do this full screen, you can have regular windows without any chrome if you want. You just right click on the window title bar and change settings. You can easily set a rule to do this as well if you'd like.

This question (and the one above right now) are good points. GPG isn't really a killer feature right now. I likewise haven't needed secure e-mail in a while. I just happened to notice it when it migrated stuff over. I stopped using my Yubikey with gpg a while back.

All of that said - I'm replying to this message and not the other because there is one use for secure e-mail that may make a difference: DeltaChat. Deltachat uses autocrypt which includes your public key in headers. With autocrypt in place, Thunderbird can still read DeltaChat messages.

I'm not sure if DeltaChat will ever take off in large numbers but it seems like a decent option for secure chat/IM.

I've noticed that many of the linux repos are not up to date. If you're using those, you probably need to install it directly from the website to get the latest version and see the updates.

The major features that have come out lately that I've noticed are first-party calendar integration and first-party GPG support. There was a calendar integration but I always found it to be a bit funny and hard to get working all of the way. I never had problems with Enigmail, however.

Both features work much more solidly as an included part of Thunderbird. There are other, smaller features that have come in like having e-mail addresses in the To/CC/BCC lines be places into ovals to show them as a distinct, drag-able element.

The Thunderbird codebase is old and is full of a ton of features, transforming it in a way that is true to its past and moves towards a better future is going to take time but it is coming along. Sure, some of the major features were available as plug-ins but they're much more solid now that they're built-in.

Syncthing is awesome for being a dropbox-like service for computers. I've setup a syncthing share as a folder inside of nextcloud which is enabled as "External Storage." This gives me the best of both worlds. Sharing between computers is rock solid. The mobile use cases is a lot more reasonable and I can share files.

I don't like syncthing on mobile because it needs to maintain its connection to sync and therefore drains battery. Also, there isn't a way to have less than 100% of a particular share local to the phone. This isn't usually waht I want on my phone.

I've been using KeePassXC for a few years now. Before this, I was using LastPass and then before that, the original KeePass. Feature-wise, KeePassXC does a really good job replacing and going beyond LastPass.

It can have folders, it generates passwords, it can hold TOTP (2FA) tokens and it can even hold SSH keys acting as your SSH agent. Having your password safe be an SSH agent is a really nice feature which means less copying passwords around. The browser plug-ins have worked well for me as well.

I like that it can use any file sync tool for storing the key database - similar to why I like Joplin for note taking. I also like that there are many different clients for it since it is an open standard. To keep things secure you can use a password plus a key file. As long as you keep the keyfile only on the devices or on separate sync services, it raises the bar of security quite a lot.

There are KeePass clients on Andriod (Keepass2Android and KeePassDX) as well as iOS (Keepassium and another that I forgot the name of). All of the mobile clients support filling passwords. I have them all looking at the same file share and have not had any issues with corruption or file sync. I have it configured to immediately save all changes to disk and it writes and merges conflict files automatically as needed.

There are a few areas that it isn't as strong. First is sharing passwords - it has a feature for it but I haven't actually tried it out yet. Since you need to have the shared file ahead of time, you're really relying on your file sync provider to share that part of things. Second, the integration between programs works well but it isn't as seamless as a cloud service would be. For example, prompts will pop up in KeePassXC when there is a request to access a new password by a website. I believe this is probably more secure but it is an extra thing to come up when auto-filling passwords.

I have yet to try bitwarden but I would guess that sharing and lower-friction in web browsers would work better with it since those were the key benefits of LastPass when I'd used it.

Ubuntu does support fingerprint login if you have supported hardware.

I really like duplicati. It works in Linux, Windows and MacOS. It has good support for tons of back ends for storage (nfs, cifs, dropbox, s3, ssh, etc). The software is FOSS and it has a design that is well suited to cloud storage: it makes blocks of changes that are encrypted. As long as you have the password, it can use just those blocks to decrypt and restore.

It does automated restore tests. Setup is pretty easy. You install it, navigate to the internal web page and follow the wizard. It has sane defaults but you can change it to skip stuff you don't want backed up.

Duplicity is OK but it tends to be pretty CPU heavy when it runs and you can't control when it runs with much granularity. I used to use and like CrashPlan but its current pricing model doesn't work well for my home environment.Granted, my backups weren't huge so the memory usage of CrashPlan was OK for me.