Have you ever tried Linux on photosynthesis?

I use Debian for any of my servers. Its stability is unparalleled.

My personal computers are a playground though.

deleted by creator

Doesn’t GPL technically require you to attribute the upstream anyway?

The work must carry prominent notices stating that you modified it, and giving a relevant date.

If you’re using docker: change your image name from gitea to forgejo. Repull. Done. Baremetal should be just as simple. Migrations are as easy as leaving all the data in-place and changing the binary at this moment in time.

Yet the review time is exponential with the size.

You’re right, my bad.

OP’s security concern is valid. Different CAs may differ in the challenges used to verify you to be the domain owner. Using something that you could crack may lead to an attacker’s public key being certified instead.

This could for example be the case with HTTPS verification (place a file with a specific content accessible through your URL) if the website has lacking input sanitization and/or creates files with the user’s input at an unfortunate location that collides with the challenge.

This attack vector might be far-fetched, but there can certainly be differences between different signing authorities.

Do you still need help with docker?

It’s always the DNS!

Setting up synapse is particularly painful.

For a server for hosting services like in this meme? I always go Debian. Incredibly stable.

Vertically AND horizontally, please.

But but but virtual DOM /s

I was a huge C++ fan back when I was doing a bunch of competitive programming. If I need a performant project nowadays, I look to golang first. It gives me the speed of a compiled language with the usability of high-level language. I still solve the occasional Advent of Code in C++, though :)

There are free services that let you send and receive on your own domain. I use zoho. I can send emails with SMTP, but unfortunately, you cannot read them other than by using their web interface in the free tier.

Not at all only. At times you have both IPv6 and IPv4 and other times you can still get IPv4 at no additional cost like when you run your own router or modem. The layperson will be given IPv6 by default, but it’s not the only thing you can get.

What does Firefox Gold include?

I’m an Arch user flirting with the idea of NixOS. Is it too late to save me?

Absolute joke of a comment. You are assuming the browser is a holy grail completely isolating the internet from the operating system.

First of all. The browser runs on the operating system’s services. In particular, the isolation that you implicitly cite is done entirely by the kernel. (That’s for example why you cannot run chrome in an unprivileged docker container - the crucial isolation-centered system calls are not available) The whole network stack is managed by the operating system. Cryptography can also partially be done OS-sided. The simplest example is CSPRNG, which is usually provided by the OS. (Advanced systems may rely on external physical generators, see Cloudflare’s lava lamps).

Secondly. Completely and utterly wrong. The linked video displays the execution of Meltdown/Spectre within a browser. Using JavaScript. This allows the attacker to gain access to any data they want on your computer simply by running some JavaScript code. Easily remotely executed via XSS on a poorly written website. You may read the full article here. Or inform yourself about Meltdown and Spectre here. How is that relevant? Combating this vulnerability was primarily done via critical OS updates. The exploits are inherit to certain CPUs and are therefore not fully fixable. Still, the combination of BIOS, Chipset, OS, and browser updates help prevent very serious attack vectors. (That’s the reason why the browser’s time measurement is only accurate to about the millisecond.)

So no. Browsers aren’t the magic solution to everything (sorry Ubuntu Snap). They very much depend on the OS providing the assumed security guarantees. And even assuming no direct vulnerabilities in the OS, we can never exclude side-channel attacks, like what Meltdown and Spectre were (or still are if you refuse to update your system).