Firstly, you may also be interested in: https://containerssh.io/v0.5/

This is a similar software, but maintained. However, it doesn't look like you limit networking with the Docker backend, beyond a simple on/off.

An even simpler solution, is to have the the ssh entry command not be the usual shell command (/bin/bash), but rather a command that starts a shell within a container. So something like:

podman run -it --rm -v "-v /HOST-DIR:/CONTAINER-DIR" docker.io/library/debian:bookworm bash would create a shell inside a short lived debian container (that is deleted upon disconnect) where a host directory is mounted inside the container.

As for mysecureshell, I would assume that since it is in the Ubuntu repos, it is still being maintained. But it's possible, since it is unmaintained that there are unknown security vulnerabilities or other issues, but:

It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.

If it's just for your friends, it may be okay to use a less secure solution if you trust them.

As an alternate solution: since you are looking for some sort of file searching, perhaps you could host an app explicitly designed for that, like Seafile or Nextcloud.

Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?

I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it's own instance of firefox, complete with different history, extensions, and setting. You could have a "Netflix" profile and a regular browsing profile.

Thorium's entire focus is on performance. As another commenter has noted, that means no security updates, and no privacy features.

I wouldn't recommend it for daily use, but if you are playing a browser based game it's worth testing out. I used to play krunker.io and I tested it to see if I could get more FPS (FPS equaled faster movement speed back then), but I didn't see any major performance improvements over the major krunker clients or Microsoft Edge (other most performant browser).

Crowdstrike didn't target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

There is no such thing as a back door that "good guys" can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.

The python3 package should contain the entire python standard library

You are free to use a distro which does not split packages, favorite distro, Arch Linux (btw).

Or, you can install the recommended dependencies of python3. Testing in a container, the python3 package pulls:

root@a72bd55a3c1a:/# apt install python3
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
  libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
  libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl
  python3-minimal python3.11 python3.11-minimal readline-common
Suggested packages:
  gpm krb5-doc krb5-user python3-doc python3-tk python3-venv python3.11-venv
  python3.11-doc binutils binfmt-support readline-doc
The following NEW packages will be installed:
  ca-certificates krb5-locales libexpat1 libgpm2 libgssapi-krb5-2 libk5crypto3
  libkeyutils1 libkrb5-3 libkrb5support0 libncursesw6 libnsl2
  libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 media-types openssl python3
  python3-minimal python3.11 python3.11-minimal readline-common
0 upgraded, 26 newly installed, 0 to remove and 18 not upgraded.

python3-venv python3.11-venv

I find it odd, because debian does this by default, actually. They account for usecases like yours, and instead you have to edit a config file or use a command line flag to get it to not install recommended dependencies.

I recently noticed that it's now integrated into Canvas, a FOSS online learning management software which my college (and my high school, and my middle school) have used.

To bad no one bothers with it, forcing everyone to use zoom instead. Which sucks, because the first day of online classes, zoom permissions weren't set up properly, meaning no one could join the meeting. Probably wouldn't have happened with BigBlueButton.

I used to spend a ton of time helping people on reddit with linux and related things, and the "why" matters immensely in that case.

XY problem was extremely common, where someone was trying to achieve a goal through "incorrect" means.

I also saw many, many people's issues where they wanted something, but were referring to it by a different name, ending up confused and lost. All I had to do was say "you actually want Y" and point them on their way, and they would be happy.

And then of course, sometimes people try to do something that's simply not possible (or more usually, not implemented in software.).

But in general, it's very difficult to help people who don't make it easy for you to help them, and part of that is explaining the "why", in addition to their issue.

I'm not too well versed in rustdesk, but it seems that they use end to end encryption (is it good? Idk).

https://github.com/rustdesk/rustdesk/discussions/2239#discussioncomment-5647075

I have experience with a similar software that uses relays, syncthing. With syncthing, everything is e2ee, so there's no concern about whether or not the relay's are trustworthy, and you can even host your own public relay server.

I find it hard to believe that rustdesk, another relay based software, wouldn't have a similar architecture.

edit: typo

Around 98-99 here (100 is max for non nitro users),and I'm noticing a significant delay when loading.

I use the browser version of discord in firefox.

(There is a learning curve to packaging stuff yourself.)

"Learning curve" is an understatement. Nix is one of the most poorly documented projects I've seen, next to openstack. Coming into it with no background in functional programming didn't help.

Maybe I shouldn't have tried to package openstack on nix.

But I've tried to package other stuff, like quarto, and that was a nightmare. Nixpkgs didn't have an updated pandoc and I spent an eternity asking around for help, to try to package it. An updated version just got pushed to unstable a few days ago. The same matrix channels I joined to ask for help have been discussing this since then. Props on them for getting it working, but anyone who says that you can easily package anything, is capping. You need to have an understanding of the nix language, nix packaging (both of which are poorly documented), and a rudimentary packaging ecosystem of what you are trying to package.

Don't even get me started on flakes vs nonflakes.

I still use nix-shell for all my development environments, because it's the best way for reproducible environments I can share I've found.

Can you elaborate on what you found lacking in kasm? Because afaik, kasm is one of the best solutions for this, giving you a full desktop session inside a docker container.

The search on nautilus is probably better because a lot of gnome distros have the file indexer enabled by default, and that's what nautilus uses, but many kde distros don't come with the kde indexer, so dolphin doesn't index by default.