I have no doubt that China can and does buy data from data brokers. I think it's unlikely, however that any of the major players are going to be willing to sell all their data on anyone- being able to target ads to individuals is their entire value proposition after all. On top of that, Facebook, Twitter, and Instagram have fallen pretty heavily out of favor with folks in their teens/early 20s (i.e. the demographic most ripe to be sources of bad OPSEC).

But even assuming that an adversary could buy all the data they could possibly want, doing so could tip off anyone who cared to be watching about the sorts of data they're interested in. This is generally not something you want as it can reveal your own strategic concerns/intentions.

Having your own app that can collect whatever you want, where you can promote whatever information/view that you want is a pretty big advantage over buying data.

If the argument is about privacy, I think banning tik tok is complete bullshit. If it's about limiting intelligence gathering and influence campaigns, I think it makes more sense.

Check out low end box. I found coupons for racknerd. I have one VPS that's $10/yr, another that's $18/yr. I've had zero downtime in the 18 months I've used them. No complaints from me. YMMV of course.

You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.

I'm not a docker expert- i tend to just run everything in an LXC. But, doesn't docker typically run as root? It might be that you gave your lxc user UID proper permissions, but not the lxc root UID.

Alternatively, you are aware that LXC UID 1000 != Host UID 1000, yes?

FWIW, permissions in proxmox/LXC are really clear and predictable... once you understand the way the map in the config files.

I'm a big fan of cheap (as in ~$10/yr vps) and reverse proxy over wireguard. My home ip isn't exposed and I'm able to quickly spin new containers up by updating my reverse proxy config and adding a wireguard peer.

I keep two VPSs- one as reverse proxy for all my miscellaneous services and another solely for email. The latter port forwards raw traffic over wireguard to my email server container. That way, even if the VPS gets compromised, my personal data remains secure.

I end up paying ~ $30/yr (+ whatever I'm paying in electricity) for domain + VPS. It's a bit more involved than tailscale, etc, but I'm willing to put in a little extra work to make sure I'm not at the mercy of some company getting up to some rent-seeking bullshit.

Have you searched for a "surrey"? Maybe you'll have better luck with that?

I think the idea you're driving at is that the worst leaders in human history will drive us to extinction. That's not the scary thought to me. The scary thought to me is that decent or even good leaders might do the same when put in the wrong position. There are plenty of cases where individual rational decisions combine to disastrous consequences for all involved. I wonder if it's possible for humanity to continually avoid such survival-threatening prisoners' dilemmas...

One issue I've had in some networks is that wg will connect, but not receive any traffic from the network. You can try to set up a static route for your wg subnet pointing at your wg server's local IP.

No idea if that's your issue though.

Are there distro-specific issues? I've always just downloaded the zip and run the installer with no issues.

In federal court, a judge has a few options to deal with spoliation;

Under Federal Rules of Civil Procedure Rule 37 possible sanctions are as follows:

• dismissal of the wrongdoer’s claim;
• entering judgment against the wrongdoer;
• exluding expert testimony; and
• application of adverse inference rule.

The last of these basically allows the court to infer (or instruct the jury to infer) that the destroyed evidence was the most possibly damning thing and hold that against the party in question.

Outside of the above, destruction of evidence is a crime. The judge has no power of investigation that I'm aware of, but maybe it just means informing those who have such power.

It's not that I care what they're made of. Here they're required to charge 10¢/bag. I would happily take a paper bag. The thing I don't like is being treated like an extremely petty criminal.

As an aide though, everything I've read supports the conclusion that the bag bans only lead to more waste. IIRC, a generous estimate would mean you need to reuse a bag at least 20x in order to break even on resource usage... Which basically never happens. It's an excellent example of a feel good solution that sounds good until you run the numbers. ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

That said, I'd be perfectly happy to see us eliminate almost all uses of disposable plastics.

The user and group mapping for lxc is easy(ish) once you understand it.

The above breaks out as follows: lxc.idmap: [user/group] [beginning host UID/GID] [number of sequential IDs to map]

lxc.idmap: u 0 100000 1000 [maps LXC UIDs 0-999 to host UIDs 100000-100999]

lxc.idmap: g 0 100000 1000 [maps LXC GIDs 0-999 to host GIDs 100000-100999]

lxc.idmap: u 1000 1000 1 [maps LXC UID 1000 to host UID 1000]

lxc.idmap: g 1000 1000 1 [maps LXC GID 1000 to host GID 1000]

lxc.idmap: u 1001 101001 64535 [maps LXC UIDs 1001-65535 to host UIDs 101001-165535]

lxc.idmap: g 1001 101001 64535 [maps LXC GIDs 1001-65535 to host GIDs 101001-165535]

The last two lines are needed because a running Linux system needs access to a minimum of 65336 UIDs/GIDs (zero-indexed).

You can basically think of LXC as running everything on the host system itself, but running it all as UID/GID 100000-65535 by default. In an unprivileged container, you have to remap these to give access to resources not owned by that range.