> compute isolation means nothing if the sandbox can freely phone home.
Here's a project I've been working on to address the network risk. Uses nftables firewall allowing outbound traffic only to an explicit pinned domain allowlist (continuously refreshes DNS resolutions in the background).
Digital technologies can be terribly destructive, but they can also be gloriously empowering. How do we shape them into tools for conviviality rather than means of domination?
I don't think of HN as a source itself but rather a way to discover sources. So I think my Pocket data reflects sources that I've discovered, but to your point, doesn't represent everything I've read from those sources.
Moved to Wallabag, but note that I don't read anything via Wallabag (or Pocket) UI. I export saved items as an RSS feed which I consume in an RSS reader like Inoreader or FreshRSS.
> This is a relatively simple request when the server is under your desk: boot a rescue disk, use a tool like shred to wipe the data on all the hard drives, then press the power button. When the server is in a remote data center, it's a little more challenging: use a remote console to reboot into a rescue disk, wipe the server, then remotely pull the power using some networked PDU. When, like me, you have to wipe a server thousands of miles away with no remote console, no remote power, no remote help and only an SSH connection, you start scratching your head.
Here's a project I've been working on to address the network risk. Uses nftables firewall allowing outbound traffic only to an explicit pinned domain allowlist (continuously refreshes DNS resolutions in the background).
https://github.com/noperator/cagent
reply