As per usual, the answer is “depends on your threat model”. For a lot of sensitive communications, the centralised design and therefore ability to correlate metadata is a no-go. But if you’re just using it e.g. as a WhatsApp replacement to message your friends, it’s fine. It’s still the most polished and normie-friendly e2ee foss messenger.

Do you have the skills to self-host? If so, you can host any number of cloud storage services: Nextcloud, Immich, Cryptpad. You could even host a Forgejo instance (the software Codeberg runs on) although it’s really not intended for storing the kind of images you’re talking about.

I am guessing, though, that you are probably not a very technical person, and self-hosting might be out of the question for you. In which case unfortunately your options are a fair bit more limited. There are free hosted Nextcloud instances—Disroot hosts one. Or you could go with something like Proton Drive. If you’re open to proprietary options then there’s several very widely used options like Dropbox, Google Drive, Mediafire, etc. But if you’re posting here, you probably don’t want those.

Who said this person was on the “left”? In any case, who cares. I don’t care about winning people over to the “left”. I’m a communist, and history has shown that proletarian revolutions aren’t primarily composed of politically active “leftists”, socialists, etc. Revolutions are made by working class people acting out of self-interest, whether or not they’ve attained a socialist/communist consciousness (and often times, they haven’t).

If you haven’t already, I recommend Watchtower (nickfedor fork—the original is unmaintained) which automatically pulls updates to Docker containers and restarts them. Make sure to track latest, although for security updates, these should be backported to any supported versions so it’s fine to track an older supported version too.

Notesnook notebook with whatever info I need to be able to administrate the system. e.g. what different ports are used for and why the firewall policies are what they are, sometimes write-ups after a troubleshooting session, etc.

The Notesnook instance is self-hosted too, but if the server goes down, the notebook will still be available locally.

Signal is fine for normal/social chatting. It is centralised which makes it much harder to obscure identifying conversation metadata, and I wouldn’t recommend it for comms with a state threat model. I like SimpleX for addressing those issues.

If you just want to chat to friends and nothing else, I probably would recommend Signal for the most polished experience and most widely adopted open-source private messenger.

Most people who build software from source do it for reasons other than trust. Could be for fun (I imagine the main reason why people do Linux From Scratch), could be for the same reason that compels some people to use Gentoo lol. OP didn’t say what their motivation was.

edit: nvm, in other comments OP has said they’re concerned about an xz style of backdoor. In any case, I would still be interested to read about someone trying what OP is suggesting.

I use Notesnook and I’m happy with it. They have a flagship instance with free accounts if you don’t want to self-host.

If you want something more lightweight and are up for using syncthing, just a bunch of markdown files synced with syncthing also works. You can encrypt them with your pgp key if you want encryption, but that doesn’t encrypt metadata like file names, directory structure, or when files were last edited.

That’s concerning. If it was “I generated a function with an LLM and reviewed it myself” I’d be much less concerned, but 14k added lines and 10k removed lines is crazy. We already know that LLMs don’t generate up to scratch code quality…

I won’t use PostgreSQL with ntfy, and keep an eye on it to see if they continue down this path for other parts of ntfy. If so I’ll have to switch to another UP provider.

There are different server implementations. I run tuwunel and haven’t had problems. It seems about as performant on my VPS (8GB RAM, 4 CPUs at 2.4 GHz, hosting other services not just tuwunel) as matrix.org was when I used that.

It’s great to see a mainstream OEM work with GOS. I really hope Motorola will make phones with an actual headphone jack. That’s my no. 1 complaint about modern Pixel hardware.

For Android? K-Mail. I think they renamed it to Thunderbird now.

I use SpamAssassin. It’s fine, but definitely needs training. I might look into migrating to rspamd as it seems better, but I don’t have time atm.

This is just an archive. No different from using the wayback machine or any other archive of web content.

That’s why you don’t keep clothes if you wore them while committing a crime. Burn them.

So it mirrors repos before they go down? I think I get it if that’s the case; I thought it was just a host for “lost” software/source code in which case if you have a copy you can upload it to any software forge (if permitted by the licence). But if it’s meant to contain all software that currently exists, even if it shows no sign of disappearing, that makes more sense.

My point is that you don’t need a separate website for this; you can use existing software forge software and websites.

I don’t think it does address the question. In order to archive source code, you need to have the source code in the first place, ie you can’t archive truly lost source code. If you have the source code, you can upload it to any software forge.

That’s cool but is it necessary? If the licence permits redistribution then anyone can just upload to an existing software forge like Codeberg etc

OP said they’re not that tech-savvy. gopass is likely overpowered for their use-case.