I’m not sure when you were using it, but Navidrome definitely let’s you play individual songs and shuffle.

fsck almost certainly isn’t going to cause loss of data, but it will likely inform you about a loss that already occurred if that is the issue you are having.

I would still say that getting people to the point where they can write safe C code every time is harder than learning Rust, as it’s equivalent to being able to write rust code that compiles without any safety issues (compiler errors) every single time, which is very difficult to do.

A scripting language written in Rust would certainly fulfill you requirement of only needing to copy one file since they are always statically linked and you can even statically compile against musl so it will work on any Linux system without needing a correct libc. Maybe check out rhai.

Also only differences are stored, so if your files don’t change much each backup costs very little. I keep hundreds of backups for the previous year of changes, and it uses less than double the amount of storage the files take up. You can also enable compression, which I do, so it’s even smaller.

I use backblaze storage with Kopia, which supports using object lock. Every time a backup is made the objects for it are locked for a configurable amount of time. I use 30 days, so an attacker would have to compromise my backup software for a month before being able to erase my backups.

A DNS based blocker wouldn’t block this, because the subscribe prompt is almost definitely being done by a script from the main NYT domain. The DNS blocker only blocks things that come from domains only used for things that should be blocked, and can’t differentiate between what type of content is being loaded (script vs image vs raw HTML) and definitely not between different things in the same class (paywall script vs the script that makes the buttons work).

Yeah this is why I don’t use cloudflare, I have my domains on porkbun.

Unless you are verifying DNSSEC, they could intercept any outgoing DNS queries and replace the response with whatever they want, if you are using DNSSEC they won’t be able to modify the responses since they can’t create the signatures, but they could still send queries to their own server instead of your chosen server. With either of these options they can still see what you query. DNS over TLS or HTTPS is a way to prevent all of these things, since with those you know the endpoint of your HTTPS connection is the actual server with the signed certificate and the connection is encrypted.

Edit to add: it shouldn’t matter what DNS you use to look up the IP of the DoH/DoT server, because only the real servers should have the correct private key.

It makes sense to have some kind of limit to prevent abuse, otherwise Reddit (or other sites) may be forced to ban the SimpleLogin domain if it becomes a source of spam. It would be similar from an email provider preventing you from sending spam from their domain.

If you have root you could just update the kernel to one that lets you do whatever you want on the system, so there’s no way to stop the attacker from viewing the passwords if the app is capable of displaying them.

This happens to me too.

I don’t think apps can read keystrokes for other apps on Wayland.

I use a subdomain for aliases, while my real address is at the base domain, which I suppose negates this issue.

Part of the reason I prefer having a catch-all on my own domain is that I can change providers without changing any email addresses. For example at the moment I run my own server, but in the future if that becomes too time consuming I can easily start paying for a service.

ETA: also I’ve never gotten any spam to a email I haven’t given out, people don’t really send emails to random names at a domain as far as I can tell