1. For all the mentioned cases, if your firewall blocks incoming packets by default, no one can access it, no matter what is the source of the port being open.

2. You don’t configure it on the docker level, at least if you care about outside connections. If you mean from your local computer to a docker container, by default you cannot connect, unless you expose the port to the system. If you mean from other docker containers, just create your own separate network to run the container in and even docker containers cannot access the ports.

3. I usually use netstat -tulpn, it lists all ports, not only docker, but docker is included. docker ps should also show all exposed ports and their mappings.

In general, all docker containers run on some internal docker network. Either the default or a custom one. The network’s ports don’t interfere with your own, that’s why you can have 20 nginx servers running in a docker container on the same port. When you bind a port in docker, you basically create a bridge from the docker network to your PC’s local network. So now anything that can connect to your PC can also connect to the service. And if you allow connection to the port from outside the network, it will work as well. Note that port forwarding on your router must be set up.

So in conclusion, to actually make a service running in docker visible to the public internet, you need to do quite a few steps!

• bind a port to your local host
• have your local firewall allow connection to the port
• have your router set up to forward connections on the port to your machine

On Linux, local firewall is usually disabled by default, but the other two steps require you to actively change the default config. And you mention that all incoming traffic is dropped using UFW, so all three parts should be covered.

I mean, sure, but this could be the push to open architecture. Half the apps wouldn’t need recompiling anyway, only those containing native code.

Realistically it could take 2-3 years for Qualcomm to switch to RISC-V (so 5 years because we all know how smooth such huge transitions are). That’s enough time for Google to fully support Android on RISC-V.

IMO it’s now in Google’s hands, once they add support, interesting things are gonna happen. I could even see Arm going out of business, I’m sure Qualcomm would happily help others transition for a very fair fee to help get them out of business.

I think with RISC-V being as supported as it is (meaning it’s nothing obscure, but has strong open source toolchain support), this might potentially be a very bad move for Arm.

Anyway, I love it when corporate greed destroys corporations instead of humans for a change. And if open architecture gains traction thanks to that, well, all the better.

And whatever doesn’t use bullying as a tool to get more customers.

Ah, time to switch to RISC-V, then? Long term it’s the best choice. Wouldn’t be surprised if they started working on it.

I’m using Proton mail, I like their focus on privacy and e2e (only with other Proton users, though).

I mean, if it’s Hungary who pushes it, countries will be against it just on principle of Hungary proposing it.

Under GDPR they can’t use it, unless you give them consent. They obviously do, but they can’t be too obvious, otherwise they’d have to pay huge fines again.

We use .lh, short for localhost. For local network services I use service discovery and .local. And for internal stuff we just use a subdomain of our domain.

I personally only turn it off when someone’s visiting over night and the noise disturbs them, otherwise I just leave it on nonstop. Mainly because it would annoy me to try to open whatever and find out I have to turn on the server first. I don’t have a UPS and never even thought about getting one (for the server, I’m thinking of getting one for my 3D printer).

I have no idea why you would use a pen to turn pages???

Because the pen can be held in the other hand which can be anywhere - you turn the page with a click of a button. And the pen doesn’t have to be anywhere near the screen. After a few hours of reading you can feel the difference between having your hand in a natural position and forcing it in a position to be able to turn the pages.

Looks interesting, but I’m biased against anything that has Mediatek inside, so it’s gonna be a no from me.

I use Proton Mail for my primary domain and then addy.io for redirects to it. It costs $10 a year or something like that and it’s all I actually need.

Replying to emails is as easy as just hitting reply, the only thing that’s slightly harder is sending entirely new email (as in not replying) but even that can either be remembered, or the special email address copied from the addy.io app.

There’s nothing reasonable in you having to share your location with them constantly.

If you cut off all such apps, prepare to be isolated from your peers who most likely don’t care about privacy (which is most people and in your age group perhaps close to everyone).

If you’re not ready to go out of the mainstream, try to minimise your usage of such apps to only what you need - if you need Instagram for communication with peers, use it for that, but don’t feed Meta the data of what you look at. I was on Messenger for ~2 years after I quit Facebook and even that made me feel better.

Use some privacy protection tools, I personally recommend Adguard, but feel free to choose other popular options.

Beware that no matter what you do, big tech will still know about you more than you’d like.

Avahi basically broadcasts to the whole network “hello there, my name is some-cool-domain.local”. When you request that address, your router checks if someone broadcasts that name and uses their IP if so.

Yes, indeed, it’s your local timezone.

I mean, I’ve seen a password on a post-it in our office, so yeah, maybe a good idea? We also have a company mandated Bitwarden and you wouldn’t believe how many times I’ve seen people type a password by hand instead of using Bitwarden when I help them set up VPN or something. It’s definitely upwards of 80%.

store all of the documents, desktop, downloads, etc. on a couple computers

Why use SSHFS for that? I recommend using Syncthing, it’s great for synchronizing stuff across multiple PCs (local and remote).

I doubt it, it’s much easier to mod the console. Or just use a boot disc (or whatever those were called, I had the chip mod, so I don’t remember, but my friend used to have the disc which he had to insert before playing a pirated game).

Well, I do care. There should be borders.

Yeah, not likely and not really wanted. You don’t want terrorists in your country.