AmbiguousProps

It’s definitely not legal, especially if your school is funded by the public. That “free internet and power” is paid by someone, and if it’s the public, it’s kind of a dick move.

They can’t see what’s in your ssh or VPN tunnels necessarily, but they can usually see where the packets are originating from and going to. So if you’re say, accessing it from home directly to the server via VPN or SSH, if you’re not doing so using a full VPN service like Mull, they’ll be able to see the origin IP of your SSH or VPN handshakes, and thus your home IP.

Ah, yeah, OpenBSD would do it. You’d basically be limited to running it in a VM which would have severe overhead. For Linux based stuff, though, it has minimal overhead.

Interesting, what OS are you running? I’ve never ran into one that it doesn’t work on so that’s surprising.

I would counter that disadvantage with this: due to testing constraints, docker containers are usually updated more quickly when there’s a 0 day, and you don’t have to patch your entire OS if one single container has one. It reduces operator overhead greatly, because that’s what it’s designed to do. Even if one of your containers has a vulnerability, because it’s a container, it won’t necessarily affect your entire system, depending on the vulnerability.

I suppose that it adds technical overhead (not sure I would call it severe though), but in my opinion the benefit of docker is how easy it is to spin up a new service, and how easy it is to update and maintain the containers.

You can host remote files via SFTP + cloudflared (or another reverse tunnel provider) without opening any ports. Then you use a file manager to add a network share with your SFTP information.

For the calendar, WebDAV is probably your best bet, which also works with reverse tunneling. You can also use WebDAV in place of SFTP if you prefer to only have one (or two with a reverse tunnel) service configured. Nextcloud is a great option since it has WebDAV and file management built in.

I would use Docker to do it all, but there is a learning curve associated with setting all of this up in a secure way (which is what the reverse tunnel helps with).

topgrade is great. Distros such as bazzite use it for all of their updates, under the hood anyway.

How do you configure it to do that, then? Because calyx’s docs only say that it’s either disabled, enabled without a Google account, or fully enabled. The last two send some data to Google regardless. I’m genuinely asking, because this is the main reason why I left Calyx for Graphene. I saw my phone hitting Google services when I wasn’t even using it. Graphene lets me disable network for apps entirely, something that wasn’t a thing for Calyx either (at the time).

Does Calyx allow you to disable your USB port as well?

Also, I’m still curious about what you said earlier about GrapheneOS being a ‘trap’. Can you elaborate?

As another user stated in reply to you earlier, this is debatable. Debating does not equal hate, I used to use MicroG a ton (I was a CalyxOS/LineageOS user before). But, you must acknowledge that MicroG still communicates with Google, and you can’t disable this at the OS level. That’s the primary benefit of sandboxed Google Play - you can take away full access and many apps will continue to function, and on top of that, the sandboxing layer ensures that the rest of your phone is secure.

MicroG is fine, it’s great, even. But it’s not infallible, and depending on your threat model, that’s something to at least consider.

Can you explain more about how it’s a trap, though? This is an open source project that you can build yourself.

It should be noted that these were already being mitigated by GrapheneOS before this came out, mostly thanks to the hardware-level USB disable feature. https://grapheneos.social/@GrapheneOS/114081913638905015

It should be noted that email servers, no matter the setup, require you to follow strict standards to achieve proper delivery. It’s very easy to get blacklisted, and it’s next to impossible to get off of said blacklist once you’re on it.

I used to host my own mail server with this, but it got to be too much to get my emails to actually send. I was always wondering if my email was actually delivered or if it was silently bounced or sent to spam. Email is the only thing I’m not willing to self host.