Didn’t think about the 2 machines thing. But yeah it looks definitely easier than setting a transparent proxy… But I guess all of this has to be on the same network, I cannot use an external server to which I connect to via wan because at that point the connections would be already need to be unproxied going out right?

But can’t your setup be done on the same machine with a firewall?

Yes DNS and pihole were never thought as content filtering tools

I need to block IPs and unauthorized connections that are not http/https as well, I know about DNS filtering but it’s not what I am trying to achieve.

Didn’t know about CENO, it looks super cool! Might have to dig more into TOR as well

Maybe search engines idk, something like Yucy?

Exactly! I don’t see why we have to rely on the old internet infrastructure for a completely differently conceived type of distributing content!

There’s stuff like ipfs, and I’m sure there are many ways to make self hosting easier…

We normalize everyone has a modem/router/access point at home: we should normalize everyone having his own server hosted, bitcoin node, ipfs node etc etc…

And your right, these services have to be super easy to deploy… I think containerization might be helping with this… Think about docker or Nixos… Make a nice GUI and simplify docker even more and you get packages that can run on any distro in any OS, that even a complete noob could spin up! Maybe paired with repos that host most of the self hostable stuff.

But yeah I think the whole structure might be have to be rethought, from the way we host to the way we can connect to each other… We got to give everyone the possibility to decide which web they want to be part of, and federation definitely allows this!

Do you think a Proxy would be better in this regard compared to a firewall? I was trying to watch the logs of ufw today and see if I could do something there but the incoming and outgoing connections are A LOT, and I would essentially like to whitelist both per domain and per IP.

How much maintainance would this require? I wonder how often IPs change today, but with all the NAT, dynamic DNS and CDNs there around maintaining a whitelist only with IP addresses looks like a nightmare…

Squid proxy with squidguard could be a better option than trying to work with a forewall maybe?

Yes please

Any suggestions on the how?

It looks really complicated, very different from Linux! I cannot understand properly all the sandboxing thing… But I guess it’s years of development and policies enforcement… Now I can see why Android it’s much more closed compared to a normal Linux distro, I guess this provides a lot of security but less customization. I also have to understand the role of the device manager in all of this. Is there any Linux distro that behaves similarly?

Why so much effort into securing it? Isn’t the Linux behaviour with users etc enough?

No it’s more a user management thing, I would need users to access a certain list of whitelisted websites only…

Maybe proxy or dns? I’ve been looking in squid proxy but it looks fairly complicated, especially if I wanna be able to access it from wan… But Idk if with DNS I could block ips as well. Setting up an hosts file seems like a lot of continuous work since I would have to specify entries for each ip address associated with domain… Maybe firewall?

Yes it’s more something like that, making certain type of content a lot less accessible.

I think it’s all a problem of time: if we have more time to carefully think about what we are doing on our devices, we usually make better choices.

We need better tools to give us more time to actually evaluate and decide.

I’ll make an example: I installed an android device manager which let me set a block timer for each new installed app, that means that whenever I install something new I will have some time to reflect on whether I actually need that new app or not, and most often than not, the answer is no.

I don’t fucking care of having an even slimmer addictive machine in my pockets. Give me a phone that weights 400g but that has a fucking replaceable battery (that lasts 2/3 days), a good OS, doesn’t track me and I can set up as I want.

And that would be enough to bypass root settings?

If someone wants to prevent users to mess with the system should he just disallow downloads entirely/confine the user into an intranet?

Enough focus to read documentation.

That’s really it. If your purpose is just self hosting learning bash could also be helpful. And yeah Linux would be a great choice.

But mostly, if you want to self host an instance of Nextcloud correctly and without having to deal with too many unexpected things, you have to read the documentation and do not rush. Most self hosted stuff isn’t “install and use”, because you’ll be your own server manager, and everything requires attention to be managed.

Docker or not docker you will have to deal with configuration, settings, requirements and updates.

So understanding how to read the docs/search and open github issues and taking time to read everything would be the most important skill for me.

Also writing down what you are doing would indeed be helpful too, in order not to lose track of what you’re doing on your server. (Check out Ansible).

Most apps out there simply need you to know about permissions, systemctl services and package managers.

Try to always find a specific package for your distro for everything you install (eg. .deb for Debian), and have strategies when this is not possible (aka using a Python venv when installing python programs).

Absolutely Debian stable, the first thing i wanted in Linux was stability, coming from windows you want something that “just works” and I think Debian stable + Gnome is the perfect choice for this!

My god this is so fucking clever and so fucking good to hear!!

Thank you so much for taking the time to answer!

I’m not sure how to get the N from session history, nor how to check my session history…

but this might be some relevant output I’ve found with journalctl -k -b

Nov 21 16:08:18 rpi kernel: usb 2-2.1-port2: cannot reset (err = -110)
Nov 21 16:08:19 rpi kernel: usb 2-2.1-port2: cannot reset (err = -110)
Nov 21 16:08:19 rpi kernel: usb 2-2.1-port2: Cannot enable. Maybe the USB cable is bad?

Nov 21 16:41:57 rpi kernel: I/O error, dev sdb, sector 2466347032 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
Nov 21 16:41:57 rpi kernel: EXT4-fs warning (device sdb1): ext4_dx_find_entry:1796: inode #75497968: lblock 42: comm apache2: error -5 reading directory block
Nov 21 16:41:57 rpi kernel: EXT4-fs error (device sdb1): ext4_journal_check_start:83: comm apache2: Detected aborted journal
Nov 21 16:41:57 rpi kernel: Buffer I/O error on dev sdb1, logical block 0, lost sync page write
Nov 21 16:41:57 rpi kernel: EXT4-fs (sdb1): I/O error while writing superblock
Nov 21 16:41:57 rpi kernel: EXT4-fs (sdb1): Remounting filesystem read-only

The output is from yesterday, when the device stopped working correctly.

I’m not familiar with linux kernel, but I can see there is definitely something wrong…

The HDD (old) is attached to a USB hub (new), I tried switching port of the hub but the same issue happened again, if I try to mount it with sudo mount /mnt/2tb, it says it is already mounted:

mount: /mnt/2tb: /dev/sdb1 already mounted on /mnt/2tb.
       dmesg(1) may have more information after failed mount system call.

sudo dmesg | grep sdb gives back:

[147776.801028] I/O error, dev sdb, sector 77904 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[147776.815452] EXT4-fs warning (device sdb1): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm ls: error -5 reading directory block
[147796.731734] sdb1: Can't mount, would change RO state

Thank you so much, You are taking a lot of effort to answer my doubts and I really appreciate!

So essentially match can return different types, but of course I have to specify it in the function signature, wheter using an enum or other ways, this makes sense! This was a missing piece in my puzzle, I didn’t consider the fact that the match return here was the function return type as well, and i had encoded -> String as return type.

Hi! First of all thank you so much for the detailed explanation!

What I’m trying to do is scraping some content.

Yes I’m trying to return all links (maybe in a vector), I have a list of elements (Select, which actually is scraper::html::Select<'_, '_>) which contain essentially html nodes selections, and I would like to grab each of them, extract the actual link value (&str), convert it into an actual String and push it firstly into a vector containing all the links and then in an istance of a struct which will contain several datas about the scraped page later.

I was trying to use a for loop because that was the first structure that came to my mind, I’m finding it hard to wrap my head around ownership and error handling with rust, using the if let construct can be a good idea, and I didn’t consider the use of break!

I also managed to build the “match version” of what I was trying to achieve:

fn get_links(link_nodes: scraper::html::Select<'_, '_>) -> Vec<String> {
        let mut links = vec![];

        for node in link_nodes {
            match node.value().attr("href") {
                Some(link) => {
                    links.push(link.to_string());
                }
                None => (),
            }
        }

        dbg!(&links);
        links
    }

I didn’t understand that I had to return the same type for each of the Option match arms, I thought enum variants could have different types, so if the Some match arm returns (), also None has to do the same…

If I try with a simpler example I still cannot understand why I cannot do something like:

enum OperativeSystem {
            Linux,
            Windows,
            Mac,
            Unrecognised,
        }

        let absent_os = OperativeSystem::Unrecognised;
        find_os(absent_os);

        fn find_os(os: OperativeSystem) -> String {
            match os {
                debian => {
                    let answer = "This pc uses Linux";
                    answer.to_string()
                }
                windows10home => {
                    let answer = "This pc uses Windows, unlucky you!";
                    answer.to_string()
                }
                ios15 => {
                    let answer = "This pc uses Mac, I'm really sorry!";
                    answer.to_string()
                }
                _ => {
                    let is_unrecognised = true;
                    is_unrecognised
                }
            }
        }

match is much more intuitive for a beginner, there’s a lot of stuff which go under the hood with ?