It’s definitely not legal, especially if your school is funded by the public. That “free internet and power” is paid by someone, and if it’s the public, it’s kind of a dick move.

They can’t see what’s in your ssh or VPN tunnels necessarily, but they can usually see where the packets are originating from and going to. So if you’re say, accessing it from home directly to the server via VPN or SSH, if you’re not doing so using a full VPN service like Mull, they’ll be able to see the origin IP of your SSH or VPN handshakes, and thus your home IP.

Surely US investors won’t harvest data and/or enshittify the product!

Should have just fired the CEO instead, would’ve saved millions and the company in one go.

Just last week, they were posting job listings for DevOps engineers. Glad the CEO’s bullshit stopped me from even considering it.

Sure, but I didn’t mean to say that FOSS couldn’t be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it’s more difficult for it to be hidden.

Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.

Be very wary of what apps you install, and in fact, try to only use FOSS.

Yes, it would. Those basically create sandboxes.

So the first line says that it’s for older versions of android before 2022. But the next paragraph says:

For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

So this may still be possible, however sandboxing, especially GrapheneOS’ implementation likely mostly, if not entirely reduce this risk.

did you not read your link?

Interesting, what OS are you running? I’ve never ran into one that it doesn’t work on so that’s surprising.

I would counter that disadvantage with this: due to testing constraints, docker containers are usually updated more quickly when there’s a 0 day, and you don’t have to patch your entire OS if one single container has one. It reduces operator overhead greatly, because that’s what it’s designed to do. Even if one of your containers has a vulnerability, because it’s a container, it won’t necessarily affect your entire system, depending on the vulnerability.

I suppose that it adds technical overhead (not sure I would call it severe though), but in my opinion the benefit of docker is how easy it is to spin up a new service, and how easy it is to update and maintain the containers.

You can host remote files via SFTP + cloudflared (or another reverse tunnel provider) without opening any ports. Then you use a file manager to add a network share with your SFTP information.

For the calendar, WebDAV is probably your best bet, which also works with reverse tunneling. You can also use WebDAV in place of SFTP if you prefer to only have one (or two with a reverse tunnel) service configured. Nextcloud is a great option since it has WebDAV and file management built in.

I would use Docker to do it all, but there is a learning curve associated with setting all of this up in a secure way (which is what the reverse tunnel helps with).

Graphene can shut it off at the hardware level, or just allow charging. It’s slick.

It should be noted that email servers, no matter the setup, require you to follow strict standards to achieve proper delivery. It’s very easy to get blacklisted, and it’s next to impossible to get off of said blacklist once you’re on it.

I used to host my own mail server with this, but it got to be too much to get my emails to actually send. I was always wondering if my email was actually delivered or if it was silently bounced or sent to spam. Email is the only thing I’m not willing to self host.