Feeling attacked with Leggable and Fleable. I’ve been known to write a concern or two in Ruby on Rails but what can I say? I like my code DRY.

looks at community I hope so?

I’d almost go through the trouble of getting the content out of Wordpress. The nice thing about static site generators is you can completely switch out the framework, runtime, base Docker image and/or OS at any time.

Your router probably does have one, but your end devices should too. If your router is some piece of trash ISP-supplied one, it might not even have a firewall for IPv6 (if it even supports IPv6 at all).

I would add from an end-user privacy perspective, they might want HTTPS. If I hit a website not using HTTPS, I pretty much immediately back out. Bad actors like hostile governments and hackers can use seemingly meaningless data against you.

I can’t remember exactly what happened but I remember back when WebMD was fighting against rolling out TLS hackers were able to find medical weaknesses against people.

Yes I have a DNS service listening on both UDP and TCP to respond to DNS queries from clients using the standard DNS port; crazy me. 🤪

DNS

You can’t have UDP and TCP on the same port? I don’t think that makes sense, I have DNS listening on UDP and TCP both on port 53.

I killed off ads in the News app by blocking doh.apple.com. I find it kind of funny that it looks up its DoH server IP using the existing DNS server and that simply returning NXDOMAIN cuts it off.

Not sure if they use it for much more than that though (doesn’t seem like it).

One thing I want to bring up just so you’re conscious of it is WiFi calling.

I currently use Tailscale and a sophisticated setup to route traffic via commercial VPNs. I also do a ton of DNS ad/tracking blocking which Tailscale wasn’t really designed for (and requires a rat’s nest of routing, iptables and the like).

I’ve noticed I never receive incoming calls now even while attempting to send traffic to my carrier’s WiFi calling server (it’s just another traditional VPN server at a technical level) through the nearest Tailscale exit node.

All this is to say, if you want WiFi calling to work you should consider this. I believe it’s the same for Android and iPhone.

As for the traditional VPN bit I kind of discovered this a few years ago when using one of those mobile cellular gateways you can plug into your LAN (I lived in a dead zone). When looking up my current carrier’s WiFi calling server (a different carrier) I realized the port matches the same VPN thing they were doing on the cellular gateway, so I think it’s fairly common for wireless carriers to just use a VPN to get you into their backend.

Isn’t a Docker registry just HTTP? Would a caching proxy be too hard to use for this?