local docker hub proxy

Do you mean a Docker container registry? If so, here are a couple options:

• Use the official Docker registry: https://www.docker.com/blog/how-to-use-your-own-registry-2/
• Self-host forgejo or gitea and use the included package registry, which is automatically enabled. Details: https://forgejo.org/docs/latest/user/packages/

At that point, you could say “male characters.”

You can self-host Bitwarden, too. My understanding is that VaultWarden is much simpler to self-host, though. Note that VaultWarden isn’t a “fork”; it’s a compatible rewrite in Rust (Bitwarden’s codebase, by contrast, is primarily C#).

I also use Bitwarden and strongly prefer it over every other password manager I’ve tried or investigated, for what that’s worth. I’d recommend it to 99% of non-enterprise users (it’s probably great for enterprise use as well, TBF).

The only use case I wouldn’t recommend it for is when you don’t want your passwords stored in the cloud, in which case KeePass is the way to go. To be clear, that recommendation does not apply if you’re syncing your vault with a cloud storage provider - even one you’re hosting, like SyncThing - even if your vault is encrypted. At that point just use Bitwarden or VaultWarden, because they’re at least audited with your use case in mind (Vaultwarden has only been audited once afaik, though).

Sure, but mortgage interest can easily be enough to make that worth it without any other deductions. With $300K principal and a 5% loan, that’s $15K - about the same as a single taxpayer’s standard deduction and roughly half of a married couple’s standard deduction.

I don’t think gravitational waves traveling at the speed of light is the same as the gravitational attraction being apparently felt faster than light travels.

I don’t know how you would measure gravitational waves without measuring gravitational attraction.

It’s not light that is “communicating” that attraction.

Nobody said it was. The “speed of light” isn’t about “light”. Gravity propagates at the same speed, aka “c.”

This Reddit discussion on r/AskPhysics might help clear up your misconceptions. Notably:

Just to clarify: when people talk about the speed of gravity, they mean the speed at which changes propagate. It’s the answer to questions like: if I take the Sun and wiggle it around, how long does it take for the Earth to feel the varitation in the force of gravity? And the answer is that changes in gravity travel at the speed of light.

But that’s not what you’re asking about. Whenever you’re close to the Earth, gravity is always acting on you: it’s not waiting until you step off a cliff, like in the Coyote and the Roadrunner. The very instant your foot is no longer on the ground, gravity will start to move it downwards. The only detail is that it takes some time for it to build up an appreciable speed, and this is what allows us to do stuff like jump over pits: if you’re fast enough, gravity won’t be able to accelerate you enough - but gravity is still there.

I get the sense that you’re thinking about the second scenario when objecting to the concept that gravity travels at the speed of light.

https://bigthink.com/hard-science/speed-of-gravity/

And it’s I who should take a course in encryption and cybersecurity.

Yes. I was trying to be nice, but you’re clearly completely ignorant and misinformed when it comes to information security. Given that you self described as a “cryptography nerd,” it’s honestly embarrassing.

But since you’ve doubled down on being rude, just because I pointed out that you don’t know what you’re talking about, it’s unlikely you’ll ever learn enough about the topic to have a productive conversation, anyway.

Have fun protecting your ignorance.

If a communication norm is just about other people’s preferences, why should they change? Who’s to say that other people’s preferences are more important than their own, particularly given that this particular preference is shared by millions of other people.

If inconsistent use of capitalization actually hinders understanding for some subset of their audience, then that’s a different story. My experience is that people are more likely to be annoyed than to actually have issues understanding all lowercase text. All caps text, on the other hand, is a different matter - and plenty of government and corporate entities are fine putting important text in all caps. But all caps text is a known accessibility issue. When I search for “all lowercase accessibility,” though, all I get is a bunch of results saying to not use all caps text for accessibility reasons.

If you have sources showing that all lowercase text is an accessibility concern, then you should share them. Heck, you should have led with that. But as it is, your argument ultimately boils down to “someone else should change what they do, that works for them, because it annoys me.”

Nice try FBI.

Wouldn’t “NSA” or “CIA” be more appropriate here?

Well, if my pin is four numbers, that’ll make it so hard to crack. /s

If you’re using a 4 number PIN then that’s on you. The blog post I shared covers that explicitly: “However, there’s a limit to how slow things can get without affecting legitimate client performance, and some user-chosen passwords may be so weak that no feasible amount of “key-stretching” will prevent brute force attacks” and later, “However, it would allow an attacker with access to the service to run an “offline” brute force attack. Users with a BIP39 passphrase (as above) would be safe against such a brute force, but even with an expensive KDF like Argon2, users who prefer a more memorable passphrase might not be, depending on the amount of money the attacker wants to spend on the attack.”

If you can’t show hard evidence that everything is offline locally, no keys stored in the cloud, then it’s just not secure.

If you can’t share a reputable source backing up that claim, along with a definition of what “secure” means, then your claim that “it’s just not secure” isn’t worth the bits taken to store the text in your comment.

You haven’t even specified your threat model.

BTW, “keys” when talking about encryption is the keys used to encrypt and decrypt,

Are you being earnest here? First, even if we were just talking about encryption, the question of what’s being encrypted is relevant. Secondly, we weren’t just talking about encryption. Here’s your complete comment, for reference:

I have read that it is self hostable (but I haven’t digged into it) but as it’s not a federating service so not better than other alternative out there.

Also read that the keys are stored locally but also somehow stored in the cloud (??), which makes it all completely worthless if it is true.

That said, the three letter agencies can probably get in any android/apple phones if they want to, like I’m not forgetting the oh so convenient “bug” heartbleed…

Just so you know, “keys” are used for a number of purposes in Signal (and for software applications in general) and not all of those purposes involve encryption. Many keys are used for verification/authentication.

Assuming you were being earnest: I recommend that you take some courses on encryption and cybersecurity, because you have some clear misconceptions. Specifically, I recommend that you start with Cryptography I (by Stanford, hosted on Coursera. See also Stanford’s page for the course, which contains a link to the free textbook). Its follow-up, Crypto II, isn’t available on Coursera, but I believe that this 8 hour long Youtube video contains several of the lectures from it. Alternatively, Berkeley’s Zero Knowledge Proofs course would be a good follow-up, and basically everything (excepting the quizzes) appears to be freely available online.

it wouldn’t be very interesting to encrypt them, because now you have another set of keys you have to deal with.

The link I shared with you has 6 keys (stretched_key, auth_key, c1, c2, master_key, and application_key) in a single code block. By encrypting the master key (used to derive application keys such as the one that encrypts social graph information) with a user-derived, stretched key, Signal can offer an optional feature: the ability to recover that encrypted information if their device is lost, stolen, wiped, etc., though of course message history is out of scope.

Full disk encryption also uses multiple keys in a similar way. Take LUKS, for example. Your drive is encrypted with a master key. You derive the master key by decrypting one of the access keys using its corresponding pass phrase. (Source: section 4.3 in the LUKS1 On-Disk Format Specification (I don’t believe this basic behavior was changed in LUKS2).)

Its impossible to verify what code their server is running.

Signal has posted multiple times about their use of SGX Secure Enclaves and how you can use Remote Attestation techniques to verify a subset of the code that’s running on their server, which directly contradicts your claim. (It doesn’t contradict the claim that you cannot verify all the code their server is running, though.) Have you looked into that? What issues did you find with it?

I posted a comment here going into more detail about it, but I haven’t personally confirmed myself that it’s feasible.

Both of the reasons you’ve provided are nonsensical:

• It isn’t performed automatically if you disable it, and they did (and explained why)
• They said they don’t believe capitalization aids with clarity. They didn’t express the same opinion about punctuation and paragraph breaks.

I can’t use signal.

Why? Do you not have a phone number? Is it blocked in your country? Are you legally prohibited from using software with end to end encryption?

Message history won’t be fully fixed. It can’t be without storing message backups in some cloud somewhere (whether it’s to iCloud, Google Drive, Dropbox, or Signal’s servers) and Signal omits its message history from system backups on iOS and Android.

iOS users are completely incapable of backing up their message history in the event of their phone being lost, stolen, or broken. This omission isn’t justified in any way, as far as I’m aware; I don’t know of any technical reason why following the exact same process as on Android wouldn’t work.

Android users are able to back up locally via Signal, but that isn’t on by default, can’t be automated, needs to be backed up separately, requires you to record a 30 digit code to decrypt it, and has limitations on when it can be used for a restore (can’t restore on iOS, for example). See https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages for more details.

Message history on linked devices - meaning iPads and desktop computers - is being improved, but it still won’t mean that a user who loses or trades in their phone as they get a new phone will be able to simply restore their phone from a system backup and restore their Signal message history. And even that isn’t anywhere near as easy as on Telegram, where a user can just log in with their password and restore their message history, no backup needed.

It’s great that they’re improving the experience for linked devices, but right now that doesn’t actually help if you lose, break, or trade in your phone. Maybe they’ll later allow users to restore to a phone from a linked device or support backups on iPhones, but right now the situation with message history isn’t just an unfriendly UX, but one that is explicitly and intentionally unreliable for a huge portion of Signal’s user-base.

Also read that the keys are stored locally but also somehow stored in the cloud (??),

Which keys? Are they always stored or are they only stored under certain conditions? Are they encrypted as well? End to end encrypted?

which makes it all completely worthless if it is true.

It doesn’t, because what you described above could be fine or could have huge security ramifications. As it is, my guess is that you’re talking about how Signal supports secure value recovery. In that case:

1. The key is used to encrypt your contacts, profile name, group avatars, social graph, etc., but not your messages.
2. Your key is only uploaded to the cloud if you have a recovery PIN or passphrase
3. Your key is encrypted using your PIN or passphrase using techniques (key-stretching, storing in server secure enclaves) that make it more difficult to brute force

The main criticism of this is that you can’t opt out of it without opting out of the Registration Lock, that it necessarily uses the same PIN or passphrase, and that, particularly because it isn’t clear that your PIN/passphrase is used for encryption, users are less likely to use more secure pass phrases here.

But even without the extra steps that we can’t 100% confirm, like the use of the Secure Enclave on servers and so on, this is e2ee, able to be opted out by the user, not able to be used to recover past messages, and not able to be used to decrypt future messages.

That’s worth considering, but it also needs to be weighed against possibly impacting their friendship if she’s not interested. I also wouldn’t recommend saying he “really likes her” if he doesn’t already like her a lot that way, but even just “I like you” would work just as well.

Liking multiple people at once is super common. The love triangle is a trope for a reason.

If you don’t like her then don’t worry about it (other than to maybe pay attention to how you’re acting around her and avoid flirting unintentionally) but if you’re interested in her, maybe try pursuing that? Flirt with her a bit and see if she reciprocates. If she likes you, there’s a good chance she’s been flirting with you and you’ve just been oblivious.

If you’re too shy to intentionally flirt, you could ask her outright, but it’d probably be better to ask her something that hints at your interest, like “I like this girl but I can’t tell if she’s into me - what sorts of signs should I be looking for?” Should be pretty obvious what you’re both saying and asking.

Learn, understand, challenge, repeat.

Learn as much as you can about all sorts of topics, even if you don’t have specific plans for those topics

Learn enough that you don’t just know the facts, but that you actually understand why things are the way they are. You should be able to predict things you haven’t yet learned if you understand the concepts. If you don’t understand something yet, keep learning.

Learn your fundamentals: language skills, math, logic, statistics, the science of research, history, politics, basic psychology, and the physics of whatever realm you’re operating in (meaning that in today’s day and age, you should learn about both real-world physics and about how information flows on the Internet).

A lot of people don’t know how to teach themselves, so it’s probably important to point out that learning to do so effectively is a big part of thinking for yourself. Learning how information is presented, as well as what’s often left unsaid, is important. Learn how to read graphs and charts and statistics. Improve your information literacy: Learn how to find credible sources, how to judge the credibility of a source, and what “credible” actually means. It doesn’t mean infallible.

As a general rule, don’t accept a fact until you have multiple credible confirmations of it. That might not be possible, but when information comes from untrustworthy sources, remember that. Learn the difference between something that you’ve learned and accepted and something that you’ve just heard on social media a few dozen times. This is easier when you have an understanding of what you’re learning. True things fit in better with other true things.

Don’t assume things are false just because the source isn’t credible, either. Just do extra research to verify. Do your own experiments to confirm, if possible.

Sometimes you’ll realize something you’ve accepted might be wrong, possibly because it conflicts with something else that you learned. When facts don’t add up, challenge them. You’re not infallible. Replacing a fact you accepted long ago isn’t a failure; it’s a victory. Many people are incapable of doing so.

Learn to distinguish between facts, inferences, theories, and opinions. (Note that established, accepted scientific theories often fall into the “fact” category.) Facts are verifiable. Inferences are based on facts; they’re evidence-based conclusions that can help to build theories. Theories are explanations, and they can be disproven but haven’t been proven (else they would be facts). Information presented as facts can be false. Theories and inferences can be poorly formed, even if the facts are sound (and especially when they are not). “Opinion” is a word people use to defend flawed theories. If the opinion isn’t a preference, there’s a good chance it isn’t an opinion at all and is just intentional misinformation. “You can’t argue with my opinion” isn’t applicable when the “opinion” is provably false - then it’s just a failed fact, inference, or theory. And even when it is an opinion, it can still be criticized.

Learn about logical fallacies. Even if you don’t call out the person using them, try to notice them in the wild, both by people you agree with and people you disagree with. But especially by people you agree with. Learn how to notice other ways people are misled.

Good catch, I didn’t realize that with AnyType. That makes my first recommendation to OP just SilverBullet, then. Source available is better than nothing, like with Obsidian, but OP specifically asked for FOSS repos. It looks like their peer to peer sync server is MIT licensed, but their client (and client library) code is licensed under the “Any Source Available License 1.0,” which restricts use other than for “personal, academic, scientific, or research and development use, or evaluating the Software, but does not include uses where the Software facilitates any transaction of economic value.”

I ruled out Logseq’s sync service due to it being both paid ($60/year minimum) and not FOSS, both things OP asked for. For my purposes, since it’s not FOSS and not able to be self hosted, it’s not a good option. But it makes sense to use the same file syncing solution that’s already in use, whether that’s FolderSync (or some equivalent tool) set up to sync to my server, Syncthing (though I just realized its Android client is no longer being developed as of December 2024), or even Cryptomator + some cloud storage service.

Since you’re already using Standard Notes - have you checked out Awesome Standard Notes? You can use the community extensions - editors, themes, etc. - even with the free plan.

It’s my main note-taking app, but I also got the 5 year paid plan for $150 (IIRC) a few years ago, and prices have increased substantially since then. If I weren’t locked into a lower rate, I’m not sure I’d subscribe at the current rates (though I would look into the self-hosted Pro discount before ruling it out). That said, if you don’t need note linking, queries, and those sorts of things, then I think the free plan of Standard Notes + community extensions is a great option. If I self-hosted the server, the main thing I’d be missing over the paid plan is nested tags.

Logseq (repo) might meet your needs if you’re okay setting up a sync service like Syncthing on every client you use. Of course, you could use Dropbox, Google Drive, etc., but I recommend against it without a layer like Cryptomator in between, since your data is store in the clear. IMO it doesn’t really make sense to self-host Logseq - just use the native app that’s available on basically every platform. I find Logseq kinda confusing, honestly, but it has a lot of compelling features.

SilverBullet may be what you’re looking for. It must be self-hosted and has a PWA instead of native apps, but the PWA on mobile at least is quite good. Since it uses Markdown files for its notes, you could use it with some other tool on the machine hosting those files, if you wanted. I have it self hosted myself and it’s the best alternative I’ve found to Notion and Obsidian when it comes to querying my own notes and so on.

Someone else posted about Outline and I think it’s a fantastic, polished option. I know that you said this is for solo use, so you probably don’t care about its collaboration features, but you also mentioned managing personal projects, and its integrations (e.g., Airtable) could be useful for that. I have it self-hosted and it is a bit more complicated than other options, but I don’t think I ran into any particular issues. I’m using it with Authelia as an OIDC provider and can share my docker-compose file and other config if that would be helpful. They also have a paid, hosted option, which you can try out for 30 days if you want to see if it’s right for you before you put the time and effort into self-hosting it. One of my most-used editors in Standard Notes is the Rich Markdown Editor, which is based off the editor used in Outline. However, unlike SilverBullet and Standard Notes,

Hedgedoc is another option that may be worth looking into. It’s my go-to collaborative editor / gist replacement. Personally, I prefer it over Outline. Its main shortcomings are that:

• it must be self-hosted (though you could use HackMD aka CodiMD, which it was forked from, as that does have a hosted version)
• it doesn’t have an app (on any platform - not even a PWA)
• it doesn’t have any sort of querying capabilities, and
• it doesn’t have any sort of Kanban-like tool.

But it does have several built-in integrations, like Mermaid and multiple other diagramming tools, inline images (just drag and drop), syntax highlighting for code, Gist embeds, Youtube embeds, optional Vim/Emacs keybindings, a slide deck presentation mode, inline CSV tables, etc., and that’s all without needing to mess with plugins or switch between editors.

I hadn’t used AnyType before today, but it’s been on my radar since late 2020, and it’s pretty powerful. It’s not perfect, but it seems to check off everything you’re looking for. It does have a bit of a learning curve, but it’s been easy to jump in and take notes.

It’s hard to know which to recommend you try, though, because your list of criteria don’t all map neatly to features. For example, what do you want from planning vs managing personal projects? What do you mean by “journaling?” Is having a “journal” section where notes get dates sufficient? Do you like the way Standard Notes or Logseq handle journaling, or are you looking for features like what jtxBoard has?

I’m assuming the following for my table below:

• Quick Notes - easy to create a new note and just write some stuff. Needing to fill out any required fields (even “title”) make this a ❌
• To-do lists - checkbox lists. You have to be able to add a new item by pressing enter and mark an item off just by checking the box.
• Managing and planning projects:
  • Kanban / Trello style board - without needing to integrate with a non-FOSS third party service (this is why Outline gets a ❌)
  • Linking to another note in the body of a note (Standard Notes lets you create a link in the tag bar - this doesn’t count)
  • Embedded querying of your other notes, treating notes like objects - really the thing that makes Notion so powerful
  • Easy table editor
  • Diagrams - Mermaid, Excalidraw, or a similar plugin that works natively
• Easy to use - auto-saving of notes, automatic synchronization that “just works,” rich text copy-paste, etc…
• Offline mode - You didn’t mention this, but I’m calling it out since it’s otherwise easy to take for granted.
• Publishing - you mentioned not caring about collaboration, but being able to publish a note is still useful in solo-only workflows, as it gives you a way to reference it directly from a bookmark, some other tool, etc., potentially from a device where you aren’t authenticated.

[1]: For Standard Notes, I’m not assuming that you’re self-hosting the server, but I am assuming that you’re installing community extensions, particularly Rich Markdown Editor or something similar.
[2]: For Silver Bullet, I’m assuming that you’re installing community plugins.

I recommend you try AnyType and/or SilverBullet first, depending on which one looks more appealing to you.

There’s no need to bond with your own child?