It's hard with nix to end up with a system without first having a config for that system

Use matrix instead. Or zulip. Or xmpp. Or IRC

nftables is configured like that https://wiki.nftables.org/wiki-nftables/index.php/Simple_rul...

That's the decision. Do you know the reasoning?

The primary reason: Revocation doesn’t work for webscale (OCSP is now obsolete). So instead, shorter cert lifetimes.

PS. Saw this insightful comment over on Lobsters:

“One quantitative benefit is that the maximum lifetime of certificates sets a bound on the size of certificate revocation lists. John Schanck has done heroic work on CRLite at Mozilla to compress CRLs, and the reduction from 398 days to 47 days further shrinks them by a factor of more than 8. For Let’s Encrypt the current limit is 90, so a more modest but still useful factor of 2.”

https://lobste.rs/s/r2bamx/decreasing_certificate_lifetimes_...

There are several https://gist.github.com/ptman/1b9e3a992e6c8aeecc86b5f1fd1c5f...

Before SNI every https site needed a dedicated IP address. As https got more popular SNI was introduced

There's also https://cryptpad.fr/ - https://cryptpad.org/ - https://github.com/cryptpad/cryptpad

That looks great, thanks for sharing.

I would add to that list something like a splitwise alternative.

And open source too? Seems too good to be true.

I think you're looking for https://spliit.app/

I don't think that's end to end encrypted.

With so much surveillance I think there's a real need for E2E on anything. I just bought the basic Tutanota package - but maybe that's just my OCD acting out.

EDIT: This is closer, and you can self-host

https://github.com/cryptoboid/splitio

But it's in JavaScript <throw up> can't win them all.

Do you feel you need E2E even when you're self hosting?

https://github.com/spliit-app/spliit

I don't want to self host though. That's like giving myself a job.

I always use https://ihatemoney.org/

Postgrest/supabase, prest or similar