They don't have Mozartists.

This approach sounds good.

I think the correct approach is both, if you have the option.

Most devices accept two name servers. Redundancy is always good, especially for DNS.

I've used this list generating package for years now with great results: https://github.com/opencoff/unbound-adblock/tree/master

It is designed to generate blocking lists that can be used with unbound, the DNS resolver. There are even instructions for how to configure unbound so if you are new to it all you can follow along.

I use the resulting lists in my two local DNS name servers, running unbound.

The way it works is that if a query for a blocked address comes in to one of thenlocal DNS servers it returns a domain not found result. If the address is not on the block list then it forwards the query on to an internet DNS resolver securely using DoT.

You can gain further control over your DNS results by choosing those upstream resolvers carefully. Quad9 and Cloudflare etc all offer DoT resolving, along with some further filtering (eg. for malware), or completely unfiltered DNS if that's what you want.

Services like cleanbrowsing.org offer more fine grained filtering, useful if you want a family-friendly set of DNS results, based off categorify.org. You can pay for really fine tuned results, or there is a free layer which provides still very useful basic categories.

Combining the two forms of filtering, local advert and tracking blocking, along with open internet content categorisation, seems to be very effective.

I get complaints about too many adverts when my kids are on WiFi away from home. I take it as a compliment.

Edit: Forgot to mention! Another minor gripe I have is that my current 1 router / 2 routers-as-AP solution isn’t meshed, so my devices have to be aware of all 3 networks as I walk across my property. It’s a pain that I know can be solved with buying dedicated access points (…right?), but I’d like to know other’s experiences with this, either with OpenWRT, or other network solutions!

This works very well with OpenWRT on each AP and/or router device by using the same ESSID and password combo on each of them, enabling WLAN roaming and also 802.11r Fast Transition to allow your mobile devices to hand-off quickly from one AP to another as signal strength levels demand. With this enabled you keep the same IP address, and even SSH sessions don't drop when you move from one AP to another, it all happens in the background. As far as the end-user is concerned it is all just one big happy wifi network.

802.11r is not mesh, that's a separate thing but and you can do it with OpenWRT too. I don't need to because I have ethernet to all my APs, so all the RF bandwidth is available for the last leg from AP to device(s), and not being used by back-haul from AP to AP through to the router as well.

In your use case I would consider grouping devices into categories and having a different wifi network for each category with the dhcp and firewall rules set accordingly.

VLANs on the ethernet-side might also be useful, but it sounds like most of your devices are on WiFi, so it might well be possible to get a "mature" setup without needing that extra complexity.

As others have said, backing these settings up and restoring them to a new device in the case of hardware failure is generally straightforward. Care is needed when replacing the broken device with a new one because of naming conventions varying from device to device, but the network logic, and things like dhcp reservations can be carried over.

Seems like the PlayStore team should get wiser to how OSS communities manage software releases. They should be good at this, because, you know, their platform is based on the Linux kernel.

PlayStore should enable Termux community to manage the app name, or at least be able to have a prominent link to an "official" alternative displayed on the PlayStore Termux page.

Obviously something has gone wrong between Fornwall and the rest of the team for this situation to arise. But at first sight this is not an uncommon or surprising situation to arise. I think PlayStore could do better, and Google could support the OSS ecosystem they benefit from better.

Check that it works with Klipper!

The convenience and control Klipper provides is phenomenal. You don't have to use it if it turns out you dont like it, but I feel like ruling it out as an option now would be a shame.

I would also point out that you should not be put off by the "official" supported printers list for Klipper, a bit of Googling will often turn up some mini projects where people are actively working on supporting the printer with Klipper before the main project gets round to adding official support.

Is this just the backend, or is it UI too? Is there an easy way to find this out myself in future?

Procmail for the old school win.

Yes.

I cut my teeth on an early version of The Linux Networking Howto, still available at tldp.org. That's a little bit out of date now :-) but the basic IPv4 networking concepts are still good.

These days so much is implementation or distribution dependent. There has been so much very rapid development in this field during the internet era that the age of documentation matters significantly.

A mitigating, but also confusing, factor is that different generations of networking tools have backwards compatibility built in so that it has been possible to build firewalls on kernels running nftables using iptables utilities in userspace.

I think you could do worse than starting with the Debian wikis and then drilling down into other documentation for the specific distributions or applications you want to use.

I seem to remember that openwrt.org and shorewall.org (though that product is EOL) also have some good overarching network stuff. I think Hurricane Electric he.com may still do their free basic IPv6 certificate programme?

Wikipedia is also your friend in this, especially the references.

I've enjoyed onemarcfifty.com's videos too, but that format isn't what you are looking for, and the transcripts I have seen are not formatted.

I like this idea so much. The problem is quality control.

Uber Eats here in UK really struggles to delivery an accurate order. And where there is a problem the driver blames the restaurant, the restaurant blames the driver, and Uber or the restaurant (it's frequently not clear where to begin) may or may not issue a refund and perhaps an apology, but that doesn't solve the problem which is you don't have the food you were promised and that you paid for. No one takes responsibility for that.

Who in a decentralised system can or should take responsibility?

Amazon, for all their many faults, claim to be trying to make the most customer-centric company on earth. A lot of their early success came from a stellar returns policy, shouldering responsibility for products they dispatched, as well as excellent prices. Not so much now, but certainly during their incredible retail growth period.

How do you code for that in a federated system? And, if you can, how do you compete in a wider marketplace with an Amazon monolith?

Oh wow! The Unexpected Keyboard is a very pleasant surprise!

My new default. Thanks for the recommendation!