I have self hosted my email since 2006. I gave up on self hosting outgoing mail in 2021, but I still keep the server up for incoming mail, and still set up throwaway accounts on there.

The hard part of hosting email is getting Google and Microsoft to accept outgoing mail. Tons of businesses that do not have visibly outlook .com or gmail .com addresses are still hosted by those servers.

I had SPF, DKIM, and a static datacenter IP address with no reputation problems. I still couldn’t get through to Microsoft, not even in people’s junk mail directory, until they manually whitelisted my address. Microsoft didn’t allow them to whitelist a whole domain. Google was a little easier, but they added new demands monthly.

In 2025, I can’t get reliable delivery to gmail .com addresses even sending from a hotmail .com address in the outlook .com web interface.

Is this sarcasm?

I ran Steam on Wayland just fine for several years.

Yeah, true, but that’s mostly fixed costs, and has a pretty low incremental cost for each video delivered. The fixed costs we have to pay regardless.

Electrical engineer here. There is almost no difference.

The cost of streaming video from a server to your computer is pretty small, basically just transferring the bytes from a hard drive to a network card. This happens in a datacenter on a big server designed to be efficient at it, and serve a ton of people at once. Your own electricity consumption on your viewing device is likely much higher than that. You can calculate your electricity consumption using a Kill-A-Watt or similar device, but here are some averages of measurements I’ve made on my devices:

• PC with 27" LCD monitor: 150W
• 50" TV: 300W
• Laptop with internal 14" screen: 40W
• Phone with 5" screen: 10W roughly, but it’s complicated
• Phone with screen off, speaker only: 2W (guessing here)
• Handheld FM radio: less than 1W

If you look at your computer’s CPU usage while watching video, it’s mostly idle. So most of the power consumption is the screen’s backlight.

Assuming worst-case coal power, releasing 0.4kg of carbon per kWh, and a large TV, and let’s say 10% overhead for the server’s energy cost, that’s 0.13kg of carbon per hour. So don’t worry about it.

I got GOG Galaxy working in Steam, through Proton, as an “Add a non-Steam Game”. I’ll have to try Heroic Launcher.

You’re misunderstanding. They bought these games through Steam. Their proof of ownership of the account is that they have the Steam account. There’s no legitimate reason to lock the authorized Steam user out of the account.

Road Redemption (motorcycle combat game)

7 Days to Die (zombie scavenging survival craft with mostly 2-wheeled vehicles)

Even if you can buy it, you can’t file a warranty return if you are outside Fairphone’s small support area.

Fairphone has guaranteed 0 years of support in my country.

Swapping out random parts of the OS will certainly lead to breakage and dependency hell in your package manager (unless you just replace files without using the package manager, which might make all of this even worse).

I’ve done it, and it works. I’ve built packages of libraries and binaries before, at higher version numbers than Debian had, and deployed them to multiple Debian sid systems. They worked. When Debian caught up, I seamlessly upgraded all 3 systems with no problems.

Even in the worst case scenario of dependency hell, you would be able to downgrade to the Debian supported version. But I never had to do anything like that.

I’m not going to respond to all the rest of your post, because I don’t think it will help with anything. It seems that we have very different ideas about device ownership.

Some apps resist being backed up. “android:allowBackup=false” was one way. Apparently that can be overridden, but there are other ways apps can resist backup that can’t be overridden. It’s not clear what those are, but some of my apps definitely aren’t being backed up by Seedvault, even though they aren’t using keystore.

The apps using keystore can only ever be backed up by installing a backdoor in the TEE.

They do provide instructions for compiling from source, they just don’t support you at all afterwards. If you compile GrapheneOS and put it on your phone, they say “you are not running GrapheneOS” at that point. Unlike Debian or Ubuntu, where every package can be replaced by a hand-compiled version, and it’s still Debian or Ubuntu.

need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone

Any secure Android device should be starting each USB session in device mode, set to charge only. It is usually not possible to change this mode without unlocking the screen. I don’t know what this has to do with sandboxing or unlocked bootloaders.

Crossing a border into a country and they suspect you’re some sort of threat?

How does this attack work? Are you saying they’d replace the operating system by using the unlocked bootloader? There are plenty of ways to prevent this with full disk encryption. Of course you need to check for modifications when you get it back, but that’s true even if you have a locked bootloader, because of hardware modifications and leaked keys.

Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.

In any of the open source Android distros, like LineageOS or GrapheneOS, those updates come as part of the operating system. The updater is open source, and doesn’t care whether your bootloader is locked. I assume a Linux Mobile system would be closer to Debian’s Apt system, which is also an open source updater than can install proprietary drivers, and also doesn’t care if your bootloader is locked.

didn’t really need an “um ackshually” about people who don’t want a secure os

This is pointlessly condescending.

Comprehensive backups, which can only be done after rooting. You can do this, but only after disabling verified boot.

They literally have a whole instruction page for it on their official website: https://grapheneos.org/build

I’ve asked, and they don’t support you at all after you build it. You can’t get updates or packages from GrapheneOS. Compare to Debian, Ubuntu, RHEL, etc., where you can compile your own newer package, install it, even replace core operating system components, and then seamlessly upgrade to the OS vendor’s version when they catch up.

What they don’t support is making modifications to GrapheneOS, compiling it, and then still calling it GrapheneOS. It’s not. You changed it, so it’s something else. It’s your own fork of GrapheneOS, so you should name it accordingly.

Even if you don’t modify it, they tell you not to call it GrapheneOS, and don’t offer any way to install patches, besides building it again.

Uh that’s by design? Do you even understand the purpose of a secure element and trusted execution environment, and how they work?

Yes, I understand it. I’ve opposed TPM from the start, and this is just TPM for Android. I don’t want a device that keeps secrets from me. I do want comprehensive backups, including all cryptographic keys. I should be able to access the TEE from my authenticated PC over SSH.

I’m fully aware that Widevine won’t run on a device where the owner has control over the whole device.

The code is open source, you can freely modify the OS, compile it, sign it with your own keys…

I don’t have the resources to do this (PC nor effort). They recommend 100GB+ storage and 32GB RAM for building it, and you seemingly can’t do it incrementally, since you have to flash an entire operating system at a time. I want to modify one file, like the call recording xml file. (That file is from a previous operating system I had, but I can’t provide an example of niche cases like that for GrapheneOS, because I only ever used GrapheneOS for a few days, so I don’t know what kind of small modifications I would want to make.)

Can you please explain how rooting adb only, not any apps, makes it less secure? Use concrete examples, not abstract.

Not everyone runs dangerous proprietary apps that need sandboxing. Does my offline puzzle game need sandboxing? Firefox has its own sandbox built in.

Some people consider unlocked bootloaders a feature.

Just try asking about rooting in the GraoheneOS Discord, and you risk getting banned.

GrapheneOS has a ton of locked down stuff they don’t want you to access. They make rooting extra hard, they don’t support compiling the OS from source, there’s still the TEE you can’t access even with root, and the OS filesystem is readonly to inhibit customization.

GrapheneOS promotes “verified boot” that stops you from doing many important things.

Cloudflare has IP banned me before for no reason (no proxy, no VPN, residential ISP with no bot traffic). They’ve switched their captcha system a few times, and some years it’s easy, some years it’s impossible.