Just don’t run broken software. The attackers will not be able to exploit you then. If they have zero day exploits, the WAF will most of the time not save you since they are often pretty easy to circumvent. WAFs are only effective against old and shitty exploits that should be patched anyways since ages.

Attack surface is made of the amount of code that is running when an attacker speaks to your machine. Imagine a freshly installed GNU/Linux distro with no services. The attack surface is minimal. All packages sent to your machine will only ever be touched by relatively limited parts of the linux TCP/IP stack and NIC driver. If you now run a web server, the package coes through the NIC driver, TCP/IP stack and web server. The surface is increased. Each of these parts of your machine’s code could have bugs. The more code your attacker’s packet runs through, the more opportunity to make your machine do things you don’t like.

If you want your machine to do what you like but not what random attackers like, it is therefore mandatory to have the least amount of attack surface, not adding code in contact with your attacker like a WAF or “antivirus”. Both these kind of softwares will inspect the packages coming in an take decisions (potentially bad ones) based on the content.

WAFs will mostly not help you since on a well configured and patched system, little known bugs are exposed. They might help you occasionally but usually patching the system is more effective. Of you want this to happen automatically, it’s entirely possible. Most os’s allow automatic unattended upgrades.

Wafs don’t make you safer but create unnecessary attack surface. Just keep your machine and services up to date.

Argh, hate them!

I’m from Europe and headlights suck here too! It’s spectrum of LEDs and tall cars and probably bad regulations too.

My problem is that I drive a low car (Ford fiesta) and most other cars are taller, this makes them way more blinding.

What I currently do is to take out my own headlight from its holder and deliberately point into their eyes. At least the message should be clear.

Yeah, I guess that’s one part of the problem. It’s not like most people care that much. But if that’s the only replacement lights you can get… :/

Just flash twice!! https://lyricsintosong.ai/music/02a3d10d-b96b-42e4-b839-8d73adeffb97

Totally, I’m commuting by bike almost every work day of the year and it’s infuriating how many cyclists have their headlights misaligned.

Hah, nice. The more the merrier!

Came here to answer this :D surely didn’t read that article

They rock.I’m sometimes afraid they will be bought or change terms.

Learnt programming as a kid on my dads PSION. I owe my career to that device. It came with a BASIC manual on paper. That must have been the most important part of the package.

Take the train instead!

I beg to disagree about the disadvantages. An important one is that you cannot easily update shared libraries globally. This is a problem with things like libssl or similar. Another disadvantage is the added complexity both wrt. to operation but also in general the amount of code running. It can also be problematic that many people just run containers without doing any auditing. In general containers are pretty opaque compared to os packaged software which is usually compiled individually for the os.

This being said, systemd offers a lot of isolation features that allows similar isolation to containers but without having to deal with docker.

Not a big fan of Bezos though.

I ran an XMPP network based on prosody and used snikket on android. Can recommend!

Are you building a C/C++ project that should run on BSD, Gnu/Linux and other platforms? Then maybe use autotools. All distro tooling will easily be able to handle it.

Are you just building some small project that will never make it into a distro, maybe just use something simpler. Or even just a plain makefile.

https://sqlitebrowser.org/ is great or aSQLiteManager for android