Pretty much impossible within I2P

Only if you’re deliberately running an exit node (doing so requires special setup).

Owning a lot of Tor exit nodes doesn’t automatically deanonymize users. Exit nodes only see the traffic as it leaves Tor toward the clearnet, not the original sender. To actually identify someone, you’d need to match their traffic entering the network with the traffic exiting - a correlation attack - which requires visibility on both ends. The US doesn’t “own most exits” either; the network is run by many independent operators, and the Tor community actively monitors for malicious relays. Even if a law forced US exit operators to log everything, that alone wouldn’t deanonymize anyone unless combined with large-scale surveillance of entry traffic, which is extremely resource-intensive and not guaranteed to work. In practice, governments can make running exits legally risky, but they can’t just legislate Tor anonymity away.

In my experience, if you have anything but “Network: OK” status (for example, “Network: Firewalled”), it’s not working properly. If you’re behind a VPN, you need to port-forward and properly configure a port in I2P config/settings. Another sign that it’s misconfigured is 0 participating tunnels. This is how properly configured I2P network statistics looks like with high internet bandwidth:

• If the internet were fully controlled, you’d need mesh networks - DIY, decentralized networks using radios, local connections, or other alternative infrastructures. I don’t know all the details, but Yggdrasil is a promising modern project that functions as an alternative “internet” for mesh networks, while also working over the regular internet.

• Within the normal internet, the most resilient solution against heavy censorship is probably Shadowsocks. It’s widely used in mainland China because it can bypass full-scale DPI (deep packet inspection) by making traffic look like normal HTTPS. There are ways for authorities to detect it, and there are counter-methods, but it remains one of the most reliable tools for evading state-level traffic filtering.

• Next in line are Tor and I2P. Both are very resilient, and blocking them completely is difficult. It’s a continuous cat-and-mouse game: governments block some bridges or entry nodes, but new ones appear, allowing users to reconnect.

• Finally, regular VPNs are useful but generally less resilient. They’re the first target for legal restrictions and DPI filtering because their traffic patterns are easier to detect.

Overall, for deep censorship resistance, it’s a hierarchy: mesh networks > Shadowsocks > Tor/I2P > standard VPNs. You can ask chatbots about any of these and usually get accurate, practical advice because the technical principles are public knowledge.

• Tor is optimized for accessing the regular internet anonymously. It uses onion routing with a small number of long-lived relays, and you exit back to the clearnet through an exit node. Hidden services (now called onion services) exist, but they’re secondary to Tor’s main use case.
• I2P is designed primarily for internal services (called eepsites, torrents, chat, etc.) inside the I2P network itself. It doesn’t rely on exits the way Tor does. It uses garlic routing (a variant of onion routing with bundled messages), and every participant is both a client and a router, making it more peer-to-peer.

If you mean an HTTPS ban, it’s technically possible, but even mainland China and Russia haven’t gone that far. One major reason is that it would completely undermine basic internet security. It would instantly make man-in-the-middle attacks trivial, letting anyone sniff purchases, transactions, and more. Buying anything online - or using a credit card at all - would suddenly become extremely risky.

This is why it’s perfect time to get some tech literacy regarding tor, i2p, yggdrasil, and shadowsocks. It’s not perfect solution to use tech to circumvent restrictions that shouldn’t be there in the first place, but sometimes it really comes to that point and it’s really nice to have all systems ready!

Yes, and the difference compared to docker/podman, is that a lot of things like networking, gpu, audio, shared memory, etc, are passed through automatically by default. So you for example can build/run games inside those containers and expect native performance.

Non-Fedora-based immutable distros:

• NixOS → Not based on any distro. Immutable-like because the entire system is declaratively managed through the Nix package manager. Rollbacks are built-in.
• openSUSE MicroOS / Aeon → Based on openSUSE Tumbleweed (not Fedora). Uses transactional updates and Btrfs snapshots for immutability.
• Vanilla OS (2.x, Orchid) → Originally Ubuntu-based, but now moving to a Debian Sid base with its own package manager (apx) and immutability features.
• Endless OS → Independent distro, based on Debian but shipped as a read-only OSTree system with Flatpak apps.
• Ubuntu Core → Based on Ubuntu, but entirely snap-based and immutable. Mostly aimed at IoT.
• blendOS → Independent, immutable, designed around atomic updates and containerized package managers (supports apt, dnf, pacman, etc. via containers).

Installing development libraries, whether bleeding edge nightlies, or just slightly obscure, often requires write access to some of the key folders. Does that get difficult?

Nope if you do it in containers. In case of Bazzite, you have podman/distrobox/toolbox, and this particular thing you’d usually want to do in distrobox, which is going to be easier/faster than going full general docker/podman container route. It usually goes like this:

distrobox create -n ubuntubox -i ubuntu:20.04
distrobox enter ubuntubox
sudo apt-get install mydevlibraries
...

I’m having difficulty getting docker desktop setup but I’m sure I’ll figure that out, had a lot of shit containerised before. But yeah, whole point of the post - Thanks people, you’re awesome.

Just in case, podman is basically the same as docker and is preinstalled (cli only). You can use docker images and even run stuff from docker hub. There might be a GUI for it similar to Docker Desktop. Also, distrobox/toolbox are preinstalled - those variants of podman that do a lot of passthrough / bind mounts by default, so that you can build and run graphical, audio, networking apps in those and get them running with native performance and full access to devices/networking/etc.

Any rough edges you’ve encountered yet?

No problems so far, but I didn’t try anything USB-related. Two of the more interesting programs I use it actively for are Ubuntu distrobox for Ultimate Doom Builder (level editor, works with GPU) and toolbox for natpmpc (utility for port-forwarding). I made a systemd service on my host system that calls toolbox run natpmpc -a 1 0 tcp 60 -g "$GATEWAY" 2>/dev/null in a loop to establish port-forwarding for my ProtonVPN connection (running on the host ofc), parses the assigned port and calls qbittorrent’s web api to set forwarded port there.

Distrobox uses bind mounts by default to integrate with the host: X11 and Wayland sockets for display, PulseAudio/PipeWire sockets for audio, /dev/dri for GPU acceleration, and /dev/shm for shared memory. On NVIDIA systems it relies on the standard NVIDIA container toolkit, while AMD/Intel GPUs just work with Mesa. Compared to plain Docker, where you usually have to manually mount X11/Wayland sockets, Pulse/PA sockets, /dev/shm, and GPU devices, Distrobox automates all of this so GUI, audio, and hardware-accelerated apps run at near-native efficiency out of the box. Toolbox works the same way but is more tailored for Fedora/rpm-ostree systems, while Distrobox is distro-agnostic and more flexible.

For me, NixOS feels like something from the 2010s. I used it a bit about a decade ago. It’s great and powerful, but still pretty niche and not for everyone. Right now I’m on Bazzite, which seems to aim for the same goals but in a much easier and more forgiving way.

If I really need to overlay something onto the system, I can use rpm-ostree, but that’s rare since almost everything I need runs fine in toolbox or distrobox. Using those is super easy and forgiving—it’s basically like having super-efficient containers where you can mess around without worrying about breaking the host OS.

Personally, I mostly stick to a single Ubuntu distrobox, where I build graphical/audio/gaming apps from source and just launch them directly from the container—they work perfectly. Distrobox feels like having as many Debians, Arch installs, or Fedoras as you want, all running at near-native efficiency. Toolbox is similar, but I use it more for system-level stuff that would otherwise require rpm-ostree —like being able to run dnf in a sandboxed way that can’t mess anything up.

I’ve been working remote ever since COVID. Also, if we’re going this far, I think this whole culture of absent personal space at work isn’t something to defend. If anything, it’s kind of nice to punish this system by having something shocking or insulting on your screen. But we all need money and people don’t want to get fired so I can understand that. We’re all going to get fired and replaced by AI anyway though.

I personally don’t consider this NSFW.

Also accessible via peertube.wtf

Bandwagon Premier launches at the end of the year, selling albums will only be available for this premium subscription tier of $10/month.

This is kinda stupid? I don’t see anyone wanting to use this. If you don’t sell anything, you still have to pay. Also, as time passes, your older releases are sold less. If you don’t release anything new in a while, it makes little sense to keep being subscribed until your next release. Fees are way better, especially for small / little known artists. I think it makes more sense to host some free stuff here for advertisement, and then post a link to your Bandcamp in your profile to let people buy there, because their model is better.

“I asked ChatGPT” and my post got 180 replies 🔥

LM Studio looks cool, but I wonder, why their GUI app isn’t open-source? Also their site has careers section, where do they get money to operate like that? Couldn’t find anything about their monetization model.