DNSSEC is the actual solution, providing authenticity and integrity for DNS records. The DNS client can verify that the received DNS response is what the zone admin intended. Additional records (NSEC / NSEC3) are used to provide a proof of non-existence, preventing suppression from a mitm attacker. But if your government is mitming you, you don't want them to see you use DNSSEC. DoH is useful in that case, because a mitm sees only https traffic, which is less suspicious than DoT.
DNSSEC isn't going to prevent suppression, it just makes it detectable. Cloudflare is still going to send you a doctored record - which will fail verification. But that doesn't magically give you an undoctored record, unfortunately.
Entropia is the local chapter from Karlsruhe of the Chaos Computer Club. The Gulaschprogrammiernacht (GPN) is their local version of Congress located in HfG and ZKM, a college and a great museum.
Clojure is great. Brining together Lisp with the Java ecosystem makeand its concurrency model makes it great for building backend system, while still enabling quick changes.
One thing that I found noteworthy is that Clujure did not pickup some innovations happening at Java since like version 8, such as Invoke Dynamic in the JVM or streams.
Generally for streams, the equivalent in Clojure with sequences or transducers is much cleaner and simpler so there was not a lot of reason to want them from Clojure. However, it is important to provide interop paths to work with Java libs that make use of them.
The functional interface coercion is implemented with invokedynamic.
I remember in mechanical engineering class we would often use this for exercise sheets. On our calculator we could directly enter π and ², thus it was equally as fast to entering 10.
My friends and I all selfhost own matrix homeservers and we use it to chat.
It works reasonably well, but stil the administrative work required should not be underestimated, comparable to selfhosting e-mail.
Regarding features, matrix is promising and definitly innovative, but espacially the mobile apps don't have the same level of usability like WhatsApp or novel features like Telegram. Techsavvy friends can definitly use it, but you don't want to become a managed service provider for your broader family.
I use this ansible playbook to provision my server and related services (monitoring, bridges, ...) [0].
The bridges espacially make it fun to play around with.
I'm running bcache, with lvm/luks and xfs on top, since >5 years on my desktop and it has been stable and partition manipulations, like resizes, worked without problems, albeit the tooling is not so well supported.
I bought new a new ssd and hdd for my desktop this year and looked into running bcachefs because it offers caching as well as native encryption and cow. I also determined that it is not production ready yet for my use case, my file system is the last thing I want to beta tester of. Investigated using bcache again, but opted to use lvm caching, as it offers better tooling and saves on one layer of block devices (with luks and btrfs on top). Performance is great and partition manipulations also worked flawless.
Hopefully bcachefs gains more traction and will be ready for production use, as it combines several useful features. My current setup still feels like making compromises.
The main page of codisec [0] lists that Veles has been retired. They since have a new project, CodiLime [1], which seems like is a general technology consulting/outsourcing company.
CodiLime was the actual company, CodiSec was "brand" for various security related activities, starting with CTF competitions where we used the name first, then it was used as brand for the team that worked on Veles (we continued to take part in CTFs)
None of the CodiSec members were among the management/founders/etc of CodiLime - we were AFAIK plain employees, though one of us was in fact mber of DragonSector which is partly how CodiSec started.
