restic actually supports rclone!

May I suggest Kimsufi along with Hetzner for if you scale up? Its similar pricing and they have some NA locations (although less storage). I've had good experiences with them.

i will check it out thanks!

Borg is also big on deduplication

Deduplication is one the things that drove me to Borg: it has the speed and space saving of an incremental backup but every single backup can be used as it was a full backup.

It is also very easy to setup a pruning policy for old backups, so that you can say that you want to keep one backup per day for 90 days and after that only one backup per month for 2 years.

The dedupe in Borg is downright magical. I know I lose some space by keeping my hosts in separate repositories, but even then, I get insane space savings.

Reminds me of a similar project varstruct (https://github.com/varstruct/varstruct). Also maybe you could consider the abstract-encoding interface specification (https://github.com/mafintosh/abstract-encoding), although it has a few flaws of it's own.

AdAway is quite nice as it updates your hosts file directly rather than using the phones VPN feature, although the downside is you do need root.

Why use BoringSSL? I was under the impression that it was not recommended for third-party use.

Extended opinion on this by someone formerly Google and currently Cloudflare: https://github.com/sandstorm-io/sandstorm/issues/3036#issuec...

tl;dr is that Google is not supporting features in BoringSSL that Google doesn't need, but it's probably adequate for a lot of other projects.

Really we should learn to expect that "I don't support that" is the default unless somebody's _actual_ business is supporting you doing whatever it is. Which it rarely is these days. This obviously matters most for security, but it's true everywhere.

Another security example is that a tremendous amount of stuff ultimately decides whether to trust a certificate based on Mozilla's root trust programme.

That seems fine right? Well, kinda. It's definitely better than "I found this file named CA_TRUST.Z on an old Solaris machine in 1997 and so that'll have to do" as a policy.

But it's different from two things you or end users might expect you're achieving.

1. This isn't "You know, the same Certificate Authorities trusted everywhere". There is no such thing. The big root trust programmes have a fair amount of commonality, which is fine if you're out to obtain a certificate for a web site (pick anyone in the common set) but they aren't even close to mirrors. Mozilla's list is significantly different from Apple's which is likewise different from Microsoft's.

2. This also isn't "Like in Firefox". This problem is more subtle, after all the Firefox build process consumes the same file, ultimately, as your code does. But, Firefox has a long list of extra rules beyond whether or not something is in Mozilla's published trust store and your application would need lots of extra work to implement all those rules and track updates to them. Did you do that work? No you did not.

This probably won't bite you, and likewise relying on bits of BoringSSL that Google doesn't care about probably won't cause massive security problems in your code. But only probably.

BoringSSL is nevertheless used very widely.

I see, thank you :)

Your question still has not been answered though.

Implicitly it was, "because it is not an issue in practice"

What I'm curious about is why is it depending on both BoringSSL and ring, the latter being a rust fork/wrapper of BoringSSL.

Apparently the previous owner of the domain was trying to sell it for "the price of a house", not something an open-source project can typically afford.

[0]: https://www.reddit.com/r/Bitcoin/comments/8a1drz/psa_electru...