> Correct me if I'm wrong, but UPnP requires my ESP32 to initiate communication.

Not quite. Using UPnP, any host on your internal network can open a port for any other host. You may be thinking of NAT-PMP.

Additionally, by default UPnP mappings don't expire (unlike NAT-PMP mappings), so if a host crashes with an open port and your ESP32 inherits its IPv4 address, it will be exposed to the Internet.

Actually I've never heard of NAT-PMP, so I'm just wrong ))

Thank you. I never considered the reused address vulnerability.

> I don't have a shortage of IPv4. Maybe my ISP or my VPN host do, I don't know.

Your ISP has paid 40€ for your IPv4 address. That's a cost they're most probably passing on to you.

> Every host routable from anywhere on the Internet? No thanks.

Every time you start a videoconference, there is a couple of seconds' pause while the peers perform NAT traversal.

It's also possible in LineageOS and its derivatives.

But it's not very useful in practice: if an application doesn't need networking for its core functionality, then there usually is an open-source equivalent that does not use the network in the first place. The few applications that lack a good open-source equivalent (public transportation, proprietary messaging protocols, banking) don't do anything useful without network access.

Being able to block network access gives me peace of mind regardless if the app is proprietary or open source. Humans are fallible and life can get in the way (maybe the app has old dependecies with vulnerabilities, or any other random thing that I don't want). Being able to set the permissions I want only has upsides.

Oh, fully agreed.

What would be more useful, however, would be the ability to selectively block network connections: for example, to allow the public transportation app to access its API endpoint, but not the advertising and tracking endpoints. I don't think LineageOS allows that, and I don't know if Graphene does.

You can do that on websites with Firefox and UBO. Unfortunately not many transit authorities consider the website as a firsr class citizen anymore.

Sounds like you want dns that blocks advertsing endpoints. Something like pihole or some other service.

> But on the other hand, we also don't know if this is a foreign misinformation campaign or just a politically disgruntled Pole

The videos contain at least one mistake that indicates that they were written by a native speaker of Russian (the use of the word prawilny, which is a Russian word (правильный) and doesn't exist in Polish).

It's circumstantial evidence, granted, but enough to point at a Russian origin, at least in the absence of further information.

> Someone (Russia)

One of the videos uses the non-existent word prawilny, which is Russian (правильный). The Polish equivalent would be prawidłowy or właściwy.

You are right, but it should be added that "prawilny" is used as a slang for "good guy" among some young people subcultures. It's no longer used much.

There's certainly a number of Russian words in older Warsaw slang (barachło, ustrojstwo, wierchuszka, etc.), but the videos were not using slang, especially not older slang, and they had no reason to use prawilny except by accident.

> in a foreign country [...] If he had an eSIM it would have quickly solved the problem for him. Instead he had to wait until he got home to pop in a new SIM card.

Are you sure that his carrier allows activating an eSIM while roaming? Mine definitely doesn't, which means that if I break my phone while abroad, I lose access to online banking.

> Give an example of UB code that you have committed in real life

    struct foo {
        ...
        atomic_int v;
        ...
    };
    
    struct foo x;
    memset(&x, 0, sizeof(x));

I don't think it's UB if you init the struct before using it atomically from multiple threads.

“We, the CDU/CSU parliamentary group in the Bundestag, are opposed to the unwarranted monitoring of chats. That would be like opening all letters as a precautionary measure to see if there is anything illegal in them. That is not acceptable, and we will not allow it.”

Reported by Patrick Breyer, <https://www.patrick-breyer.de/en/citizen-protest-halts-chat-...>

The EU is not a single person. There are some people among the EU elites who fight for an open Internet, and some who want to control the Internet. They are not the same people.

I only know of one project which is reserved for free software, it's NGI0 <https://nlnet.nl/NGI0/>, which is going to be cut in 2027 <https://edri.org/our-work/european-commission-cuts-funding-s...>.

However, most other EU programmes do allow and even claim to encourage free software companies to apply.