It depends what you want to do with it. If it's just for storing files/backups then encrypt them before uploading and make sure the key never goes anywhere near the VPS. If it's for serving up something like a simple website, you probably care more about data integrity than exfiltration, so make sure you have the security, including selinux or equivalent, locked down, and regularly run integrity checks. If it's for running something interactive, or where data will be generated or downloaded to the machine, you're out of luck, there's no even theoretical way of securing that against an adversary with that much access.

Maybe it's just a different viewpoint, but I find the sarcasm of that headline vastly more damning than just saying 'Trump lies again'. It basically saying that his brain is so fried that he's unable or unwilling to engage with the reality the rest of us experience.

Not morons, just not educated enough about them to understand exactly what the implications of that action are.

Nah, don't blame it on the sunshine, don't blame it on the moonlight. Blame it on the boogie.

Yes, I think the chicken would need to be rotating, you should use both hands to spread the warmed area, and be prepared to administer more slaps than were calculated.

You could say you just go round and round hunting for it, but no matter how hard you try you just can't corner it.

Well, you could.

One must also consider the thermal conduction of the chicken. Slapping it, either once or multiple times, on a single area will impart energy to that area, raising the temperature there, but it will take time for that to disperse throughout the fowl. Thus will inevitably lead to the slapped area/areas being overcooked and the rest being dangerously undercooked. Losses to the environment must additionally be taken into account unless sufficient insulation is employed to mitigate this.

Bend them the other way. Start with all fingers open for zero, and curl them as needed. You only need to move them a bit, so even twenty (thumb and ring finger back, the others curled) isn't too hard.

Wait, it purged the entire ecosystem except trout, so what are the trout eating? Don't tell me we now have nuclear powered fish, the implications are terrifying. What happens if you're bitten by a radioactive trout? Do we get troutman, the superhero we neither want, need or deserve?

Don't go cold turkey, but if you reduce your intake slowly you can probably wean yourself off of it.

(Please don't do this)

Use a different encryption key for your swap partition, then put that in a file on your (encrypted) root. In /etc/crypttab, where you list the encrypted partition and the device name for the unencrypted view, you can list the key file too. That way the swap partition will be automatically decrypted during the boot process and before swap is enabled.

I believe there may be issues resuming from suspend doing this, but I've not tested that.

I'm notabot, 'Hi!'.

A really rough calculation (and I acknowledge I could be somewhat off here) suggests that if you contribute for 40 years, and get around 5% interest per year, you'd need to put in an average of €10,000 per year to reach €1,250,000. Working out average salary progression through a working life is left as an exercise for the interested reader, but assuming you're putting 10% of your salary into your pension, you'd need to be earning six figures to make that pension pot, so a drop to around €73,000 including the public pension could be hard to manage.

As I said, not so much can't retire, as can't retire at the same standard of living, especially as annuity payments wouldn't increase with inflation.

I agree that them having users' phone numbers isn't ideal. There are other identifiers they could use that would work just as well. However, both the client and server are open source, so you can build, at least the client, yourself. If you can content yourself that it does not leak your ID when sending messages, then you don't need to trust the server as it does not have the information to build a graph of your contacts. Sealed sender seems to have been announced in 2018, so it's had time to be tested.

Don't get me wrong, the fact they require a phone number at all is a huge concern, and the reason I don't really use it much, but the concern you initially stated was addressed years ago and you can build the client yourself to validate that.

You're correct that if you use the system the way it used to work they can trivially build that connection, but (and I know this is a big assumption) if it does now work the way they say it does, they do not have the information to do that any more as the client doesn't actually authenticate to the server to send a message. Yes, with some network tracing they could probably still work out that you're the same client that did login to read messages, and that's a certainly a concern. I would prefer to see a messaging app that uses cryptographic keys as the only identifiers, and uses different keys for different contact pairs, but given their general architecture it seems they've tried to deal with the issue.

Assuming that you want to use a publicly accessible messaging app, do you have any ideas about how it should be architected? The biggest issue I see is that the client runs on your phone, and unless you've compiled it yourself, you can't know what it's actually doing.

Strictly you're having to trust the build of the client rather than the people running the server. If the client doesn't send/leak the information to the server, the people running the server can't do anything with it. It's definitely still a concern, and, if I'm going to use a hosted messaging app, I'd much rather see the client built and published by a different group, and ideally compile it myself. Apart from that I'm not sure there's any way to satisfy your concerns without building and running the server and client yourself.

'Sealed sender' seems to avoid this by not actually requiring the client to authenticate to the server at all, and relying on the recipient to validate that it's signed by the sender they expect from the encrypted data in the envelope. As I mentioned in another reply, I’m just going on what they’ve published on the system, so either I could be completely wrong, or they could be being misleading, but it does look like they’ve tried to address this issue.

Whilst I absolutely agree it's correct to be skeptical about it, the 'sealed sender' process means they don't actually know which account sent the message, just which account it should be delivered to. Your client doesn't even authenticate to send the message.

Now, I'm just going on what they've published on the system, so either I could be completely wrong, or they could be being misleading, but it does look like they've tried to address the very issue you've been pointing out. Obviously it'd be better if they didn't have your phone number at all, but this does seem to decouple it in a way that means they can't build a connection graph.

With 'sealed sender' your phone number, or any other identifying information, is not included in the metadata on the envelope, only the recipient's id is visible, and it's up to the recipient's client to validate the sender information that is inside the encrypted envelope. It looks like a step in the right direction, though I don't use signal enough to have looked into auditing it myself.

It's probably not so much you can't retire, but you can't retire with an income that you'll be comfortable on.

A brief look suggests the average pre-tax wage in Belgium is around €3800, or about €45000 per year. Assuming you already own your home, or continue to pay mortgage payments at the same rate as before retirement, your pension needs to roughly match your income to not have a drop in living standards. A €1250000 pension pot will buy an annuity that pays a bit more than that, probably around €55000 a year, but assuming you amassed that in your pension pot you would probably have been on a higher than average salary, so it's going to be close, and an annuity at that level wont increase with inflation, so your buying power drops over time, just when you're more likely to need a care home or nursing support.