We can just do this.

outlaws anonymous communication by requiring every citizen to verify their age before accessing a service

This is likely to be the case in practice, but technologically, it does not have to be the case.

If the age verifiers (which IMO should be the governments themselves^[1], but could also be a private third-party, as long as it’s not the same as the social media company) only ever receive a blinded token representing the user, verify the user’s age, and then the user brings that token back to the social media site, unblind it, and present them the signed token, there is no way for the age verifier to track which sites a person visits, and no way for the sites to have any detail about who their users are (other than what they already have).

I’m not sure what “piece linked” you’re talking about, since none of the parent comments of this comment actually have a link in them.

This is the first time I’ve ever heard of FUTO, but I did read their statement about open source and it sounds pretty good to me. I actually think they’re capitulating a little bit too much by deciding not to call it open source anymore. As far as I’m concerned, if the source is available and anyone can contribute, that’s open source. I don’t particularly care whether or not it’s free for Google to incorporate it into their increasingly-enshitified products or not.

Creative Commons (an org to which FUTO says they have donated) doesn’t like their licences being used for software, presumably for finicky technical legal reasons. But if you imagine the broad spirit of their licences applying to software, all the main CC licences would be open source in my opinion. All combinations of Attribution, Non-Commercial, Share Alike, and No Derivatives, as well as CC0 respect the important elements of open source.

There’s a ~/.docker/config.json. In that there’re some auths, with keys https://index.docker.io/v1/, https://index.docker.io/v1/access-token, and https://index.docker.io/v1/refresh-token, and then there’s "currentContext": "rootless".

There’s ~/.docker/contexts/meta/[a long hex string]/meta.json, with {"Name":"rootless","Metadata":{"Description":"Rootless mode"},"Endpoints":{"docker":{"Host":"unix:///run/user/1000/docker.sock","SkipTLSVerify":false}}}.

The only file in /etc/docker is key.json.

I never set one up myself, and this 11 year-old thread implies that Raspbian doesn’t have one set up by default. It is a very old thread though, so could be wrong.

edit: this is more recent and also says Raspbian doesn’t have DNS caching by default

$ dig registry-1.docker.io

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> registry-1.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50801
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;registry-1.docker.io.          IN      A

;; ANSWER SECTION:
registry-1.docker.io.   33      IN      A       54.210.249.78
registry-1.docker.io.   33      IN      A       44.218.153.24
registry-1.docker.io.   33      IN      A       107.20.112.188
registry-1.docker.io.   33      IN      A       34.234.222.10
registry-1.docker.io.   33      IN      A       34.195.83.243
registry-1.docker.io.   33      IN      A       52.21.128.203
registry-1.docker.io.   33      IN      A       52.0.248.137
registry-1.docker.io.   33      IN      A       52.207.69.161

;; Query time: 47 msec
;; SERVER: 192.168.20.1#53(192.168.20.1) (UDP)
;; WHEN: Tue Aug 12 22:27:45 AEST 2025
;; MSG SIZE  rcvd: 177
$ cat /etc/resolv.conf
# Generated by NetworkManager
search Home
nameserver 192.168.20.1

edit: oh, and in my router’s configuration:

• Primary DNS Server:9.9.9.9
• Secondary DNS Server:1.1.1.1

I’m happy to keep it public if only for the off chance that if we find a solution it might some day help someone else with the same issue. The thread’ll fall down in the rankings naturally over time anyway so I wouldn’t worry about polluting anything for people not actively seeking it out.

I’m not 100% sure how to find the OS version, but uname -a outputs [...]6.12.25+rpt-rpi-v8[...]. /etc/os-release contains “Debian GNU/Linux 12 (bookworm)”. It should be whatever was latest as of a month or two ago when I installed the OS fresh.

DHCP server as in on my router?

Still get exactly the same error.

52.207.69.161
52.21.128.203
3.224.238.37
44.218.153.24
54.210.249.78
18.232.25.125
52.72.195.97
54.161.169.181

Do you have no ipv6 address now in ip addr

Just comparing it by eye, there’s no change.

zag@raspberrypi:~ $ man dig
No manual entry for dig
zag@raspberrypi:~ $ which dig
zag@raspberrypi:~ $ sudo apt install dig
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package dig

But if I ping it

$ ping registry-1.docker.io
PING registry-1.docker.io (107.20.112.188) 56(84) bytes of data.

Unfortunately not.

 docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:ec153840d1e635ac434fab5e377081f17e0e15afab27beb3f726c3265039cfff": dial tcp [2600:1f18:2148:bc00:eff:d3ae:b836:fa07]:443: connect: network is unreachable

Run 'docker run --help' for more information

Whatever the latest version of Raspbian was a month or two ago when I installed it. uname -a outputs [...]6.12.25+rpt-rpi-v8[...]. /etc/os-release contains “Debian GNU/Linux 12 (bookworm)”.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:93:9b:06 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.40/24 brd 192.168.20.255 scope global dynamic noprefixroute eth0
       valid_lft 81876sec preferred_lft 81876sec
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:c6:ce:53 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether ce:3e:0d:9b:fa:14 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

net.ipv6.conf.all.disable_ipv6 = 1

But disabling IPv6 in the OS should fix it

I’ve already followed the instructions I could find to do that, but it didn’t work. Either disabling IPv6 isn’t the solution, or the instructions for how to disable it are incomplete. (You can see comments elsewhere in the thread for more detail.)

Sorry, maybe I should have explained every single step I tried in the body of the original post. I didn’t, partly because there were just too many and partly because I forgot which methods I had tried and which pages I had visited. But that page is one I’ve seen already.

It mentions to “blacklist” the module in a file that doesn’t exist. In fact, in a file that’s in a directory that doesn’t exist, which makes me very sceptical about the later claim that creating that file will fix it. /etc/modules-load.d exists, but not /etc/modules.d. I did already try the final suggestion to add that line to the end of /boot/firmware/cmdline.txt though. No luck.

I think the fact that it’s 6 years old is probably a big part of the reason it didn’t help. Files and directories have moved around. The suggestions in that post are literally just “do this” without any underlying explanation of what it’s doing that could lend to further investigation of the more modern way to do it.

It’s like if you asked why the top gear in your car isn’t working and gave the model of car and engine type and gearbox

Except if I try and access the same domain using curl, it works fine. For some reason, Docker specifically is what’s failing.

Yes, that is what I am here seeking help with.

In much simpler terms:

Think of an IP address like a street address. 192 My Street.

There might be multiple businesses at one street address. In real life we address them with things like 1/192 My Street and 2/192 My Street, but there’s no direct parallel to that in computer networks. Instead, what we do is more like directing your letter to say “Business A c/o 192 My Street”. That’s what SNI does.

Because we have to write all of that on the outside of the envelope, everyone gets to see that we’re communicating with Business A. But what if one of the businesses at 192 My Street is highly sensitive and we’d rather people didn’t know we were communicating with them? @bjoern_tantau@swg-empire.de’s proposal is basically like if you put the “Business A” part inside the envelope, so the mailman (and anyone who sees the letter on the way) only see that it’s going to 192 My Street. Then the front room at that address could open the envelope and see that the ultimate destination is Business A, and pass it along to them.

Rare Reddit w

I just took a really quick look at it, but under Importing data from Nominatim it says “-country-codes allows to filter the data to be imported by country. Set this to a comma-separated list of two-letter language codes.”

That’s a different section from the Importing data from a JSON dump section, which is where it only mentions -country-code. But even that does seem to suggest it takes “all the parameters of an import from a Nominatim database”. So it seems like either the documentation for one of them is wrong, or both are lacking (because in fact both the singular and plural work).