𝒍𝒆𝒎𝒂𝒏𝒏

Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

Salty snacks, fried or baked 😁. Failing that, those tiny 7" pizzas that fit into my Ninja, ready in literally 8 mins

Used to like preparing food, but seems like such a hassle now

I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention

SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).

On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything

Looked up what “fawning” meant, never heard that word before

praising someone too much and giving them a lot of attention that is not sincere in order to get a positive reaction

Source

Haven’t watched the video so I’m unsure of the context, whether it’s about a neurotypical as the recipient of fawning, or a neurotypical fawning another individual

I think they would start obfuscating the relevant code to get around it

Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions

The room might stink, but nobody intentionally shat on the floor.

I like this figure of speech a lot, stealing it 😁

From GoG specifically, as they patch the older games on their store to “just run” on modern Windows

For me it’s the ability to set up a shared instance with the base request URL, and set headers for things like the user’s token, allowing all requests made with that shared Axios instance to be sent to the right path with the token without needing to define them for each individual request.

To be honest though something similar can be done with spread syntax in the Fetch API’s options parameter

it’s got telemetry on by default.

Very, very hard pass. Might even blow out my suspension doing so

A lot of jQuery’s features are now available in native JS - would also suggest just using native JS anyway because jQuery won’t throw any errors into the console if a selector matches no elements etc.

The only additional library I’ve needed recently for (personal work) is Axios for requests - easier than working with the Fetch API in some cases

BTRFS has encryption now? Yay!! I have been wrapping it inside a LUKS partition for years at this point…

Holy moly that is an absolute sh*t ton of ads!

Second this. Zorin OS, and Mandriva Linux (before they went bankrupt, and the community picked up development) were my first exposure to Linux over a decade ago, and the ux familiarity really helps a ton.

A lot of the other distros had funny stuff going on with multiple docks, open apps showing in the top dock, others looked like a Stardock Special and it was just a little confusing for younger me lol

X.509 certs are commonly used in TLS/HTTPS.

Why is one needed in your boot process?

Don’t know why but I found this funny

Edit: sorry, I may have misunderstood your post - free email != email masking.

My original post below…

Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of

I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.

Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don’t support ed25519 kex

Probably a good idea to look for a different client, call me tinfoil but I wouldn’t want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency

If they’re easy to get, why not have them 😉

Very relaxing colour scheme, I like 👌

The sense of entitlement in some of the replies on that post are absolutely awful

As for me personally, I want to love Wayland. It has great performance on ALL my devices, (except one with a nvidia GPU) and is super smooth compared to X11!

However… the secure aspect of Wayland makes it very difficult, if not impossible to easily get a remote desktop going. Wayvnc doesn’t support the most popular desktop environments depending on how Wayland was compiled, and the built-in desktop sharing on distros that have switched over to Wayland often require very specific Linux-only VNC and RDP clients, otherwise you run into odd errors.

I really hope the desktop sharing situation improves because it’s a pretty big showstopper for me. On X11 you just install & run x11vnc from a remote SSH session and you have immediate session access with VNC from Linux, Android, and Windows. If you want lockscreen access too then you run as root and provide the greeter’s Xauth credentials. But Wayland’s not so simple sadly AFAICT…

Waypipe is something I’ve found out about recently though, so need to check that out and see how well it works at the moment. If anyone has any helpful info or pointers please share, I’m completely new to Wayland and would appreciate it!