You misspelled KeepAss.

I tried to run some software on my router. It kind of works, if it fits. Storage was the limiting factor. There’s an option to expand the FS to include a USB stick, but somehow it made something overheat, and the router froze every now and then.

When they got home, they were so hungry that they actually consented to eating soup!

By the way, it’s totally possible to ride on level ice, if careful, but some trails have this compacted ridge in the middle which makes them convex.

A bit late to the party, but I took my kids out for a bicycle ride (into the nearest bog, so we walked part of the way). The bits where the ground was still covered with ice were the most fun.

Fundamental logic skills also imply that atheism is a belief “God doesn’t exist!”

As an upgrade, try agnosticism: “Do we have good evidence that God exists?” So far, the only argument in favor of atheism I know of is the Occam’s Razor (those manifestations of God could also be explained in other, possibly simpler ways).

I’m running my email server on a POCO F1 ex-Android phone (running PostmarketOS now).

I wish I could get NixOS running on it, then I’d move other things also there.

I’m using VNC over an SSH tunnel. TigerVNC’s vncviewer even has the -via parameter you can use to make creating the tunnel seamless.

Here’s a couple of pointers to get started:

1. The Arch Linux Wiki is full of excellent information. It’s not for beginners, though.
2. Run top in your terminal to see what’s taking CPU.
3. Run top -o RES (or what’s easier, run top and then press M while it’s running) to see what is taking up RAM.

… though unfortunately, it’s mighty probable that the only significant consumer of memory and CPU is your browser. Get uBlock Origin, it helps web pages be lighter and eat less resources. Don’t open too many tabs at once - learn to use bookmarks efficiently, instead (folders, bookmarks toolbar and whatnot).

Reminds me of the programs that make the kernel drop FS buffers in an attempt to free up RAM. Or hog as much memory as they can in an attempt to have unused things swapped to disk. Yeah, they free up RAM all right, but at the expense of actual speed.

Most of the time, this junk is actively harmful. Forget it, modern Linux uses optimized defaults.

You can get more performance out of your hardware by switching to from heavyweight to lightweight programs - for example, instead of Skype (which uses Electron), choose some other way to chat like irssi for IRC. Instead of Gnome, choose i3 or dwm or something like that. You need a bunch of tradeoffs and learning, though, to really get the most out of your hardware.

Windows has a pre-built index as well (or at least it has a search indexer service that enjoys as warm a CPU as possible). That doesn’t appear to improve the speed of search, though.

In Linux, the locate command is crazy fast. I am amazed at how slow search is in Windows, compared to this.

The last time I needed to boot a PC that didn’t have a screen, I built a NixOS installation image with SSH access. I added a user, sudo access, and prepopulated authenticated SSH keys, something similar to https://nixos.mayflower.consulting/blog/2018/09/11/custom-images/

It was about as easy as configuring my own NixOS system.

There you go: https://wiki.archlinux.org/title/Bubblewrap

Environments are per-process. Every program can have its own environment, so don’t inject secrets where they’re not needed.

I’m using bubblewrap to restrict access to FS.

Oh, I totally agree my solution is not “proper” - it’s a homebrewn solution, full of duct tape and shoestrings. That said, it does everything I need to do. Which features of “proper programs” would you be missing? Perhaps I could add them for my own use.

Did gou look into what takes up the most memory? You could downgrade from the modern browser with 500 tabs to netsurf with 500 bookmarks, perhaps, or similar. Many modern websites don’t work there, though.

Instead of Gnome, I’m using Sway, at the moment it’s taking up 236MB resident.

Do you need that mail client to run 24x7? It’s better for mental health to check mail when you decide (once in the morning), not when some rando wants to sell you cannabis oil (best cure for any ailment!) - or you might find something tiny that checks for email and shows a desktop notification, so you know to launch your mail client.

Alacritty likes to munch memory, Foot takes up much less, but Foot doesn’t render some colors correctly, for whatever reason.

Shop around, there are more options than just changing the Matrix client.

I wrote a Bash script that uses rsync to copy data elsewhere.

It gets launched by a systemd timer, but cron would also work. At first it creates a btrfs snapshot of source, for consistency’s sake.

Then it copies stuff. It’s incremental, ie. unchanged files get hardlinked, not copied (-link-dest against the latest symlink) into date-specific directories that present the full view of the filesystem.

Finally, it cleans up the source snapshot and rewrites the latest symlink to point to the freshly made copy, if successful.

I could share my script, if there’s interest, tho it might look a bit messy. Oh, and these rdiff-whatchamacallits probably do the same thing in a more professional manner. I wrote mine to learn rsync.

Not saying my practice is the best one, but here’s what I do:

• EFI system partition is mounted on /boot
  • kernel is held here. In case of distros like NixOS etc that keep around old kernels, a small ESP might run out of space. I make mine at least 1GB.
• the rest of the disk is one luks2 volume
• inside the encrypted volume, there’s a BTRFS volume
• there’s a subvolume for /home
• and a subvolume for every distro I have (which is usually 1, but sometimes I tinker or switch)
• Kernel command line parameters specify the btrfs subvol with the right distro to boot.
• for NixOS, you need a bootloader (to choose the right kernel). Systemd-boot works well, and its configuration is easily readable. I never figured out how to work with GRUB2, its configuration is just too confusing.
• or if you like Arch, dispense with bootloaders and just use EFISTUB. You can put kernel cmdline params into EFI bootloader options with efibootmgr.

Simple yet complete. Efficient, and extensible - for example, now that everything is a subvolume, I can easily snapshot it, then create backups with rsync off the snapshot, to avoid inconsistent state between backed-up files.

Here it comes: https://paste.ee/p/voTFI

Note that I’m no Bash expert, and you’ll undoubtedly find ways to improve or fix it. Usage:

• Run stuff in a sandbox isolate bash - and then verify your access to filesystem is restricted
• Enable Xorg for apps that need it X=1 isolate mindustry
  • Wayland, which naturally isolates apps from each other, is enabled by default.
• Enable network for apps that need it: NET=1 isolate curl https://ip6.me/api/
• Enter the sandbox to mess around with it manually: NAME=mindustry isolate bash
  • Note that it doesn’t catch Ctrl-C. Ctrl-C kills the isolated Bash.
• Populate data (installers and whatnot): NAME=mygame isolate ls; cp installer.sh ~/.local/share/bubblewrap/mygame/; NAME=mygame isolate bash

Interesting, could you please elaborate?

1. What exactly is this “built in sandbox”, and what does it protect against? How does it compare with Flatpak disallowing access to filesystem?
2. Could we get a source for the claim of sandbox being crippled? Or more details? Documentation? Build scripts?

I had a look at flatpaks I have installed:

• Firefox (org.mozilla.firefox): no access to ~

• Thunderbird (org.mozilla.Thunderbird): no access to ~

• Element (im.riot.Riot): no access to ~

• Beyond All Reason (info.beyondallreason.bar) - no access to ~

• Steam (com.valvesoftware.Steam) - no access to ~, and (best of all) Steam runs a ton of untrusted code in games, which will inherit this restriction.

• Wolfenstein: Blade of Agony (com.realm667.Wolfenstein_Blade_of_Agony) - no access to ~

• Chromium (com.github.Eloston.UngoogledChromium): allows access to ~ by default. It’s one click to disable, or I could shop around for another one, like org.chromium.Chromium.

• OpenTTD (org.openttd.OpenTTD) - allows access to ~

Thus, yeah, some apps neglect to restrrict ~, thankfully it’s easy to fix. It’s not a disadvantage, though, it’s a lack of advantage.