Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

The room might stink, but nobody intentionally shat on the floor.

I like this figure of speech a lot, stealing it 😁

BTRFS has encryption now? Yay!! I have been wrapping it inside a LUKS partition for years at this point…

Holy moly that is an absolute sh*t ton of ads!

Second this. Zorin OS, and Mandriva Linux (before they went bankrupt, and the community picked up development) were my first exposure to Linux over a decade ago, and the ux familiarity really helps a ton.

A lot of the other distros had funny stuff going on with multiple docks, open apps showing in the top dock, others looked like a Stardock Special and it was just a little confusing for younger me lol

X.509 certs are commonly used in TLS/HTTPS.

Why is one needed in your boot process?

Don’t know why but I found this funny

Edit: sorry, I may have misunderstood your post - free email != email masking.

My original post below…

Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of

I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.

Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don’t support ed25519 kex

Probably a good idea to look for a different client, call me tinfoil but I wouldn’t want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency

If they’re easy to get, why not have them 😉

Very relaxing colour scheme, I like 👌

The sense of entitlement in some of the replies on that post are absolutely awful

As for me personally, I want to love Wayland. It has great performance on ALL my devices, (except one with a nvidia GPU) and is super smooth compared to X11!

However… the secure aspect of Wayland makes it very difficult, if not impossible to easily get a remote desktop going. Wayvnc doesn’t support the most popular desktop environments depending on how Wayland was compiled, and the built-in desktop sharing on distros that have switched over to Wayland often require very specific Linux-only VNC and RDP clients, otherwise you run into odd errors.

I really hope the desktop sharing situation improves because it’s a pretty big showstopper for me. On X11 you just install & run x11vnc from a remote SSH session and you have immediate session access with VNC from Linux, Android, and Windows. If you want lockscreen access too then you run as root and provide the greeter’s Xauth credentials. But Wayland’s not so simple sadly AFAICT…

Waypipe is something I’ve found out about recently though, so need to check that out and see how well it works at the moment. If anyone has any helpful info or pointers please share, I’m completely new to Wayland and would appreciate it!

This is how I do it 👌 no need to install another when the pi already comes with one OOTB.

If OP is looking for VNC clients for zorin OS, there’s an app called “Connections” in the store which works great

Ooh interesting, never knew they started a rewrite!

The reports of poor performance with the PHP version was one of the things that pushed me towards using Syncthing instead when I was looking for a solution to view my documents and files from various devices

Sending files from my phone to my laptop - just copy them to a special folder and boom, sent 😁

My response might be a hot take 🥲

Personally:

• OSS: source available
• FOSS: Free (freedom) open source, copyleft

I just learned today about “Grayjay,” a video streaming service client app created by Louis Rossmann. Various aticles out there are billing it as “Open Source” or “FOSS”. It’s not. Grayjay’s license doesn’t allowe commercial redistribution or derivative works. Its source code is available to the general public, but that’s far from sufficient to qualify as “Open Source.” (That article even claims “GrayJay is an open-source app, which means that users are free to alter it to meet their specific needs,” but Grayjay’s license grants no license to create modified versions at all.)

I had a look through the license at launch, and also watched the entirety of Louis’ video, in both of which I didn’t come across any restrictions imposed on an end user to modify the app for their own needs or redistribution - just no commercial redistribution or redistribution with ill intent. I keep seeing the restrictions mentioned though and genuinely cannot find anything to back them up…

In the original launch video Louis does explicitly state that the app is not free, but he does erroneously refer to it as open source. Mainstream tech outlets conflating foss/source-available is likely down to journalists just not aware of the distinction, or just taking his word for it

IMO since the app is Louis’ project that is primarily being financed by donating his personal money to FUTO (AFAICT) it would be immediately obvious to a follower of his that the app is not going to be open source as per the OSI definition. Looking at what happened with NewPipe clones when he mentioned it on his channel, and bad actors in local governments sabotaging his attempts to get a bulletproof R2R passed in many states, his overall trust level is probably pretty low - the last thing someone like that would want on a personal project is loads of strangers contributing, bad actors ripping it off trying to make a quick buck, or even worse redistributing it with malware.

Leaving the OSS conflation aspect for a second, Grayjay is a very big and complex app, with integrated dev tools and a comprehensive plugin system (each are individually GPL licensed if i’m not mistaken). IMO chances are if someone wants to modify the app, they should be looking at a GPL plugin to introduce their functionality in, rather than modifying the source - as would be required with something like NewPipe. They have a whole youtube video going through how to develop a plugin, and how it’s architected.

If/when Grayjay is transitioned to FOSS, I imagine it’ll be difficult for the community to maintain it due to the complexity… It’ll probably need to be broken down into several smaller manageable parts, such as projects like Home Assistant, LibreOffice, and Node-Red. Something like NewPipe, which is literally just the Android app and extractor library, would be much easier for unpaid volunteer contributors to maintain IMO.

I personally disagree slightly with the current definition of “open source”, because it hides so much nuance that isn’t readily evident to someone unfamiliar with the community. A lot of people do not make the connection of “open source” = OSI, they think “open source” = source is out in the open. FOSS and FLOSS are way more explicit in meaning from my perspective

Do you get any output from # virsh list --all and # docker info?

I have a feeling it’s an SELinux issue, and i’m not familiar with how that works at all (yet 😳). May be a good call to purge virt-manager, libvirtd, docker, containerd, and reinstall them…

Neat bot!

VLC can pretty much play everything - avi, avi+mjpeg, mov, mpeg, 3gp, flv, you name it. In some cases it can reconstruct corrupted videos and try to play them (typically AVI files)

There’s another player called MPV if you want a second option just in-case though!

For opening Word documents, I’d highly recommend OnlyOffice. Has outstanding compatibility with documents originally created in Microsoft Word, and it’s free on Flathub

Another alternative if you have an existing 365 subscription would be the online version of Word in your web browser.

If you’re heavily into the 365 ecosystem though, do note that things like Onedrive compatibility aren’t all the way there on linux, so you’d miss luxuries like right-clicking a file and getting a shareable link, or sending a file to someone directly from the file manager. For these you’ll need to drag-n-drop the file into onedrive, or into your email app to send them.

Things like opening PDFs, viewing various video formats etc, are built-in and work flawlessly on pretty much all Linux distros. Support for opening encrypted PDF files should be flawless too, haven’t had issues with these myself.

Would recommend Linux Mint, or Zorin OS, as both have a pretty similar look and feel when coming from Windows