boredsquirrel
@boredsquirrel@slrpnk.net
- Comment on This week in KDE Apps 3 weeks ago:
Agree with the latter, but not sure if this is the issue
GNOME not being really adaptive makes it very easy to use their apps on other desktops, they just dont look wrong
- Comment on This week in KDE Apps 3 weeks ago:
No I mean why KDE apps cannot have their theme so that THEY arent broken
They are broken on any desktop, decorations are not an issue
- Comment on This week in KDE Apps 3 weeks ago:
True. Any reason why they cant just have their theme set permanently?
- Comment on YSK: You don't own your Kindle e-books. 1 month ago:
You can get Audiobooks from Spotify using the app Soundbound. You need to insert a list of plugins, then it works.
Apart from that, youtube? Or sailing the high seas?
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Yes this is true. That is why a separate method would be needed, to log into and hand the password to the LUKS decrypt of the server.
I heard Debian can do this with ssh in the initramfs?
Sounds like a hella pain of course.
Alternatively I thought about using a security key to unlock, and in scenarios where I am worried about getting hardware stolen, I can pull it out and need to manually enter the password.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Yes the threat model is people pulling out the drive, of course.
How should they get access to the server when it is running? You still need to connect to it and log in, which wouldnt be the case.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Rebasing is not important, for the most people.
I like to try variations of the same system, like Fedora Kinoite, uBlue kinoite-main, uBlue Aurora, secureblue Kinoite-main, went back.
But resetting is the key.
Also rebasing would allow you to switch from normal deployment to a local image host, like in your LAN. This could already be worth it if all your family uses the same system, even more a company.
You can do uBlue style stuff at home on your own server, mostly with podman and buildah
- Comment on Is Pixel 9 worth it? (instead of Pixel 8) 1 month ago:
Btw if you miss some performance, as far as I grasp it, you can disable “secure app spawning”. Again, afaigi it is for a pretty high threat model (apps trying to attack others, with their memory layout as attack surface).
This will reduce RAM need a ton, speed up app spawning and can reduce many issues like
- OSMAnd crashing or running slowly
- apps being killed in the background, increasing the issue of…
- … slow app spawning (the app performance is normal, except from low memory edge cases)
- Comment on Is Pixel 9 worth it? (instead of Pixel 8) 1 month ago:
That device gets no updates at all anymore. GrapheneOS may give you some security backports.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Yes microOS ticks those 2 boxes.
Fedora on its own doesnt do backups at all, which I find crazy.
rpm-ostree or bootc though are better, as they allow rebasing, resetting etc. This is not possible with microOS, which is a huge dealbreaker for having a server that will never have the need to be reinstalled.
I will try Caddy! Did you use NGINX before?
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
The threat scenario is currently very harmless, but I had situations where Raids could be likely. This is always a shitty case, you need to hide a backup laptop in a different location etc.
But honestly I just find this security hacking a ton of fun.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Hm, so when using Nextcloud, is the db itself encrypted or something?
All my devices are encrypted.
Access to the decrypted data requires RAM access, i.e. cold boot attack. Or access to the server via ssh (fail2ban, strong keys) or the admin or user nextcloud accounts (again with strong passwords and possibly TOTP or webauthn).
I already fiddled with the required Nextcloud Addons for TOTP and it worked great. Webauthn is an Android/GrapheneOS limitation poorly, maybe that gets fixed some day.
The issue of course is upgrades. I should do a second post on that topic. There are solutions for that, like mounting encrypted partitions and running Nextcloud on there. This could be automated.
For the obvious raid attack, I would have a udev rule that detects when AC is disconnected and then performs a clean shutdown.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Thanks for the tips!
Both SSDs are SATA and I want to LUKS encrypt both too.
So automatic updates could work, but I guess I would need to manually reboot as there is no remote LUKS unlock option. Debian has one?
That would also be a reason against Fedora with its very fast release cycle.
- Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS? 1 month ago:
Yes it does. Fedora Atomic and others could be problematic with Docker, while Docker may be less secure or whatever but is also easier.
Also the distros packages matter, etc.
- Submitted 1 month ago to selfhosted@lemmy.world | 0 comments
- Submitted 1 month ago to selfhosting@slrpnk.net | 16 comments
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
And now I am replying back, just like that!
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
Nobody talked about Calyx, but yeah, Fairphone is the worst XD
Others like /e/OS are similar to Fairphone (it runs on Fairphones)
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
I also dont think you give Google a lot of money when just leeching on their services with lots of fake accounts.
I use Youtube with adblock / custom apps since 6 years or something, so that should be equal to the market value I gave their phones on the used market
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
The phones are good. Yes it is a lot of money, and they do silly stuff with these phones, like removing everything or using glass everywhere
I just buy used. Way cheaper, never gonna pay more than for my Laptop
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
Their hardware requirements are pretty clear. Samsung is the only one with comparably secure devices, but they use nonstandard tools like Odin and lock down many security features to the stock OS only.
Other companies are supposedly not making anything as secure.
- Comment on GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project 2 months ago:
Damn that was fast.
- Comment on YSK: It's possible to get search results from Google without the annoying 'AI' answers at the top 2 months ago:
Okay
- Comment on YSK: It's possible to get search results from Google without the annoying 'AI' answers at the top 2 months ago:
Librewolf supports custom OpenSearch engines? Cool?
Didnt know that. Firefox should absolutely support this again, needing an Addon is embarrassing
- Comment on YSK: It's possible to get search results from Google without the annoying 'AI' answers at the top 2 months ago:
No you cant. Engines either need to support the “OpenSearch” standard, which is useless because it only works for a few and only for default configurstion.
Or they need to have an Extension themselves, which is a silly concept.
Instead, this addon uses a URL (as it is supported in Firefox Mobile, Chrome, Edge, …) and converts it to an OpenSearch Search engine which you can then add.
Afterwards you can remove the Addon.
- Submitted 2 months ago to newcommunities@lemmy.world | 0 comments
- Comment on Weekly active communities promotion thread - Art 2 months ago:
Oopsie
- Comment on YSK: It's possible to get search results from Google without the annoying 'AI' answers at the top 2 months ago:
Well, replace that with Firefox and use this Addon:
- Comment on Do you have any critiques of Pixel 9 Gemini's privacy? 2 months ago:
If it is private, then this means it is FOSS and should run on AOSP, so also on GrapheneOS. Then, fine. If not, then it is not private as it is a black box.
- Comment on Do you have any critiques of Pixel 9 Gemini's privacy? 2 months ago:
Matching: