Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

If MIT AppInventor is still kicking around, you should be able to use it for this… although sadly you won’t have access to the source code since it’s a Scratch-like way to create apps.

By default the Android voice assistant uses Google tech AFAIK, if you’re after a truly source-available solution then there’s ”Futo voice input" to handle STT, and “RHVoice” to handle TTS - though these would still need a HTTP API bridge to do what you want

The last time I checked, piped had a button right on the playlist page to export playlists as JSON. You can then switch instances and re-import that data back in

I’m not sure about subscriptions though, only really use piped for watching videos quickly or listening to music playlists

From GoG specifically, as they patch the older games on their store to “just run” on modern Windows

BTRFS has encryption now? Yay!! I have been wrapping it inside a LUKS partition for years at this point…

I’m sorry to say this but, your way of picking software is wrong. You should always look for the open source software first, then use proprietary software.

I agree here, this is what I generally do nowadays. The exception for me is only software that I’ve been using for years, such as Plex and Niagara - finding an open source alternative for a proprietary solution is the easy part, the hard part is actually making it fit into your workflow.

This is why I’ve settled on just jumping ship to an open source option when the existing proprietary option is no longer fit for purpose (hackable, “transparent” etc) because of the time sink.

Niagara to Kvaesitso was really easy though, thanks to that developer and contributors absolutely knocking it out the park with the amazing search and UX.

But using Plex when Jellyfin exists is just wrong. I personally have a jellyfin instance, and there’s nothing jellyfin can’t do when compared to Plex.

Jellyfin is great, particularly for us and tech enthusiasts. For non-techies though, the first hurdle of different clients for mobile/desktop/insert-platform-here is a very tough sell (each with a slightly different UX, rearranged settings etc) and is even trickier when there are no apps available for games consoles and some smart TVs. I share my Plex server with my partner and parents, so moving to something else seems like more trouble than its worth at the moment.

Regardless I do have my eye on Jellyfin (and particularly the music apps like Finamp, since that is my personal primary use case for Plex) - for TV libraries and Movies the gap is closing fast, I believe the only major thing that is missing is the “Skip intro/outro” on some of the clients, but for music sadly the gap is only widening. It’s very much a watch-this-space type thing though as the community catches up, but I feel the sonic analysis in Plexamp and the many features built on top of that are going to take a lot of volunteer time to replicate

Encouraging proprietary software makes them stronger and erodes our rights. Like using chrome instead of Firefox is voting for a future where remote device attestation and forced DRM is a normal thing. Do you want the corps to eradicate your free will?

I agree.

With remote attestation sadly we are already there on Android: most apps require GMS even when they don’t need it, and some paranoid non-banking apps unnecessarily call Google’s attestation API, and subsequently block some actions if your device doesn’t pass.

I personally run a rooted device for full control over app backups, my device’s BMS, and various other stuff - where possible I pretty much use open source& source-available apps, as well as browser shortcuts and PWAs, where I have the freedom to perform any desired action without being restricted by any attestation. My partner has a very keen interest in the freedom offered and is actually very annoyed at the state of things on modern Android - but sadly the attestation issues and Samsung Knox in particular are big showstoppers (I use an FP3, so no “security void” hardware fuses here)

Holy moly that is an absolute sh*t ton of ads!

Free google play credit, I usually get an email every year for it

But I do pay for Plex, despite Jellyfin being a thing. If I like something and it’s worth it to me personally, why not 🤷‍♂️… but you will never find me defending their kinda crappy decisions like the new Discover feature, removal of “All Songs” from the plex apps in favor of moving people to Plexamp, removing the Gallery sync a few years ago etc.

Some people want their software to be 100% FOSS all-eyes-on-the-codebase, others just do a balancing act based on their personal values.

I value my software to be “transparent enough” in how it operates, “just work”, and hackable to some extent - if I really wanted to I can swap out the ffmpeg binary that Plex uses for transcoding to something else (doesn’t remove the Plex Pass limitation for those curious), I can hook into the server API to change ambient lighting colour based on the cover/background of whatever media is playing, I can create speakers running a Linux board to cast Plex media to, etc. But once that hackable ship sails, then I will look to FOSS alternatives.

For Niagara, everything “just worked”. No noticeable bugs, fast search, consistent feel and design, useful contextual info (e.g. next calendar event shows under the clock), and gestures that made sense for its overall UX. Using it felt less like you were using a “launcher”. The yearly sub was cheap enough that I wouldn’t mind covering for it if I didn’t get credits, and having a single person working on software usually comes with a high level of attention to detail (particularly in performance and UX) but it does have the downside that the experience may be more opinionated and closed compared to if it was a community-driven FOSS project instead IMO.

Alas, google didn’t send credits this year, Niagara made less sense for value/worth-it compared to Kvaesitso, so I abandoned it.

For me, Kvaesitso does everything in a slightly different, much more customizable way, and being FOSS was one of the things that made it particularly attractive as a replacement

Second this. Zorin OS, and Mandriva Linux (before they went bankrupt, and the community picked up development) were my first exposure to Linux over a decade ago, and the ux familiarity really helps a ton.

A lot of the other distros had funny stuff going on with multiple docks, open apps showing in the top dock, others looked like a Stardock Special and it was just a little confusing for younger me lol

X.509 certs are commonly used in TLS/HTTPS.

Why is one needed in your boot process?

Don’t know why but I found this funny

Edit: sorry, I may have misunderstood your post - free email != email masking.

My original post below…

Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of

I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.

Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don’t support ed25519 kex

Probably a good idea to look for a different client, call me tinfoil but I wouldn’t want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency

Ooh that Focus launcher looks pretty clean, enjoy!

Also TIL videos can be inserted in the GitHub readme 🤯

Both were minor annoyances for me at first lol, thankfully the widget button can be removed (Settings, Home Screen, Edit button - toggle off)

The favorites box is an interesting one, I was originally puzzled with it being empty until I started opening and pinning apps. Now settled on using it as an overflow for my home screen, where 5 of the most used are shown under the clock (with music permanently pinned), and the rest sit in the favorites box.

I did notice some stutter on the apps menu which only occurs while the keyboard is open, but goes away completely when the keyboard disappears. For others it seems like the entire app drawer is stuttery (noticed a long discussion on GitHub with some potential solutions: https://github.com/MM2-0/Kvaesitso/issues/257 )

If they’re easy to get, why not have them 😉

Very relaxing colour scheme, I like 👌

The sense of entitlement in some of the replies on that post are absolutely awful

As for me personally, I want to love Wayland. It has great performance on ALL my devices, (except one with a nvidia GPU) and is super smooth compared to X11!

However… the secure aspect of Wayland makes it very difficult, if not impossible to easily get a remote desktop going. Wayvnc doesn’t support the most popular desktop environments depending on how Wayland was compiled, and the built-in desktop sharing on distros that have switched over to Wayland often require very specific Linux-only VNC and RDP clients, otherwise you run into odd errors.

I really hope the desktop sharing situation improves because it’s a pretty big showstopper for me. On X11 you just install & run x11vnc from a remote SSH session and you have immediate session access with VNC from Linux, Android, and Windows. If you want lockscreen access too then you run as root and provide the greeter’s Xauth credentials. But Wayland’s not so simple sadly AFAICT…

Waypipe is something I’ve found out about recently though, so need to check that out and see how well it works at the moment. If anyone has any helpful info or pointers please share, I’m completely new to Wayland and would appreciate it!

What happened to gitea? Been hearing more about Forgejo recently but haven’t checked it out yet

This is how I do it 👌 no need to install another when the pi already comes with one OOTB.

If OP is looking for VNC clients for zorin OS, there’s an app called “Connections” in the store which works great