Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.
Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.
Fair enough!
So you would suggest to get bigger and bigger storages?
Personally I would suggest never recording video. We did fine without it for aeons and photos are plenty good enough. If you can still to this rule you will never have a single problem of bandwidth or storage ever again. Of course I understand that this is an outrageous and unthinkable idea for many people these days, but that is my suggestion.
The local-plus-remote strategy is fine for any real-world scenario. Make sure that at least one of the replicas is a one-way backup (i.e., no possibility of mirroring a deletion). That way you can increment it with zero risk.
And now for some philosophy. Your files are important, sure, but ask yourself how many times you have actually looked at them in the last year or decade. There’s a good chance it’s zero. Everything in the world will disappear and be forgotten, including your files and indeed you. If the worst happens and you lose it all, you will likely get over it just fine and move on. Personally, this rather obvious realization has helped me to stress less about backup strategy.
XDG Desktop Portals as a standardised way for applications to access resources that are outside of the sandbox
It is designed to enable desktop applications to take full advantage of snap packaging
So all this only affects Snap apps, is that correct?
This is great news! Debian is back in contention for me.
Recently Debian developer Helmut Grohne initiated the Debian development discussion around removing more packages from the unstable archive. He argued in favor of more aggressively removing unmaintained packages from the archive given the QA-related costs, additional work/complexities when dealing with major fundamental changes to Debian, and other non-trivial costs
Useful insight, thanks. And somewhat reassuring.
I have no intention of using Arch (btw). I’m the kind of insufferable idealist who wants to use Debian for the high-minded principle of it. I consider Arch a toy distro for gamers. :)
For years I used Debian. Because it worked, but also because Debian looked to me to be the purest and most solid FOSS distro. That is, it’s not run by a for-profit company, and it isn’t a derivative that will go away one day. It looked - still looks - like the “universal” Linux distro, which I believe is even its motto.
Firstly, is that assessment justified?
Next: the problem. A few years ago I read a disturbing report about the behind-the-scenes dysfunction at Debian. Specifically:
Possibly this was disinformation by someone with a scurrilous agenda. I want it not to be true because I believe Linux needs a flagship FOSS distro and Debian is the obvious candidate.
Can anyone set the record straight? Because when I had to do a new install I went with Ubuntu (LTS), and this was partly inspired by the above. I would really like all this to be wrong and to know that Debian is on the right path.
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
OK. I suppose this is the correct answer.
The least bad option [for Signal] is the unofficial flatpak.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
By definition an email server is not under your control, so the question of whether or not it runs FOSS is a bit moot and in any case impossible to verify.
In terms of privacy-respecting email hosting, Proton, Posteo, and Mailbox all spring to mind.
Looks great, well done.
Personally, the deb
-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop
, where the handy one-click installation goes like this:
# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
sudo tee /etc/apt/sources.list.d/signal-xenial.list
# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktop
Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository
but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?
Sure, but in that case the default encryption could easily be switched off for multiple-drive setups. Basically, the default setting is what’s important.
Ha! Just checked and it turns out this is the exact line that’s already in my screenshot script. Which apparently I pilfered without trying very hard to understand - as usual! Can confirm it works great.
This is a good question. Phone numbers are increasingly used as de-facto ID numbers, everywhere in the world. That’s because, unlike email, they cost money, and in most jurisdictions you can’t even get one anymore without presenting real ID. So: if you have a second phone number, you can effectively have a second persona for any site or app that requires phone-number ID. Seriously, at this rate, it’s going to be all of them.
IMO the best use-case for this is to quarantine your contact list. That is, keep a separate number for social networks and messaging. The number you give to your in-person contacts will be instantly shared with all their cloud services, whether you like it or not. This is what allows Big Tech to triangulate and discover exactly who you know and therefore who you are. If the cloud services cannot trace a number back to any phone ID in their own books, then they can’t do much with it and you will remain at least something of a mystery to them.
its just never on by default
Except PopOS, as I understand it. IMO that is a major point in its favor and against its competitors, given the dominance of laptops today. I see no reason why this is still opt-in, rather than opt-out as on mobile OSs.
Alas no but from your screenshot I learned all about grim
. Thanks!
Useful to know, thanks.
For the record, I once had a bad experience with the Debian installer’s version. That is why I will not be trying Debian again. Installation is a moment of vulnerability, when you don’t have ready access to your data, or the network, and this is one extra factor. IMO it really is non-negotiable for a distro to provide a bulletproof installation experience.
To add to the comments, most distros do not offer FDE by default when installing. You have to jump thru hoops. No idea why this is still the case given how many consumer computers are laptops these days, it seems crazy.
The big exception seems to be PopOS, an Ubuntu derivative which is intended for laptops. FDE by default so it must be pretty easy to get that up and running.
Ubuntu itself has a solid FDE option on install, too. It sets up the LVM configuration as already described, no expertise needed. And IME works very reliably.
Sure, but I do think he would be pleasantly surprised by how things turned out. Aldous Huxley saw the future better. This is not a particularly original analysis.
IMO Orwell’s real insight was about the importance of clarity and truth in language, as a protection against political manipulation. That really was revolutionary.
Thanks. Keep up the good work.
Can confirm. I have used one or the other exclusively for 20 years. Mostly on laptops. And these days with just a tiling window manager and terminal.
It just works.