Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.
Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.
Fair enough!
So you would suggest to get bigger and bigger storages?
Personally I would suggest never recording video. We did fine without it for aeons and photos are plenty good enough. If you can still to this rule you will never have a single problem of bandwidth or storage ever again. Of course I understand that this is an outrageous and unthinkable idea for many people these days, but that is my suggestion.
The local-plus-remote strategy is fine for any real-world scenario. Make sure that at least one of the replicas is a one-way backup (i.e., no possibility of mirroring a deletion). That way you can increment it with zero risk.
And now for some philosophy. Your files are important, sure, but ask yourself how many times you have actually looked at them in the last year or decade. There’s a good chance it’s zero. Everything in the world will disappear and be forgotten, including your files and indeed you. If the worst happens and you lose it all, you will likely get over it just fine and move on. Personally, this rather obvious realization has helped me to stress less about backup strategy.
XDG Desktop Portals as a standardised way for applications to access resources that are outside of the sandbox
It is designed to enable desktop applications to take full advantage of snap packaging
So all this only affects Snap apps, is that correct?
This is great news! Debian is back in contention for me.
Recently Debian developer Helmut Grohne initiated the Debian development discussion around removing more packages from the unstable archive. He argued in favor of more aggressively removing unmaintained packages from the archive given the QA-related costs, additional work/complexities when dealing with major fundamental changes to Debian, and other non-trivial costs
Useful insight, thanks. And somewhat reassuring.
I have no intention of using Arch (btw). I’m the kind of insufferable idealist who wants to use Debian for the high-minded principle of it. I consider Arch a toy distro for gamers. :)
For years I used Debian. Because it worked, but also because Debian looked to me to be the purest and most solid FOSS distro. That is, it’s not run by a for-profit company, and it isn’t a derivative that will go away one day. It looked - still looks - like the “universal” Linux distro, which I believe is even its motto.
Firstly, is that assessment justified?
Next: the problem. A few years ago I read a disturbing report about the behind-the-scenes dysfunction at Debian. Specifically:
Possibly this was disinformation by someone with a scurrilous agenda. I want it not to be true because I believe Linux needs a flagship FOSS distro and Debian is the obvious candidate.
Can anyone set the record straight? Because when I had to do a new install I went with Ubuntu (LTS), and this was partly inspired by the above. I would really like all this to be wrong and to know that Debian is on the right path.
Apt is not built with security in mind, at all. The partial sandboxing it does do is trivial to bypass. Adding a repo is basically a RAT Trojan on your computer.
OK. I suppose this is the correct answer.
The least bad option [for Signal] is the unofficial flatpak.
Unless I’m missing something, here we will disagree. Secure or not, FOSS principle-respecting or not, if I’m choosing to install software by X then I’m going to get it straight from X and not involve third-party Y too.
By definition an email server is not under your control, so the question of whether or not it runs FOSS is a bit moot and in any case impossible to verify.
In terms of privacy-respecting email hosting, Proton, Posteo, and Mailbox all spring to mind.
Looks great, well done.
Personally, the deb
-related annoyance that I have encountered most often in recent years is that there is an APT repo but I have to jump thru hoops to add it. An example is signal-desktop
, where the handy one-click installation goes like this:
# 1. Install our official public software signing key:
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# 2. Add our repository to your list of repositories:
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
sudo tee /etc/apt/sources.list.d/signal-xenial.list
# 3. Update your package database and install Signal:
sudo apt update && sudo apt install signal-desktop
Why does Debian-Ubuntu not provide a simple command for this? Yes there is add-apt-repository
but for some reason it doesn’t deal with keys. I’ve had to deal with this PITA on multiple occasions, what’s up with this?
Sure, but in that case the default encryption could easily be switched off for multiple-drive setups. Basically, the default setting is what’s important.
Ha! Just checked and it turns out this is the exact line that’s already in my screenshot script. Which apparently I pilfered without trying very hard to understand - as usual! Can confirm it works great.
its just never on by default
Except PopOS, as I understand it. IMO that is a major point in its favor and against its competitors, given the dominance of laptops today. I see no reason why this is still opt-in, rather than opt-out as on mobile OSs.
Alas no but from your screenshot I learned all about grim
. Thanks!
Useful to know, thanks.
For the record, I once had a bad experience with the Debian installer’s version. That is why I will not be trying Debian again. Installation is a moment of vulnerability, when you don’t have ready access to your data, or the network, and this is one extra factor. IMO it really is non-negotiable for a distro to provide a bulletproof installation experience.
To add to the comments, most distros do not offer FDE by default when installing. You have to jump thru hoops. No idea why this is still the case given how many consumer computers are laptops these days, it seems crazy.
The big exception seems to be PopOS, an Ubuntu derivative which is intended for laptops. FDE by default so it must be pretty easy to get that up and running.
Ubuntu itself has a solid FDE option on install, too. It sets up the LVM configuration as already described, no expertise needed. And IME works very reliably.
Just to offset the predictable groupthink in this thread: Ubuntu is fine. In my experience it is rock solid and has been for years. Doubly true for the LTS versions. Yes there there is the slightly troublesome issue of Snaps and the even smaller one of self-advertising. But IME the installer is very solid and that is a crucially important issue for prospective normie users. Ubuntu is still a flagship distro and IMO it now deserves more love than it is getting.
Sure.
wn=$(nmcli dev wifi list | fzf)
ssid="$(echo $wn | awk '{print $2}')"
read -e -p "Password: " pw
nmcli dev wifi connect "$ssid" password $pw
Agreed. But for such a simple tool I find it so ugly and unintuitive that I ended up rolling my own 3-line script using nmcli
and fzf
that does exactly the same thing more logically and in less keystrokes.
Can confirm. I have used one or the other exclusively for 20 years. Mostly on laptops. And these days with just a tiling window manager and terminal.
It just works.