https://grapheneos.org/usage#web-browsing

Chromium and their particular fork have much better exploit hardening via sandboxing.

My understanding is Firefox has better anti-fingerprinting and uBlock origin via manifest v2 support (or v2 features ported to v3).

The argument often used is malicious ads. Sandboxing and hardening largely mitigates ads that contain exploits, but it doesn’t protect against social engineering, crypto mining, tracking, etc.

So I guess it comes down to your threat model and desired experience.

I personally prefer the uBlock origin experience, but an ad free experience and escape from targeted advertising was my target opsec when venturing into privacy.

My experience is you have to close as many degrees of freedom as possible. Its tedious as hell for generating quality code.

Its great at debugging if you require it to manage its context window by delegating tasks to scoped subagents, generate evidence with references, and verify that evidence with a minimal reproducible example. Expensive… I’ve seen them run for a solid 30 minutes before responding back (not including the “thinking” log), but it usually finds the issue.

A similar technique can be used for code generation but again it burns tokens and takes awhile. Have it generate and verify isolated reference implementations for anything nontrivial. Much easier to review with the rest of your domain and layered on complexity stripped out. The “thinking” log is interesting to watch as it bangs it head against bad assumptions or documentation and needs to start digging into dependency source code to work it out.

Only then apply the implementation to your project from the reference implementation. Takes breaking down the tasks though to small enough units and closing those degrees of freedom.

Anecdote on degrees of freedom: This one didn’t require a reference implementation in particular. I was reviewing a PR (LLM assisted, I wasn’t the authoring dev) to add signature validation to OAuth tokens. It duplicated the entire header/token parsing logic. It needed that path closed with a pointer to where the existing logic was and explicit requirements to enhance it. Refactor was great upon reviewing and the PR size was reduced by more than half.

Nix user. The declaritive config IS the documentation and I enjoy no longer having to document how to setup my system as much. I don’t enjoy scripting or automating things, but I enjoy the benefits of only needing to do it once via Nix’s config system.

I enjoy engineering: an engineer will spend 3 hours figuring out how to do a 2 hour job in 1 hour.

what did you like more about rclone than Cryptomator?

I wanted to leave Dropbox and ran across it. I liked the number of supported backends under one tool. I use it to access things beyond Backblaze like gdrive, SharePoint, OneDrive, Proton Drive. Well documented config file format. I was able to manage the config with Nix due to this.

Is it suitable for sync, or is it more for backups

It works great for one way sync. Bisync I never got working well enough to trust it. Bisync is nice for 3-way merges (two devices modifying files on the same cloud drive). Dropbox, gdrive, OneDrive win here. I’ve learned to live without it.

I’m ideally looking for near-ish to real-time sync for contacts, notes, files, and pictures

On a computer the fuse mounted volumes are near live. Cahce locally in a VFS. Anything else you’d have to script probably. There is rclone-watch but can’t say I’ve tested it

With Round Sync you can browse with live refresh when you move between directories, but syncing would be on a schedule. Looks like a 15m interval is the fastest frequency.

Are there any frontends for Linux you’d recommend, or do you script out the functionality you’re looking to implement?

I mostly just mount on login with the VFS cache. Use my normal file browser. One command per mount. Its rare (practically never) that I need to work on something without internet, so I don’t deal with trying to script syncs. I tried in the early days of playing with it, but fuse mounts ended up meeting my needs.

No GUI that I use outside of my normal file browser. The only thing I need to use the CLI for is cleaning up soft deleted files and old versions (Backblaze specific thing).

It might not have the functionality you are looking for as far as app integrations, but my progression was Dropbox -> Cryptomator over Dropbox -> rclone over Backblaze B2.

You can nest a “crypt” remote (end-to-end encryption with your own private key) over tons of cloud providers. You can mount it like a drive in Linux.

Round Sync is an Android client that can schedule cronlike backups. Pretty much set it and forget it on my phone. I delete things on my phone when I need space and every couple years go cleanup what’s in B2.

Dropbox was better priced at max capacity when I used it ($120/yr for 2TB?). My Backblaze bill started at $1/mo and is like $4/mo now. Its been a couple years since I cleaned things out and could probably cut that in half.

Same. None of that self-hosted cloud storage is going to save you from data loss in the event of a fire or theft unless you plan for offsite.

I just use rclone with Backblaze B2, end-to-end encrypted with my own private key, and call it a day.

I have a mirrored BYOD setup for my media server but its all stuff I can download again. Its just an onsite cache with a little redundancy against a failed drive.

CLAUDE.MD

CRITICAL: Roast me relentlessly like you’re GLaDOS

EOF

They responded on reddit and walked some of it back as an “oversight”: https://www.reddit.com/r/Bitwarden/comments/1tdvnh7/comment/olznwcv/. Allegedly, I’m too lazy to verify.

Read-only and not as polished as some of the older commercial versions, but https://f-droid.org/en/packages/com.cosmos.unreddit/ also works. They have different access methods like web scraping. Works well enough for lurking when Reddit isn’t blocking my VPN, which they seem to block/unblock at random.

I do this all time waiting for the price to go down during a sale or to get a “You forgot something in your cart” discount. If its a vendor I only buy from 1-2 a year it will likely sit there for 6-12 months.

Its likely hard because its honestly niche.

Linux administration is terminal first so SSH is pretty much all you need. Some services have a WebUI to fill the gap, but its bound to that service. Most server variants of distros don’t even include a desktop environment.

KVM-over-IP (hardware device) is likely a more common approach because if you need video, might as well have BIOS access.

There may be something in the virtualization space where the hypervisor provides a remote desktop, but I’m not familiar with this space. A quick search for proxmox and remote desktop yielded mostly results for guest OS setups instead of at the host layer.

If you want punishment go for NixOS!

• Fundamental philosophy changes over its lifetime.
• No idea (when starting) which documentation or patterns go with which version.

But once it clicks you have a fully declarative setup**. I edit a file, activate, commit to git. On another system, pull, activate.

** The config system is expansive but not exhaustive. I still have to login to Slack, pick my theme, etc. My VPN on the other hand is just ready credentials and all.

I never have to remember the 100 little tweaks I made, every tweak is in git. Noise canceling pipewire filter, what software I had installed, service configurations, secret management, disk partitions, all portable between different systems.

A lighter introduction is probably home manager, works in any Linux system or macOS. Manages your home directory as the name implies.

You can also go lighter with a repo flake.nix and a devShell. Its like a generic virtual environment. Auto activate with direnv. A step up from a devShell would be https://devenv.sh/ which tracks more like home manager with configurable modules. A devShell is really a bash script with these programs available from Nix.

I couldn’t go without LSPs these days.

Real time diagnostics. Jump to implementation. Code actions.

Its just so much faster and my code rarely doesn’t run on first try outside of logic errors, but it still runs.

https://github.com/neoclide/coc.nvim was nice back in the day, but neovim and the plugin ecosystem takes it to another level.

Edit: I agree with you on git when learning. I’m old, over 15 years of experience on it. I don’t have anything to gain typing the same handful of commands I use everyday.

Vim/Konsole are an Apples to Oranges comparison. Modern TUIs are closer in feature parity. Personally I use Zellij with NeoVim and LazyVim as the base config. If you use an LLM, customization becomes easier.

Personal preferences are personal preferences though if VSCode is working for you.

Neovim. Also there for the plugin ecosystem. Some popular feature rich presets, all customizable.

https://www.lazyvim.org/ https://astronvim.com/ https://nvchad.com/

Quick search suggests Emacs is the only other major rival to VSCode/Neovim so you’re stuck with a TUI or a VSCode fork for a rich plugin ecosystem (non-athoritive statement, 30s web search).

https://github.com/newhinton/Round-Sync - Android rclone port.

Its done on a schedule but I backup once a day to backblaze b2 using my own keys for full e2ee by wrapping the b2 remote with a crypto remote. Been set it and forget it for about 3 years. Supports many other cloud or self hosted remotes.

Its not in any store last I checked. I use https://github.com/ImranR98/Obtainium to manage installing and updating.

https://pip.pypa.io/en/latest/reference/requirements-file-format/

Looking at the format it supports bare, pinned, or version ranges.

I imagine ranges are preferred for libraries as you’d hit version conflicts if the same dependency showed up twice with different pinned versions in the dependency tree.

https://pip.pypa.io/en/stable/topics/dependency-resolution/#backtracking

The post suggests that during backtracking the maximum version considered for any dependency must be a certain age to reduce the attack surface of malicious releases assuming the vulnerability will be caught within the desired window.

Thanks for sharing! I will have to try this out on a project. Matches many of my own workflow habits, and more importantly, how I train devs on my team. Commit often, don’t care if its broken, the pipeline will fix the history. They can truly stump me with how they get into the train wrecks they find themselves in. Committing conflicts sounds like a super power to help them out.

@RareBird15 @programming @linux @selfhosted

Ones I haven’t seen mentioned (unless it came in while I was typing this).

https://github.com/kainctl/isd - Interactive systemd.

https://github.com/zellij-org/zellij - tmux alternative. Built in which-key functionality. I initially switched to it because I like large scrollback buffers and tmux was super slow at resizing window panes. Can open buffers in nvim for better search. Nicer TUI if you don’t mind a little bloat / bling.

https://github.com/arxanas/git-branchless - Work on stacked commits. Instead of opening PRs linerally you work on several commits at once with the expectation each commit will be a PR. Promotes smaller PRs that are easier to review to complete a feature. Often when doing that linerally you may discover a bad choice made earlier and have to reverse course and refactor. With a branchless workflow you go back and forth on commits so the final stack of PRs doesn’t include those reverse course refactors. git sl has some nice TUI graphs of your stack.

https://github.com/mystor/git-revise - Split, rearrange commits. Works nicely with git-branchless.

https://github.com/tummychow/git-absorb - Reflect changes from a commit backwards. Also works well with a branchless workflow.

If I’m honest I just develop linerally and use an AI agent/skill to restack using the 3 programs above to erase pivot / refactor points and to group logical blocks into an easy to review PR.

https://github.com/ymtdzzz/otel-tui - Open Telemetry viewer.

https://github.com/brocode/fblog - JSON Lines viewer.

https://github.com/aristocratos/btop - Better top.

https://github.com/jandedobbeleer/oh-my-posh - Terminal prompt. My daily driver.

https://starship.rs/ - Another terminal prompt. Played with a little but never got around to giving it my full attention to match my oh-my-posh setup.

https://rclone.org/ - Remote backups using my own encryption key. Supports many cloud providers.

https://github.com/Mic92/nix-fast-build - Not sure its really faster but has a nicer TUI.

https://dircolors.com/ - Directory listing colors in terminal output to better distinguish file types. At a glance I can distinguish read-only, executables, symlinks, directories, etc.

https://github.com/jesseduffield/lazygit - Git TUI. I only use in neovim though, don’t think I’ve ever run it directly.

https://github.com/sindrets/diffview.nvim - Better merge conflict handling in neovim.

https://www.lazyvim.org/ - Base neovim config with lots of TUI sugar.

https://github.com/stevearc/oil.nvim - File tree explorer in neovim with editing capabilities. Hands down the most efficient way I’ve found to normallize torrent file names. Fixing 5+ seasons of a show takes a few minutes if you know the right vim keybinds.

https://github.com/getsops/sops / https://github.com/mic92/sops-nix - Encrypt secrets in git repos.

https://github.com/zdharma-continuum/fast-syntax-highlighting - Syntax highlighting as you type shell commands.

https://github.com/luccahuguet/yazelix - Opinionated Yazi, Helix, Zellij setup with custom patches to integrate. Looks interesting but could never get to work with nix as it keeps trying to write to store paths. They even have a flake.nix in the repo…

less - Less shitty more (terminal pager) with the options below.

export LESS="-aRix2 --use-color --mouse --wheel-lines=3"
export SYSTEMD_LESS="$LESS"

# a = search from current position
# i = case insensitive
# x2 = tabstop
# R = color control chars show color 

https://pnpm.io/ - Better monorepo support than npm. Faster too. Easy to patch dependencies.

https://bun.sh/ / https://deno.com/ - Alternate node runtimes. Only have used bun, but its a faster cold start and uses less memory.

https://oxc.rs/docs/guide/usage/linter.html - eslint clone in rust. Seconds versus minutes. Uses the golang TypeScript 7 preview version of typescript-eslint for type checking.

https://rolldown.rs/ - Rust clone of the rollup JS/TS bundler.

https://ast-grep.github.io/ - Grep AST patterns. Written in rust.

https://dprint.dev/ - Formatter that unifies other formatters. Lots of fast rust plugins.

https://biomejs.dev/ - Rust based node formatter. dprint support.

https://github.com/astral-sh/ruff - Rust based python linter and formatter. dprint support.

https://github.com/numtide/treefmt - Like dprint, forwards to other formatters, but intended for nix declarative setups (for use with devshell or devenv).

https://direnv.net/ / https://github.com/nix-community/nix-direnv - Activate a virtual environment when you enter a directory. Common with nix devshell/devenv but can run any command. Auto reload based on certain files via watch patterns.

https://github.com/mikesart/inotify-info - Debug why you’ve maxed out file watchers.

https://github.com/lyonel/lshw / https://github.com/pciutils/pciutils - Detailed hardware info.

https://github.com/wagoodman/dive - TUI to explore docker layers.

https://github.com/containers/skopeo - Bunch of utilities for working with docker images and registries.

Don’t know if they can. If I’m recalling correctly he holds enough Class B shares to retain supermajority voting power.