deleted by creator
deleted by creator
Yeah, I’m confused by this video (which is from nearly a year ago, btw). It looks like a gnome shell overview more than anything.
Well good thing I finally realized it wasn’t enabled and set my environment variables to enable it.
I’ve run plain ol’ openbox without a desktop environment on top of it, and it’s quite nice. IIRC I also had a standalone status bar application, but I can’t remember which one I used.
There are a couple utility programs (obconf and obkey?) that help to configure everything comfortably.
Based, mostly
And even then, a properly configured SSHD instance wouldn’t really benefit from a firewall, unless you wanted to block all countries besides your own or something.
Every computer has a bunch of ports (1-65535 if I recall correctly), each of which is a unique entity to which a single service can bind. In layman’s terms, a port is a door that one service is able to answer when someone knocks. By convention, some ports have a specific associated service (80 = HTTP, 443 = HTTPS, 22 = SSH), but there are a lot that you can just use as you deem appropriate.
If you want a service (e.g. a web server) to be accessible, you have to run a service that binds to a known port (e.g. 80), and a client has to reach out to your server on that same port. A firewall sits between your service(s) and any potential clients, much like those steel security screen doors. If that’s closed, nobody gets through on that port, even if a service is bound to that port and is listening for a connection.
As a general rule of thumb, you want your firewall to block as much traffic as possible without breaking something (I.e. blocking one of your public-facing services). If you don’t run any services on your computer (web services, media servers, etc.), you can probably get away with blocking all inbound traffic. without any discernable impact.
Khal looks promising:
I’m going to cast another vote for a reverse proxy, such as NginxProxyManager. It’s really easy to set everything up, and they’re usually very easy to run in Docker/Podman.
One thing to note: if you end up with a domain with mandatory HSTS, you’ll have to use DNS-based certificate generation rather than HTTP based, since unencrypted HTTP is blocked (chicken/egg problem to get HTTPS working). It’s not hard, but you have to be aware of that limitation.
Ah, I’ve almost always used a single monitor setup, so my use case wasn’t weird enough to break X11. That said. Even Wayland is wonky on my multi monitor setup at work, though that’s probably more a GNOME thing than a Wayland thing.
I do still think the approach they took with Wayland is a tad odd, in that everyone has to implement it themselves. But hey, if it works, it works.
old
Old doesn’t mean bad
broken
Is it?
unmaintained
Is it?
I use Wayland personally, but I’ve had almost zero issues with X in the last decade, maybe with the exception of minor screen tearing several years back.
The build approval process actually stripped out all comments via a script.
Thanks, Satan.
Or create a service running with limited access to specific resources, and create an API for users to make requests to that service.
Actually, thinking more about this…
Can you give an example of this grub cmdline bypass? If what you're saying is true, this would be a huge issue. I'd switch bootloaders over something like this.
Though after a point rubber hose cryptanalysis will become the more pragmatic option for an attacker.
That doesn't sound trivial at all.
Once that key is loaded in memory anyone with 10 minutes and access to google could trivially unlock your computer in several different ways. It is virtually exactly like having no security whatsoever.
I highly doubt it.
If you have any tips for how I can personally bypass my computer's encryption in 10 minutes without being able to login, I'd love to try my hand at it.
Very true, which is why it's important to run as few services and have a locked down firewall. Maintaining a minimal attack surface is everything.
How so? The data is still encrypted on the drive after boot, so unless your machine also automatically logs you in, there shouldn't be anything to worry about.
Bonus when you disable software flow control: In addition to Ctrl+r to reverse search through commands, you can search forward via Ctrl+s