OpenBSD admin and ports maintainer
Unless you want to tell me that the Android kernel is the first OS kernel without bugs, it takes at the very least one bug to be left intentionally unfixed and shared with the feds to introduce a backdoor. I wouldn't consider it infeasible with how large the android kernel is, and how high a barrier of entry kernel dev is. If the bug is found, just move to the next one. Normally I wouldn't be so paranoid, but this is Google we're dealing with, on one of, if not the most popular kernels on the planet.
Your ability to ride the fence is admirable OP, don't let anyone take it from you 🙏
postmarketOS, native, on pinephone. There's a few mobile devices these days that can run mobile Linux.
you sure you didn't mean to post this in !techtakes@awful.systems?
I don't trust the google kernel when it comes to privacy or security. You think with how many people use Android and with how bad actors Google are they wouldn't put a backdoor somewhere?
I run a real linux on my phone, so I can use it for anything I can use my laptop/desktop/unix for. I think what people forget is that phones are ultimately just computers with a WWAN radio, and the restrictive nature of Android and especially iOS obfuscate that.
Or even better, write userscripts that can be used anywhere instead of inside some non portable extensions framework
Watch out Girl
, just because FISH
can breath underwater doesn't mean you can!!!
Watch out Girl
, if your hair stands up like that, it means you're about to be struck by lightning!
Set your system-wide DNS to a provider in a country with better privacy laws. I use quad9. Disable DNS over HTTPS (DoH) in Firefox if you have it enabled, as it sends DNS queries to cloudflare, which may be even worse than sending your DNS queries to your default ISP servers (also disable DNS prefetch). If you're hosting a DNS server, you can also set up a DNS blocklist if you use something like unbound or unwind.
I would get away from proton, they're too popular and too much of a target, and most critically they fucked over a climate protestor, and then removed "we do not keep any IP logs" from their privacy policy. If they're willing to lie about that, what else are they willing to lie about? If you want a fun project, set up your own mail server. Easy (relatively speaking) to do on OpenBSD with a cheap VPS provider like buyvm. Password manager is easy enough to write yourself with an openssl script, or you can use some other open source password manager if you hate scripting. Storage should be cheaper on a VPS than whatever proton is providing, and you can even host your own VPN (though this has potential to be easily routed back to you unless you serve multiple users with your VPN).
Disable javascript everywhere you don't need it. I use qutebrowser, and javascript is disabled by default, and I only reluctantly enable it per-domain when I absolutely have to.
Use 3rd party open source clients for propietary apps, or move to open source ecosystems (like lemmy!).
I would get off of Android all together, and switch to a real Linux phone, if you can tolerate the jank. I don't trust Google not to put a backdoor in the Android kernel (which forked all the way back at Linux 2.something). You could also try switching to a dumb phone, but those still run some amount of spooky blackbox software and I wouldn't totally trust it from any major phone manufacturer.
First off: Can’t switch to Linux, Windows is a work requirement. Please spare me.
Did they give you a very funny reason for this requirement, or is it just some windows exclusive garbage that doesn't work in wine?
Roko's Basilisk / Pascal's Wager scared me for a little while. Then I realized it was stupid.
Also you can invert Pascal's Wager and argue that god could not want to be worshipped, and worshipping a god result in punishment due to celebrating ignorance and blind faith.
Friends don't let friends use IBM software.
Just make the file root owned and readable by no one. An unreadable file can't be copied. You can use chattr
to add some flags like immutability if you desire (shouldn't really need to). Use a command like find /some/path -type f -exec chattr whatever {} \;
if you need to do this recursively. Root account should need a password, and should (hopefully) not be accessable with an unprivileged user's password through sudo
/doas
, but on its own account with it's own password using su
or login
.
Note that without encrypting the file, this does not protect you from someone just grabbing your storage device and mounting it with root permissions and then they can do whatever they want with your data. It also doesn't protect you if someone gets root access to your device through other remote means. If you want to encrypt the file, use something like openssl some-cipher -k 'your password' -in file -out file.cipher_ext
. If you want to encrypt multiple files, put them in a tar
ball and encrypt the tarball. You can again also use find
with openssl
to encrypt/decrypt recursively if you don't want to use a tarball, which may be better with ciphers like blowfish that aren't secure at large file sizes; but if you do that, you expose your encrypted file system structure to attackers.
I am not a fan of full disk encryption, because it usually means leaving all your data decrypted during runtime with how most people use it. If you only decrypt a block device when you need to, there's nothing wrong with that, and can work as an alternative to encrypting a tarball.
"not surprised they all died shortly after this"
Flatpak's usecase for me is Alpine Linux and other distributions that use musl or other libc implementations. I don't love it, I think its cli interface and the way you add flatpak servers to be obtuse and annoying, but it is useful for getting glibc dependent software.
Both of them are probably in your distribution repository, dcss may be packaged as "crawl" or "stone-soup".
Easier question: Which marketing tactics DO you like?
I like Steam's discovery queue, sometimes I find some pretty interesting stuff. It's entirely voluntary, and I can leave at any time, instead of holding my time ransom and demanding my attention with annoying cringe-inducing content like most marketing.