Max-P

There’s YaCy. I’ve run a node for a while but it ended up filling up my server’s drive just indexing german wikipedia and the results were terrible.

And it’s still not private because you have to broadcast the query across the network.

The main issue you’ll run into is nicher proprietary software being hard to install, but that’s what containers are for. The main one I see is if you need to install some proprietary VPN client it gets annoying, but since you’ll be running a VM anyway you can do some network trickery. My work’s antivirus only works on Ubuntu and RHEL, proprietary kernel modules so it’s got to be at least one of those kernels.

Linux is Linux, nothing’s impossible to solve even with Bazzite’s immutability. Worst comes to worst you make your own images and it’s not that hard, you basically just fork it on GitHub and let the CI do its thing.

But do you have time to fiddle to make it work and take the risk, or do you want to play it safe? How confident are you with Bazzite’s more advanced topics?

Wine has always done that, last seen on Plasma 5 (I switched to Wayland with Plasma 6), and I remember that being a thing way back in 2007 too. Valved patched the scaling in Proton as well I believe so that might be why it didn’t do that.

It behaves how fullscreen apps work on Windows, takes over your whole display and messes with the resolution and all.

It’s supposed to scale correctly, but otherwise Gamescope will take care of that particular issue.

Kinda annoying on Xorg when the game just decides my screen should be 800x600 and then proceeds to crash and leave me at 800x600 on a 4K display with scaling set to 200%.

It seems to have picked up “circle” as the distro. You’ll need to replace that with the matching Ubuntu or Debian version of what this version of ElementaryOS is.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

I think that’s what Friendica is supposed to be, decentralized Facebook.

LDAC works just fine on Linux, but may be a different package or repo since it’s somewhat proprietary. Just worked out of the box for me on Arch.

I also wanted to put an emphasis on how working with virtual disks is very much the same as real ones. Same well known utilities to copy partitions work perfectly fine. Same cgdisk/parted and dd dance as you otherwise would.

Technically if you install the arch-install-scripts package on your host, you can even install ArchLinux into a VM exactly as if you were in archiso with the comfort of your desktop environment and browser. Straight up pacstrap it directly into the virtual disk.

Even crazier is, NBD (Network Block Device) is generic so it’s not even limited to disk images. You can forward a whole ass drive from another computer over WiFi and do what you need on it, even pass it to a VM boot it up.

With enough fuckery you could even wrap the partition in a fake partition table and boot the VM off the actual partition and make it bootable by both the host and the VM at the same time.

What you’re trying to do is called a P2V (Physical to Virtual). You want to directly copy the partition as going through a file share via Linux will definitely strip some metadata Windows wants on those files.

First, make a disk image that’s big enough to hold the whole partition and 1-2 GB extra for the ESP:

qemu-img create -f qcow2 YourDiskImageName.qcow2 300G

Then you can make the image behave like a real disk using qemu-nbd:

sudo modprobe nbd
sudo qemu-nbd -c /dev/nbd0 YourDiskImageName.qcow2

At this point, the disk image behaves like any other disk at /dev/nbd0.

From there create a partition table, you can use cgdisk or parted or even the GUI GParted will work on it.

And finally, copy the partition over with dd:

sudo dd if=/dev/sdb3 of=/dev/nbd0p2 bs=4M status=progress

You can also copy the ESP/boot partition as well so the bootloader works.

Finally once you’re done with the disk image, unload it:

sudo qemu-nbd -d /dev/nbd0

I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.

Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.

At least it’s open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/

And that’d be why custom roms have it. It’s part of the base Android system.

The default behaviour for SIGTERM (and most other signals) when unhandled is to terminate the process, so you might as well be sending SIGKILL. It won’t keep running unless specifically coded to catch the signal and do nothing with it.

A lot of GUI apps unfortunately don’t catch SIGTERM, so it doesn’t make much of a difference. A lot of them put their “exited normally” into the “the window was closed” handler.

For GQRX that might even be intentional, it’s very unstable at times, and you do kill it pretty often. So they probably assume if it got SIGTERM, it was frozen and the WM offered the user to kill it and clicked yes.

The votes are public. Kbin displays them right in the UI. Lemmy semi-hides it, but it’s never been designed to be private in any way.

Changing instance won’t do shit if that’s a concern to you. As an admin I can see them even if my instance isn’t involved with the post at all:

Overlay2 support is really nice. I had to use the ZFS driver for it and boy does it pollute your zfs list output.

Also pretty excited about the user properties, it's gonna make initramfs mounting a lot easier over the somewhat buggy parsing of the output of zfs list. Same for encrypted home directories, now I can set a custom user property on them to easily enumerate what my PAM script is supposed to mount/unmount with the user password instead of hardcoded paths.