IlliteratiDomine

joined 1 year ago
[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

There are many ways to setups full disk encryption on Linux, but the most common all involve LUKS. Providing a password at mount (during boot, for a root partition or perhaps later for a "data" volume) is a but more secure and more frequently done, but you can also use things like smart cards (like a Yubikey) or a keyfile (basically a file as the password rather than typed in) to decrypt.

So, to actually answer your question, if you dont want to type passwords and are okay with the security implementations of storing the key with/near the system, putting a keyfile on removable storage that normally stays plugged in but can be removed to secure your disks is a common compromise. Here's an approachable article about it.

Search terms: "luks", " keyfile", "evil maid"

[–] [email protected] 2 points 11 months ago

If you're rooted, the BCR magisk module is an option. Working great on my Pixel.

[–] [email protected] 2 points 1 year ago (2 children)

OP isn't trying to install into the downloads folder; they're trying to grant an app access to the downloads folder to read and write data.

[–] [email protected] -1 points 1 year ago

I'd be interested in utilization data before and after that change. Anecdotally, I use Signal much less after SMS was removed. With one app, I could opportunistically use Signal, when the other person had it, and send an SMS otherwise. Now I have to decide what kind of message to send before opening an app and learning my options. Most of those quick messages have moved back to SMS for me.

[–] [email protected] 2 points 1 year ago

I made that move and had no issues. You can copy/paste your way through DNS setup and the rest is just configuring your proton account how you want.

You'll want to be familiar with proton and some of the tradeoffs in its privacy model, but it's most likely more feature-full than a hosting provider. Dreamhost, for one, is quite basic.

[–] [email protected] 2 points 1 year ago

Most self-hosters are probably using dns services through their registrar, but you don't have to. A registrar with poor api support might still be a good choice, if that was the only negative.

[–] [email protected] 3 points 1 year ago

Well, I'm back and can confirm the sneaky DNS resolver. I have two roku devices and they both were making requests to 8.8.8.8.

Thanks for this post! TIL.

[–] [email protected] 9 points 1 year ago (5 children)

Interesting. I set an adblocking dns via DHCP and, as far as I know, the Roku respects it. Ads are blocked and I can see it failing to delivery telemetry in my dns logs (most persistent thing on the network).

I set a rule to catch outside dns to see if anything, the roku included, has been misbehaving.

[–] [email protected] 5 points 1 year ago

Here's twitters ad revenue by quarter from 2013 to 2022Q2

There's a spike in 2021 and then things started to come back to earth, but its an overall upward trend throughout that time.

[–] [email protected] 2 points 1 year ago

I do and it works great! I mostly did this to limit the blast radius of breaches, but aliases also provide an easy way to send those kinds of things to both me and my spouse.

view more: next ›