CoyoteFacts

I feel like it’s 50/50 if that means that Bcachefs will be ejected from the kernel or if Linus is going to stop dealing with Kent somehow. I’m just not sure if Linus would leave Bcachefs people stranded on mainline? Hopefully this is for the best in any case; I’m very interested in seeing Bcachefs succeed, but the way Kent interacts with Linus is clearly getting in the way of productivity for everyone. If Bcachefs needs to go against the kernel schedule so often then it’s probably not a good fit for mainline. Also, the way Kent continues to refuse humility even after this message really shows that this will never be resolved politely.

This video has a lot of self-hosting and somewhat advanced stuff being mentioned, but if all you want to do is start dipping your toe into Linux then it’s not nearly as hard as you’d think. I would try running Linux in a VM (i.e. VirtualBox) to get a feel for how it operates and build up confidence that way, as well as maybe watching some videos on how people set up and use their Linux etc. It will be a learning curve, but as long as you pick a beginner-friendly distro (e.g. Linux Mint) it’s really no more difficult than if you started using Windows for the first time. Keep backups of your data and/or put Linux on a secondary computer and you should weather the initial few weeks just fine.

On the upside, when you have problems in Linux there will be logical solutions with answers that can be searched for, whereas in an OS like Windows or Mac the solution is probably “I dunno! Reinstall?” or “You just can’t do that, sorry”. It’s also understandable if you don’t want to touch anything complicated, but I do think one of the best parts of Linux is really just getting messy, making mistakes, and learning. Because things in Linux make sense, over time you’ll learn how to use a computer again. I feel strongly that Windows/Mac/Android/iPhones have (intentionally) dulled the average person’s computing skills and put them into a state of learned helplessness. Everyone thinks computers are complicated wizardry because nothing on those proprietary operating systems makes logical sense, and trying to troubleshoot anything results in wasted time and frustration.

Pretty good video. It’s not like he explains how to do anything or even picks very good software to begin with, but his genuine excitement is really all that’s required. Getting people interested is the important part, and they’ll learn much better by using their own motivation. This video also gives off a strong “I’m an idiot, and if I can do it you can do it” vibe which can be really reassuring to those who are just too intimidated to even dip their toe in.

That really seems like a structural problem to me. Break it out into more-focused teams, signify important people whose messages you should pay attention to, or use threads to consolidate topics. If those things aren’t being done and there’s just 50+ people dumping information then the information can’t be deemed important. Adding AI to patch the issue is poor management at best and introducing poisoned information at worst.

I know this is not a unique sentiment by any means, but it makes me legitimately angry to think of participating in a conversation where someone else is using this. If you don’t want to read my messages why are we even connecting; imagine clicking “summarize” on someone genuinely trying to talk to you. “Sorry, the AI hallucinated that you were going to finish the rest of the assignment tonight.” and a year later “Sorry, I forgot all the nuances of who you are as a person because an AI didn’t think they were relevant.”

I’m used to LanguageTool, and at a glance it seems like Harper covers way fewer rules than LanguageTool does. Not sure if this is actually noticeable in practice, but I run my own LanguageTool server and am not too picky about the performance, so I’m not in a rush to move until someone figures out a good way to compare them. LanguageTool’s rules are all open source at least, so it’s only a matter of time before Harper gets anything it might be missing.

As a commenter on that post says, this sort of talk is also common in the comments of Phoronix articles. The commenter says they’ve completely stopped supporting Phoronix since it’s clear that Michael enables this behavior by not moderating it (the least he could do is disable commenting; the type of people that are in the Phoronix comments are the absolute worst). It’s been festering for a very long time, unfortunately. Click any Phoronix article that’s older than a day and check the negativity. Worse, click an article about a controversial topic like X11/Wayland/Systemd/bcachefs/KDE/GNOME/etc. and it’s just a shitshow.

I’ve been seeing it to a lesser degree here as well. I don’t know what it is about X11 that really riles up the conspiracy theorists.

Mailbox.org is a good pick to consider IMO. You can read some comparisons on PrivacyGuides, which I also recommend as a starting point for these sorts of topics. The mailbox.org web UI is not great, but it allows IMAP/SMTP access, so I use Thunderbird on both desktop and Android in order to interact with my inbox. My inbox is auto-encrypted with PGP using their Mailbox Guard thing, so my emails are all encrypted garbage on the web UI anyway. Mailbox.org only allows paid-for accounts, but considering the annoying stuff that Proton and Tuta do to their free accounts I’d rather just be honest about the service I’m getting. It allows auto-forwarding directly in the web UI, but given that you can hook up to it with IMAP anyway, it’s not like you couldn’t just do it yourself.

(Also, as another comment said I also recommend DuckDuckGo’s Email Protection for email aliasing if you need it.)

The straw that broke the camel’s back for me is the CEO’s icky tweet about how great Republicans are for your privacy and how they stand up for the little guys (what), which they doubled down on using the official Reddit Proton account. There’s already been a ton of discussion about this on the internet if you care to look for more angles on it.

But before that I’d already grown quite leery of them for their trend of endlessly starting new services before the old ones are polished, along with trying to push everyone into their walled garden and endlessly using naggy popups in the UI about it. Worst of all, they have a clear trend of not giving a damn about Linux support, sometimes giving up on certain features for their Linux clients or releasing the clients way after the Windows/Mac versions. For a “privacy company”, not putting Linux as a first-class citizen is really just unacceptable, and they’ve been around for long enough that it’s clearly a trend and not a fluke. To me, Proton just feels like a wannabe version of Apple. Its continued actions give me the feeling that it exists to serve itself, not its users.

I don’t support Proton for other reasons, but I’ll note that if anyone is having this problem you can use a half-measure of setting your other email address as a recovery email and enabling “daily email notifications”, which will email you once a day if there’s unread stuff in your Proton mailbox.

I’m a big fan of btop, and probably a big chunk of that is that the default configuration is useful and very easy to understand. I can’t be bothered to spend hours configuring a monitoring app and learning obscure keyboard shortcuts to navigate it; if I’m opening a system monitor it’s because I want info, not because I want to live in it.

Okay, but I did just find this game, and it’s a free game that I’m pretty sure already hit mega-popularity back a year ago, so I don’t know what advantage astroturfing on the tiny threadiverse would serve. I’ve just been having fun with it today and wanted to post about it somewhere.

Also consider that you’re adding another party that you need to trust to the chain, and also adding another point of failure if iodéOS stops releasing.

I’ve been using this a lot lately, and it’s been great after a bit of a learning curve. It even incorporates some of the functionality from the addons and userscripts that I needed for YouTube, like getting rid of clickbait titles/thumbnails and blocking specific channels. Since you never really have a tracking profile when using YouTube this way, it’s very obvious when YouTube is trying to shoe-horn in political channels and clickbait, and you can just continually keep blocking those channels in the recommended section until you get all of them. I’m still missing a way to boost the volume on certain videos that are too quiet for me, though. I use LibRedirect to auto-open YouTube links in FreeTube. FreeTube has occasionally broken because of YouTube API updates, which requires them to figure out the problem and push a new FreeTube release (which could take a day or more), but other than that I’m fairly happy with it.

I don’t have any experience with iCloud Private Relay, but I’d be surprised if enabling it will make you un-fingerprintable (in which case what are you really trying to accomplish by using it?). Also, who are you trying to stay private from? Do you personally believe that Apple and/or Cloudflare aren’t selling or trading your data? Would you be okay with them being the only ones that control your data if they’re not selling it? It’s a nuanced topic, and likely you’re the only one that can answer your position on that. It’s cliché, but defining a threat model can help a lot with deciding how many conveniences you are okay with giving up. I would likely argue that an Android phone with LineageOS can be made more private than an iPhone, but at the cost of security. Does your threat model need to sacrifice privacy for security?

Regarding iPhone vs Android, I’ve only ever used Android, but my friends with iPhones and Macs never seem to have access to the open-source software that I use and recommend, so I feel like that’s a big part to consider also. You’ll get roped into a proprietary ecosystem where it seems like every little app is trying to charge you money and won’t show you what it’s doing behind the scenes. If you already have an iPhone I’d understand if you need to weigh the economic feasibility of buying an entire new phone just for privacy as well.

Personally, I don’t really trust anything unless I’m given infallible reason to trust it, e.g. cryptographic proofs, audits, zero-trust models etc.; in this world it seems inevitable that someone will take advantage of your trust either today or tomorrow. If someone is truly on your side, they will do everything they can to take the need to trust them out of the equation, and failing that they should make it as clear as they can what trust is still mandatory and why. If you want to trust someone that doesn’t meet these standards, you do so basically at your own risk, and you’ll have to start doing some mental calculus on what they could get from you, what they might want it for, and how eager you think they would be to start misusing it (e.g., if you pay for a service, the servicer may feel less compelled to subsidize their income by selling your data).

I’m not a security expert by any means, but here are a few things I know as a regular user:

Always keep your system up-to-date and only download and execute software from the official Arch repository if you can help it. Malware often takes advantage of outdated systems that don’t have the latest security patches, so by staying as up-to-date as possible you’re making yourself a very difficult target. The AUR is a user-based repository and is not inherently trusted/maintained like the official Arch repos, so be careful and always read PKGBUILDs before you use AUR software. Don’t use AUR auto-updaters unless you’re reading the PKGBUILD changes every time. Ideally try not to use the AUR at all if you can help it; official Arch Linux is usually quite stable, but AUR software is often responsible for a lot of the “breakages” people tend to get with Arch. If you have to run sketchy software, use a virtual machine for it, as a 0-day VM escape is almost certainly not going to happen with any sort of malware you’d run into. ClamAV or VirusTotal may also help you scan specific files that you’re wary of, but I wouldn’t trust that a file is clean just because it passes an AV check. Also, never run anything as root unless you have a very specific reason, and even then try to use sudo instead of elevating to a full root shell.

Don’t open up any network ports on your system unless you absolutely have to, and if you’re opening an SSH port, make sure that it: isn’t the default port number, requires a keyfile for login, root cannot be logged into directly, and authentication attempts are limited to a low number. If you’re opening ports for other services, try to use Docker/Podman containers with minimal access to your system resources and not running in root mode. Also consider using something like CrowdSec or fail2ban for blocking bots crawling ports.

As far as finding out if you’re infected, I’m not sure if there’s a great way to know unless they immediately encrypt all your stuff and demand crypto. Malware could also come in the form of silent keyloggers (which you’d only find out about after you start getting your accounts hacked) or cryptocurrency miners/botnets (which probably attempt to hide their CPU/GPU usage while you’re actively using your computer). At the very least, you’re not likely to be hit by a sophisticated 0-day, so whatever malware you get on your computer probably wants something direct and uncomplicated from you.

Setting up a backup solution to a NAS running e.g. ZFS can help with preventing malware from pwning your important data, as a filesystem like ZFS can rollback its snapshots and just unencrypt the data again (even if it’s encrypted directly on the NAS). 2FA’ing your accounts (especially important ones like email) is a good way to prevent keyloggers from being able to repeat your username+password into a service and get access. Setting up a resource monitoring daemon can probably help you find out if you’re leaking resources to some kind of crypto miner, though I don’t have specific recommendations as I haven’t done this before.

In the case of what to do once you’re pwned, IMO the only real solution is to salvage and verify your data, wipe everything down, and reinstall. There’s no guarantee that the malware isn’t continually hiding itself somewhere, so trying to remove it yourself is probably not going to solve anything. If you follow all the above precautions and still get pwned, I’m fairly sure the malware will be news somewhere, and security experts may already be studying the malware’s behavior and giving tips on what to do as a resolution.

They could be you! They could be me! Admittedly, there’s a higher chance that it’s me.

This might be the funniest possible direction for this to go. Purported savior of X11 and anti-DEI dogwhistling developer writes X11 code so bad, asked to leave commit history.

It’s important to use services with a workflow that works for you; not every popular service is going to be a good fit for everyone. Find your balance between exhaustive categorization and meaningless pile of data, and make sure you’re getting more out than you’re putting in. If you do decide that an extensive amount of effort is worth it, make sure that the service in question is able to export your data in a data-rich format so that you won’t have to do it all again if you decide to move to a different tool.

Isn’t one of the problems with X that applications can log your keystrokes in other applications and record your screen? Obviously you shouldn’t be installing compromised software, but who knows if Borderlands 2 now includes some malicious code in its DRM or something.