Remembering (and inevitably) forgetting passwords for all your different accounts is inconvenient, frustrating, and arguably less secure than a randomly generated password unique to each account.

Additionally, it can be tempting to reuse passwords for multiple accounts, which is trouble when a less-than-reputable service that you used that password on is breached, since that password wasn’t unique.

If you use an open-source, tried and true password manager (Bitwarden, Vaultwarden, KeePassXC) and keep a passphrase unique to that password manager only, you avoid the problems above which are way more likely to occur than Bitwarden passwords getting breached in plaintext, or a security vulnerability to the KeePass database.

Plus, most password managers offer support for passkeys, which are easier to register/use than passwords. They usually only require a “verify with passkey” button on a given website.

Bottom line, password managers are probably (definitely) more secure than any other reasonable solution that anyone has come up with.

no. events and our decisions are abstracted far enough so that the illusion of free will is apparent. I think it’s very well impossible to fully distinguish between free will and fate from our limited perspective

other distributions should start having an option for this in the GUI installer, but it might be tricky for the average user

Arch Wiki has a guide on FDE using the TPM and it’s transparent in my everyday usage

some minor issues I see are:

• Secure Boot needing to be disabled then re-enabled during install for it to work as intended
• needing to write down a long backup passphrase, but this also happens on Windows and MacOS iirc

then don’t.

it’s not something your being forced to do. it’s the lifting of an unnecessary restriction that in turn gives you more power on your device.

and this is why uBlock origin is the be all end all of extensions.

Voyager on mobile, Photon on desktop

this is honestly the conclusion I’m getting to after trying out Lawnchair and Kvaesito, like others in this thread have recommended

this is what I do currently (GrapheneOS Network Permission), but I’m just curious if there are any other alternatives out there. it’s slightly easier to have trust the software I use from the get-go, not hinder it so it can be trusted, if that makes sense

I’m mostly fine with any launcher, as long as you can put apps in folders in the app launcher, as well as hiding some apps altogether. Lawnchair looks interesting and I’ll check it out

I agree that it looks dry in this photo, and that might have something to so with my camera + the lighting. The dosa pictured in reality is not very thin and crispy and is thick enough to make sure none of that sauce goes to waste.

Likewise, I know a lot of people that would for sure appreciate some chutney on the side, and I love making roti with this instead of dosa as well.

I personally don’t have it that way, but you have my word that none of the sauce goes to waste :)

Google cannot see any message content of Signal notifications through FCM. It’s more like a “heads up” to the Signal app, telling it “hey, there are new messsges. wake up and check what they are.”. The Signal app then checks for messages and does all the decrypting and whatnot itself.

While it’s possible that the timing of FCM telling the app to check for notifications could be used to correlate activity, that’s an edge case that if you are concerned about can be easily avoided by just using the background WebSocket or a fork of Signal like Molly that allows you to use a third-party UnifiedPush provider to check for messages in the background, instead of FCM.

I think the main difference is that the Play Store version can use FCM (Google Play Services) for notifications, while the APK Signal distributes only receives notifications over a background WebSocket connection.

Immich full stop, like everyone else has said. self hostable so as much storage as you can buy (and maintain backups of!), AI so you can search your photos like “sunset on beach”, and just rock solid, despite it “”“technically”“” still in pre-release stage

shred or alternatively you can zero out all the bytes in a drive with dd if=/dev/zero of=/dev/<DRIVE>

it’s great but doesn’t cover email, that you have to do yourself/with a provider

if you know/use docker, the solution that has been the most straightforward for me is SWAG. the setup process is fairly easy when combined with registering your domain with Porkbun, as they allow free API access needed for obtaining top-level (example.com) as well as wildcard (*.example.com) SSL certificates.

along with that, exposing a new service is fairly easy with the plethora of already included nginx configs for services like Nextcloud, Syncthing, etc.

I still find Tealdeer useful even now, it helps me get working with commands I know little about, more so than a manpage