Basically it works by every component validating the next one before loading it.

• UEFI validates the bootloader
• Bootloader validates the OS

They do this by checking a cryptographic signature. Specifically, UEFI checks that the bootloader is signed by a certificate that is in turn signed by a certificate authority (CA). You can upload custom CA keys in the UEFI interface.

Per default, every UEFI ships with the Microsoft CA. That does not mean you can only run secureboot with Windows and you absolutely should enable secureboot on every machine you own. Microsoft does sign other signing keys allowing them to be also used with secureboot. For example, every major Linux distro has keys signed by the Microsoft CA and so secureboot works out of the box with those.

Even if you have an OS that does not have a signing key signed by the Microsoft CA, you can upload your own secureboot keys to get around that.

It should be pretty clear at this point that all of this is pointless if you do not set a UEFI password.

Been working with Linux every day for over a decade at my job. At home I run the most boring generic shit.

Check out EFF cover your tracks: https://coveryourtracks.eff.org/

The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.

I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.

In general, you should try to be as “normal” as possible, use standard settings for everything, just accept English, etc…

I wonder how accurate you can date a picture based on jpeg artifacts and resolution.

I’m not sure if you’ve ever had a public project, but for most people, be it YouTube, twitch, github, whatever, its not so easy. Negative comments grate on you, and, over time, can really take a toll.

William Osman interviewed a bunch or creators about this: https://youtu.be/DVCpKfedfok

Its not as easy as to call people out. Some people go great lengths out of spite, doxx you, send you death threats… Is it really worth it? Not that a “fuck off” will work anyway.

You say people will join you but they really don’t. The reality is there are a ton of crucial open source projects being run by one person on the edge of burnout. See curl, xy, etc.

Money absolutely would help and I wish the EU would put additional funding into this.

I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.

Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.

I just want to voice the thought that “ripped off” is not a good term for this. It has a very negative connotation. The reality is, people try all kinds of stuff and whatever works sticks. That’s a good thing.

You mean a hotbar? Minecraft didn’t come up with that.

That is impossible. There are more unique experiences than one can have in their lifetime. Getting a bachelors, meaning really surface level understanding in one topic takes three full time years. If you actually had nothing else to do, you could do that for maybe 15 topics. And that’s just learning. What about sports, music, traveling and the endless other human activities.

This is probably the way, because a traditional “mail server” is actually 4-5 different servers working together.

• postfix for SMTP
• dovecot for IMAP
• amavis to plug in…
• spamassassin as anti spam
• clam-av as antivirus

And they can all be very easily misconfigured to break everything completely. Great learning experience though.

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

But not paying for it almost guarantees it.

No I’ve never seen this. Usually they send you an email to the admin address of the domain with the code.

Ultrasonic cleaner with isopropanol solution.

Its always encrypted, just that the keys are in RAM when it runs.

In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.

I’m not sure, I got a used Pixel so I can use graphene.

It exists and is called graphene OS. It is primarily focused on privacy and security though and as such only supports google pixels since they have both good hardware security and fast security patches. Most others fail at one of the two.

Otherwise you could install calyx OS.

AES is already post quantum crypto so that sounds a bit marketingy.

I’m using it and never going back.

It’s not just the privacy aspect, but the fact that most results in other search engines suck. The first two pages would usually be ads - first the bought ones, then company websites and copywritten blogs. I get that way less with kagi. I find useful stuff faster and my brain is less polluted.

Related: https://timsh.org/tracking-myself-down-through-in-app-ads/

Unity games on mobile send your location to Unity servers every couple seconds through the Unity ad network.

Things you can do:

• GDPR Request to Unity
• use a DNS that blocks trackers, like mullvad