Conversation
Notices
-
cool_boy_mew (coolboymew@shitposter.club)'s status on Wednesday, 08-Mar-2023 09:41:24 JST 
cool_boy_mew
@shitpisscum Vivaldi -
shitpisscum :verified: (shitpisscum@shitpisscum.mooo.com)'s status on Wednesday, 08-Mar-2023 09:44:26 JST 
shitpisscum :verified:
@coolboymew Oh, chromium issue then I guess. "Works" in firefox cool_boy_mew likes this. -
cool_boy_mew (coolboymew@shitposter.club)'s status on Wednesday, 08-Mar-2023 09:57:27 JST
cool_boy_mew
@mononoaware what should I use? -
Static Void :alpine_linux: :redflag: (mononoaware@fedi.absturztau.be)'s status on Wednesday, 08-Mar-2023 09:57:34 JST 
Static Void :alpine_linux: :redflag:
@coolboymew ditch that proprietary cringe... -
Okabe (okabe_rintarou@shitposter.club)'s status on Wednesday, 08-Mar-2023 11:08:29 JST 
Okabe
@coolboymew @mononoaware I forgot to mention that there are some must-have addons like Tree Style Tabs and uBlock Origin. I just generally block any third-party domain by default and enable them on a case-by-case basis - it really frees up a lot of resources for many sites.
#software #privacy #firefoxcool_boy_mew likes this. -
Okabe (okabe_rintarou@shitposter.club)'s status on Wednesday, 08-Mar-2023 11:08:34 JST
Okabe
If I may make a suggestion: Hardened Firefox via arkenfox user.js. Changes are being applied to your profile via the file "user.js" in your Firefox profile folder and you can override any general defaults from arkenfox via "the user-overrides.js", which I have used myself.
The learning curve might be steep for any newcomers, but it's worth it in my opinion. You definitely should go through the readme and the options yourself once and find out through trial and error what suits your needs.
In general, nothing beats Firefox in terms of customization options. I have created multiple Firefox profiles for several purposes.
Vivaldi is fine too, if I just want to quickly do something on sites of official/reputable services that fail on me otherwise.
#software #privacy -
cool_boy_mew (coolboymew@shitposter.club)'s status on Wednesday, 08-Mar-2023 11:09:58 JST
cool_boy_mew
@okabe_rintarou @mononoaware can't I just use Librewolf? -
Okabe (okabe_rintarou@shitposter.club)'s status on Wednesday, 08-Mar-2023 11:13:11 JST
Okabe
@coolboymew @mononoaware You could, but I had some difficulties with it. In the end, it's just a Firefox with arkenfox user.js baked in. I see no benefit to using the normal Firefox with arkenfox user.js, especially if you familiarize yourself with it. I also had trouble 2 years ago when I tried to customize some settings in Librewolf.
Plus, Librewolf could just be dropped by the maintainers at any point in time for whatever reason since it's maintained by volunteers. I try to minimize dependencies wherever possible.
#software #Firefoxcool_boy_mew likes this. -
cool_boy_mew (coolboymew@shitposter.club)'s status on Wednesday, 08-Mar-2023 12:09:53 JST
cool_boy_mew
@roboneko @mononoaware @okabe_rintarou ??? -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 12:09:54 JST 
verified neko :verified::verified::verified::makemeneko:
@okabe_rintarou @mononoaware @coolboymew it can't be dropped, what would lanodan use to browse the web if he did that? :laugh: -
xianc78@gameliberty.club's status on Wednesday, 08-Mar-2023 12:50:13 JST 
xianc78
@roboneko @mononoaware @coolboymew @okabe_rintarou Minimalist browsers shouldn't be used for daily use. You would be missing out on features like add-ons (if you want to block adds or XSS, you have to manually block them in the hosts file).
-
Okabe (okabe_rintarou@shitposter.club)'s status on Wednesday, 08-Mar-2023 12:50:14 JST
Okabe
@roboneko @mononoaware @coolboymew >lanodan Is that someone I should be aware of? :blobcatthinking: To be honest, I’m constantly out of the loop when it comes to Fediverse culture, but even more so over the last year.
-
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 12:50:14 JST
verified neko :verified::verified::verified::makemeneko:
@okabe_rintarou @mononoaware @coolboymew
lanodan runs the badwolf project and is also a pleroma maintainer
https://hacktivis.me/projects/badwolf
> Bugs caused by systemd will be ignored.
:gigaChad:cool_boy_mew likes this. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 13:01:23 JST
verified neko :verified::verified::verified::makemeneko:
@xianc78 @xianc78 @mononoaware @coolboymew @okabe_rintarou are there no webkitgtk adblock extensions? (I don't use badwolf so I've never looked) -
xianc78@gameliberty.club's status on Wednesday, 08-Mar-2023 13:01:23 JST
xianc78
@roboneko @mononoaware @coolboymew @okabe_rintarou The only minimalist browser I ever used was surf which didn't have extensions. I assume BadWolf is just like that.
BTW, if you use sites that can run on any browser, I highly recommend browsers like NetSurf which develop their engines in house. Sadly, it hasn't been updated in almost 3 years.
-
xianc78@gameliberty.club's status on Wednesday, 08-Mar-2023 13:10:31 JST
xianc78
@djsumdog @mononoaware @coolboymew @okabe_rintarou I use LibreWolf as my daily browser and I never had those issues.
-
djsumdog (djsumdog@djsumdog.com)'s status on Wednesday, 08-Mar-2023 13:10:32 JST 
djsumdog
I've only run into two big issues with Librewolf:
Some websites always display in mobile (not sure if this is due to fingerprint protection, user agent or disabling the canvas)
Live streams (Rumble and others) always have garbled audio. I have to switch to mpv (which uses yt-dlp under the hood) or Brave. I'm guessing there's something different about HLS and live video? -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Wednesday, 08-Mar-2023 13:25:27 JST 
Your New Kemono Waifu :verified: :cornbread_the_cat:
@roboneko @coolboymew @mononoaware @okabe_rintarou nice
People have even written scripts to turn a Linux install into a Windows Server install for the same reason.
There's also Gentoo which can be installed from pretty much any live Linux environment.cool_boy_mew likes this. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 13:25:28 JST
verified neko :verified::verified::verified::makemeneko:
@sjw @coolboymew @mononoaware @okabe_rintarou
actually it looks like they provide an iso that's suitable for an initial boot to RAM and then you just overwrite the drive it was written to. neat
https://wiki.alpinelinux.org/wiki/Replacing_non-Alpine_Linux_with_Alpine_remotely -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Wednesday, 08-Mar-2023 13:25:29 JST
Your New Kemono Waifu :verified: :cornbread_the_cat:
@roboneko @okabe_rintarou @coolboymew @mononoaware speaking of systemd, I really need to give :alpine: a try.
Do they have a good installer now? One that also supports disk encryption? I mean, I can install it manually if I must but I'd just rather not. Especially since I'd have to make my own initrd which I'd really rather not have to deal with. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 13:25:29 JST
verified neko :verified::verified::verified::makemeneko:
@sjw @coolboymew @mononoaware @okabe_rintarou
> Especially since I'd have to make my own initrd which I'd really rather not have to deal with.
I generally set systems up using debootstrap after booting from an image. actually I ended up authoring my own isolinux image so that my ssh keys and other stuff are burned into it. I've never had to make my own initrd since installing the kernel and grub (or an equivalent) takes care of that for you on debian
I did try out dracut on debian one time and that was painful to get configured due to some driver issues and it erroring out before I had video output. I am using it on the one system tho
for alpine it looks like there's an apk-tools-static utility that might be a debootstrap equivalent? not sure tho, never used alpine before. actually I've been meaning to try it but just haven't got to it -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Wednesday, 08-Mar-2023 13:38:11 JST
Your New Kemono Waifu :verified: :cornbread_the_cat:
@djsumdog @roboneko @mononoaware @coolboymew @okabe_rintarou yee but you have to do some custom disk partitioning. Looks easy enough tho. Not crazy about /boot and /boot/EFI being the same partition nor /boot being fat32 but I've kind of given up on that at this point since it's what everything wants to do. -
djsumdog (djsumdog@djsumdog.com)'s status on Wednesday, 08-Mar-2023 13:38:12 JST
djsumdog
I wrote a tutorial for doing full disk encryption on Alpine:
https://battlepenguin.com/tech/alpine-linux-with-full-disk-encryption/
...but I think it's supported in the stock installer now. Not sure thought. I still did it manually when I bought up my file server a few months ago. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Wednesday, 08-Mar-2023 13:38:43 JST
verified neko :verified::verified::verified::makemeneko:
@sjw @djsumdog @coolboymew @mononoaware @okabe_rintarou
> /boot and /boot/EFI
stuff like this is why I debootstrap. lay the disk out however I want, assemble the bind mounts for the chroot, and then fill out the fstab accordingly
/boot/efi should be fat32 but I run ext4 /boot and btrfs / -
🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Thursday, 09-Mar-2023 13:25:07 JST 
🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
SmartOS does something similar. It can pxe, CD, or USB boot the kernel/boot partition and then it loads the persistent files from the HDD as a VM.
https://wiki.smartos.org/administering-the-global-zone/ -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Thursday, 09-Mar-2023 13:25:08 JST
Your New Kemono Waifu :verified: :cornbread_the_cat:
@mononoaware could just keep /boot on a flash drive you keep on you at all times.
People can't temper with your kernels if they don't have access to them.
The only time you'd need to have it plugged in is during boot or when updating. -
Static Void :alpine_linux: :redflag: (mononoaware@fedi.absturztau.be)'s status on Thursday, 09-Mar-2023 13:25:09 JST
Static Void :alpine_linux: :redflag:
@sjw well, that's a plausible alternative somehow -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Thursday, 09-Mar-2023 13:25:10 JST
Your New Kemono Waifu :verified: :cornbread_the_cat:
@mononoaware why is it so important to encrypt your /boot?
Genuine question.
Yeah, I know secure boot is kind of broken but it's something plus you can also have the OS refuse to boot if the kernel isn't signed with your keys.
Encrypted /boot also prevents you from being able to include dropbear in your initrd so you can reboot and unlock your disk remotely. -
Static Void :alpine_linux: :redflag: (mononoaware@fedi.absturztau.be)'s status on Thursday, 09-Mar-2023 13:25:11 JST
Static Void :alpine_linux: :redflag:
@sjw alpine's installer is dead simple, maybe even kinda too simple (protip: don't do the mirror latency test, just grab the first one unless you distrust fastly). When it comes to FDE, unfortunately, it will only encrypt your /, but not /boot, which you'll have to do manually, but there is a good article on the alpine wiki, which for a few subjects might be just as good as the arch wiki. Also mind you, when it comes to software availability it is not just the matter of having to compile from source or having to resort to flatpaks. Musl can feel a bit limiting, I'd say it's less than 5% of free software won't work without modifying the source code or compilation flags (specifically in cause of Rust, you may need to enforce static linking) and proprietary crap is usually only distributed via flatpak.
So with all that being said, for server alpine would be probably the second best choice for security after OpenBSD, but for the balance of usability, simplicity and security it might be the best. But for desktop you'd probably be better off using Void. -
Okabe (okabe_rintarou@shitposter.club)'s status on Thursday, 09-Mar-2023 14:59:22 JST
Okabe
@roboneko @mononoaware @coolboymew I think you confused Librewolf for Badwolf. Librewolf is a fork of Firefox with arkenfox user.js baked in.
#Software #OpenSource #Privacyxianc78 and cool_boy_mew like this. -
Your New Kemono Waifu :verified: :cornbread_the_cat: (sjw@bae.st)'s status on Thursday, 09-Mar-2023 22:43:05 JST
Your New Kemono Waifu :verified: :cornbread_the_cat:
@djsumdog @roboneko @mononoaware @coolboymew @okabe_rintarou default bootloader in Alpine doesn't support encrypted /boot. You gotta use grub for that and even then grub only supports luks1 not luks2. If you want luks2 for system then you'd be putting in two different passwords which is annoying (although you could embed a key file in you initrd which could be interesting).
However, if I were going that route I'd just sign my own initrd images with my own key, have them unencrypted, and then add my key to the UEFI and just use UEFI to boot initrd and skip the bootloader all together. -
djsumdog (djsumdog@djsumdog.com)'s status on Thursday, 09-Mar-2023 22:43:07 JST
djsumdog
oh in my setup, /boot is on the LUKS encrypted part. There are only two partitions: /dev/nvme0n1p1 and /dev/nvme0n1p2. p1 is EFI (FAT32, it has to be for UEFI/GPT. No way around that unless you want to do MBR.) p2 is LUKS and it contains two logical volumes for / and swap. /boot is just part of / in my setup. /boot/efi is the p1 mount.
You can't encrypted EFI, but you can sign GRUB with a cert, delete the default (windows) cert from your UEFI/BIOS and install your own and turn on secure boot. (I haven't actually tried this yet). If you do set up secure boot with your own keys and a BIOS password, it makes it much more difficult for someone to wipe and re-sell your laptop if it gets stolen. -
ExtraSpecialK (extraspecialk@poa.st)'s status on Thursday, 09-Mar-2023 22:43:37 JST 
ExtraSpecialK
@sjw @djsumdog @roboneko @mononoaware @coolboymew @okabe_rintarou Now I would love to find a good tutorial on this.
I've always loved alpine for containers but I'm trying to get into using it as a desktop more. It's frustrating because half the driver's are missing, sound card, network manager don't work. But I love how fast it is and rc-update isn't too complicated. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Thursday, 09-Mar-2023 22:43:42 JST
verified neko :verified::verified::verified::makemeneko:
@okabe_rintarou @mononoaware @coolboymew ah fugg so I did. how embarrassing. well you should check out badwolf anyway because lanodan is awesome :cirno_heh:
FcN6iISagAEqBIi.jpgcool_boy_mew likes this.
-
All 076萌SNS content and data are available under the 