to test if it’s Firefox’ fault
Firefox follows web standards the most, but because most people use Chromium-based browsers web developers make websites for Chrome instead for the web.
to test if it’s Firefox’ fault
Firefox follows web standards the most, but because most people use Chromium-based browsers web developers make websites for Chrome instead for the web.
IMO it’s the best (desktop) Chromium-based browser. Which means it’s a bad browser but there are a lot of worse options.
If you don’t have hardware encryption you can use --cipher xchacha20,aes-adiantum
option when running cryptsetup
to make it way faster than standard aes cipher in software.
I don’t believe one can run Linux on it.
Someone will prove you wrong. Not me. But someone will.
Great! Exactly on time for the next release of Debian :)
I was interested in technology and programming and my mom recommended me to check out a raspberry pi. Her friend’s son has one. So my first comouter was a raspberry pi with RaspbianOS when I got my first PC it seemd normal to install something that I was using for the last year and its free. So I installed Pop!_Os, a year later Fedora and a half year later Arch. I’ve been using Arch for more than 2 years now.
I’m using Arch because you start with nothing and you can make any system you want. I have disk encryption, btrfs as a filesystem, secure boot with my own custom keys, I’m running self-build kernel, I’m using apparmor and I can use any program from AUR, etc. Thats my personality. Things that you can’t see but are important to me.
On other distros some of these things would be very hard to do. Especially without Arch Wiki.
Yes but you have to do that for each service if I understand correctly.
I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don’t have a central service like docker. And watchtower and nextcloud AIO don’t work on Podman. So I switched back to docker.
Then atleast fake it until you make it!
To 3d print something you need to convert a model (.stl or something else) to gcode. A slicer will do this for you. I use Cura (it’s open source) and works great on Linux. Then you have to send that gcode to the printer. You can do that with micro SD card which is what I noramlly do or you can connect to the printer using USB cable and send the gcode using a slicer.
No problem ;)
That was really hard to do. I created a note for myself and I will also publish it on my website. You can also decrypt the sd using fido2 hardware key (I have a nitrokey). If you don’t need that just skip steps that are for fido2.
The note:
Download the image.
Format SD card to new DOS table:
As root:
xz -d 2023-12-11-raspios-bookworm-arm64-lite.img.xz
losetup -fP 2023-12-11-raspios-bookworm-arm64-lite.img
dd if=/dev/loop0p1 of=/dev/mmcblk0p1 bs=1M
cryptsetup luksFormat --type=luks2 --cipher=xchacha20,aes-adiantum-plain64 /dev/mmcblk0p2
systemd-cryptenroll --fido2-device=auto /dev/mmcblk0p2
cryptsetup open /dev/mmcblk0p2 root
dd if=/dev/loop0p2 of=/dev/mapper/root bs=1M
e2fsck -f /dev/mapper/root
resize2fs -f /dev/mapper/root
mount /dev/mapper/root /mnt
mount /dev/mmcblk0p1 /mnt/boot/firmware
arch-chroot /mnt
In chroot:
apt update && apt full-upgrade -y && apt autoremove -y && apt install cryptsetup-initramfs fido2-tools jq debhelper git vim -y
git clone https://github.com/bertogg/fido2luks && cd fido2luks
fakeroot debian/rules binary && sudo apt install ../fido2luks*.deb
cd .. && rm -rf fido2luks*
Edit /etc/crypttab
:
root /dev/mmcblk0p2 none luks,keyscript=/lib/fido2luks/keyscript.sh
Edit /etc/fstab
:
/dev/mmcblk0p1 /boot/firmware vfat defaults 0 2
/dev/mapper/root / ext4 defaults,noatime 0 1
Change root
to /dev/mapper/root
and add cryptdevice=/dev/mmcblk0p2:root
to /boot/firmware/cmdline.txt
.
PATH="$PATH:/sbin"
update-initramfs -u
Exit chroot and finish!
umount -R /mnt
On my main profile on GrapheneOS there are 7 closed source apps and 1 self build technically closed source (for now) all out of total 71 apps.
7 out of 705 installed packages are non-free packages on my RPi server.
On my Raspberry Pi 4 4gb with encrypted sd is:
Pi is overkill for this kind of job. Load average is only 0.7% and ram usage is only 400M
I used geekbench 5. My CPU is AMD Ryzen 5 5500U. I tested a few prebuild kernels and custom compiled the fastest one.
prebuild linux kernel:
prebuild linux-zen kernel:
prebuild linux-xanmod kernel:
prebuild linux-hardened kernel:
custom linux-hardened kernel:
True but then you actually have to remember the password. Or you can use an USB key to store keyfile or a hardware security key like Nitrokey or Yubikey to decrypt it.