Bonus when you disable software flow control: In addition to Ctrl+r to reverse search through commands, you can search forward via Ctrl+s

It’s great piece of software. A couple weird defaults that I usually change immediately (e.g. scaling stroke when you resize an object), but otherwise its interface is reasonably intuitive, and does its job quite well.

Yeah, I’m confused by this video (which is from nearly a year ago, btw). It looks like a gnome shell overview more than anything.

Well good thing I finally realized it wasn’t enabled and set my environment variables to enable it.

I’ve run plain ol’ openbox without a desktop environment on top of it, and it’s quite nice. IIRC I also had a standalone status bar application, but I can’t remember which one I used.

There are a couple utility programs (obconf and obkey?) that help to configure everything comfortably.

And even then, a properly configured SSHD instance wouldn’t really benefit from a firewall, unless you wanted to block all countries besides your own or something.

Every computer has a bunch of ports (1-65535 if I recall correctly), each of which is a unique entity to which a single service can bind. In layman’s terms, a port is a door that one service is able to answer when someone knocks. By convention, some ports have a specific associated service (80 = HTTP, 443 = HTTPS, 22 = SSH), but there are a lot that you can just use as you deem appropriate.

If you want a service (e.g. a web server) to be accessible, you have to run a service that binds to a known port (e.g. 80), and a client has to reach out to your server on that same port. A firewall sits between your service(s) and any potential clients, much like those steel security screen doors. If that’s closed, nobody gets through on that port, even if a service is bound to that port and is listening for a connection.

As a general rule of thumb, you want your firewall to block as much traffic as possible without breaking something (I.e. blocking one of your public-facing services). If you don’t run any services on your computer (web services, media servers, etc.), you can probably get away with blocking all inbound traffic. without any discernable impact.

Khal looks promising:

https://github.com/pimutils/khal

Ah, I’ve almost always used a single monitor setup, so my use case wasn’t weird enough to break X11. That said. Even Wayland is wonky on my multi monitor setup at work, though that’s probably more a GNOME thing than a Wayland thing.

I do still think the approach they took with Wayland is a tad odd, in that everyone has to implement it themselves. But hey, if it works, it works.

old

Old doesn’t mean bad

broken

Is it?

unmaintained

Is it?

I use Wayland personally, but I’ve had almost zero issues with X in the last decade, maybe with the exception of minor screen tearing several years back.

The build approval process actually stripped out all comments via a script.

Thanks, Satan.

Or create a service running with limited access to specific resources, and create an API for users to make requests to that service.

Lol, whatever.

Security is about understanding reasonable threat models. 99.99% of reasonable threats to your machine involve theft or loss of the entire machine and personal data or accounts being accessed…

A thief is going to steal your computer and gut it, not apply liquid nitrogen to your RAM and attach a bunch of instruments with hopes of extracting a crypto key so he can have a small chance at accessing potentially interesting data.

If you think a thief is going to do more, your threat model is very skewed. I suspect that you think you’re much more interesting than you actually are.

Your cute statement about child porn is tasteless and thoughtless.

But it was cute.

Finally, someone reasonable.

Lol, holy hostility, Batman.

I know there’s no such thing as a free lunch. That’s why I purchased a TPM for my machine. Anyway, if your intent is to prevent someone from sticking your HDD into another machine to extract your data, FDE ticks that box. If you’re worried about highly advanced attacks to find your kiddie porn collection, then you probably are justified in your paranoia.

That’s a very absolutist way to look at a situation. It’s equally likely (in fact, much more likely) that OP is missing a detail or two about FDE, and we won’t know for sure until we discuss it.

Actually, thinking more about this…

Can you give an example of this grub cmdline bypass? If what you’re saying is true, this would be a huge issue. I’d switch bootloaders over something like this.

Though after a point rubber hose cryptanalysis will become the more pragmatic option for an attacker.

That doesn’t sound trivial at all.