Yeah for me it’s been great and I do essentially leave it plugged in the whole time I’m using my PC (attached to my keys). It does require a pin entered each boot, so leaving it in would still offer security. But as someone else mentioned getting kwallet PAM working would make things easier in any case

Lol. I press a button on the device (which I unlocked with a pin before boot), but it would be nice to have the DB unlock automatically

Personally, I’ve relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven’t needed to type passwords since. This doesn’t help with the number of prompts, but it does make them easier to dismiss.

I do use autologin, but I don’t use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I’ve had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.

Nice, sounds pretty cool. FZF is great, I need to try out some new things with it. Never got into snippets but I’m sure that speeds things up considerably, will think about it.

Yeah separate config files is probably the best approach if you have a lot of things configured. I haven’t done that yet, but might try soon. My config has generally been pretty simple, mostly bindings and plugin settings. But I started developing in the TTY and had to shoehorn-in a conditional theme and such to get it to work properly, leaving it pretty unorganized.

| I can never leave vim. It has taken over the pathways in my brain.

Haha, yeah

My neovim config is a total mess :D. But yeah i3-msg+jq is great, I’ve written a number of solutions to this problem before using the API and external scripts, but it’s nice having things inline in the config file

For a while I would have agreed, and I used sway for years. But recently I switched back to i3 (i3-rounded) due to display issues with my AMD GPU. I started doing most of my development in the TTY, and found that switching from TTY to Wayland takes half a second and can sometimes break my GPU (until I switch between TTY and display a few times). With X11 it’s instant and without issue ¯\_(ツ)_/¯. Hoping that gets fixed down the road, or that it’s specific to my GPU.

This is always the first thing I get set up:

# focus next available workspace on this output

bindsym $mod+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && i3-msg workspace $(($ws-$ofs))

bindsym $mod+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && i3-msg workspace $(($ws+$ofs))

# move window to next available workspace on this output

bindsym $mod+Shift+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && dest=$(($ws-$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest

bindsym $mod+Shift+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && dest=$(($ws+$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest

Works with sway if you replace i3-msg with swaymsg (and remove --no-startup-id, since it’s not needed for Wayland).

Edit: ampersand issues, trying quote instead of code block

I use LUKS-encrypted LVM volumes to store everything (and transfer via SSH or HTTPS), but would use GPG if I needed to encrypt individual files.

Ah good to know! Will try that if I ever run into issues, thanks

I’ve been using it for years and I think it’s great. Currently on a 6 Pro. It’s true that some apps don’t work without Google Play services, but GrapheneOS has the option to install the google stuff in a sandbox, so you shouldn’t run into any issues if you do that. Personally, I don’t use Play services unless I need to, and use Aurora store for any apps that aren’t on F-Droid.

In any case, you can always revert to stock or try another OS

Edit: as faede has pointed out, it appears that Google Wallet has issues. Also, the usage docs mention issues with banking apps in general, so that’s something to consider

If you’re willing to spend the time to learn how to write custom policies, SELinux can be used for this, to some extent. It’s highly customizable and can sandbox your apps, but the process of doing so is quite complicated. I wrote a small guide on custom policy management on Gentoo in another comment if you’re interested.

There’s also apparently a “sandbox” feature, but I don’t know much about it. I just write my own policies and make them as strict as possible.

As an example, my web browser can’t access my home directory or anything except its own directories, and nobody (including my own user), except root and a few select processes (gpg, gpg-agent, git, pass) can access my gnupg directory.

This only covers security/permissions, and doesn’t include many of the other benefits of containerization or isolation. You could also try KVM with libvirt and Gentoo VMs; that works pretty well (despite update times) and I did that for a while with some success.

For vegetables I throw everything into a big stew with a lot of different things (kale, broccoli, cauliflower, onion, potato, mushrooms, tofu, garlic, beans), lots of hot sauce, seasoning, olive oil, etc. and eat the same thing every day, for the most part. I don’t eat enough fruit but I do have a handful of dried fruit with oats every day

Haha yeah, nicely put. I do enjoy the content, mostly because I’ve been following these creators for some time, and it’s hard to find a replacement for it… there is a lot of great content there, but it makes me feel gross using it. And same, I had no problem finding an alternative for Reddit (this), probably because I was not very attached to individual creators there.

I’m hoping a decentralized solution gains traction, but in the meantime I’ve been trying to limit the amount of information I share with the platform. I’m not actively trying to restrict my usage (most of that was achieved when I stopped using an account), but maybe it’s a good idea to do so. I mostly use it when eating or going to sleep, and there are better ways to occupy that time.

Major bugs usually get fixed pretty quickly- I always check the GitHub to make sure I have the latest version when I have issues. And Invidious can work as an alternative most of the time, but some instances work better than others

I stopped using recommendations years ago and only use NewPipe and Invidious. I did notice a reduction in my watch time, but there is plenty to watch when using a subscription-only feed. I havent added very many channels to my list since then, but personalized recommendations aren’t worth the privacy cost. Hoping to leave the platform eventually

I use Terminus (ter-112n) for TTY, Source Code Pro for terminal emulators, and DejaVu, Liberation, and Noto for others

Had the same issue with Plasma Wayland in QEMU but I never found a solution. Toggling anti-aliasing sometimes helped, temporarily

Try going down the page and looking for the categories with more than a few bits of identifying information. I’m running LibreWolf with just uBlock Origin and Dark Reader (which I don’t think influences results) and I’m able to get nearly-unique, instead of unique (but I do get unique on default settings). TBB gets non-unique, which is a good set of results to compare to.

In my case I noticed that my fonts were really unique so I set browser.display.use_document_fonts = 0. Also I use my WM to set my page resolution to 1920x1080, which seems to have a better fingerprint than the default LibreWolf floating resolution of 1600x900 (and even the letterboxing resolutions, from what I can tell).

I just spent some time testing again and checking for anything else. RFP does force a generic user agent, but unfortunately it keeps the version information and I can’t figure out how to change it with RFP on. Would be nice to set it to the ESR version used by TBB (which has lower bits), but I’m not sure if that would lead to a more unique fingerprint (if, say, a feature was detected that is available in later versions but not ESR).

Edit: just tried Mullvad browser, and it’s non-unique! Might be the best option.

Was getting 71% on Librewolf with only uBlock Origin. Enabled every blocklist in the extension and am now getting 100%. Thanks for sharing!

Yes! Depending on how much time you want to spend figuring things out… there is a learning curve, but the documentation is quite extensive. And you do learn a lot about Linux by diving in. The compile times aren’t really an issue today if you have decent hardware- I run it at home and on all of my servers (some of them not very powerful). You can do other things while it’s compiling.

It’s great if you want to customize everything and learn how your system works, or are interested in optimizing everything for your specific CPU architecture. There are a few pitfalls (especially when learning), but I’ve generally been able to learn how to fix any issues as they arise.

Also, the package availability is great. If you can’t find something in the gentoo repository or in an overlay, you can usually find its dependencies and build it yourself.