Basically it works by every component validating the next one before loading it.

• UEFI validates the bootloader
• Bootloader validates the OS

They do this by checking a cryptographic signature. Specifically, UEFI checks that the bootloader is signed by a certificate that is in turn signed by a certificate authority (CA). You can upload custom CA keys in the UEFI interface.

Per default, every UEFI ships with the Microsoft CA. That does not mean you can only run secureboot with Windows and you absolutely should enable secureboot on every machine you own. Microsoft does sign other signing keys allowing them to be also used with secureboot. For example, every major Linux distro has keys signed by the Microsoft CA and so secureboot works out of the box with those.

Even if you have an OS that does not have a signing key signed by the Microsoft CA, you can upload your own secureboot keys to get around that.

It should be pretty clear at this point that all of this is pointless if you do not set a UEFI password.

Been working with Linux every day for over a decade at my job. At home I run the most boring generic shit.

Once EOL hits I’m switching to Linux.

Check out EFF cover your tracks: https://coveryourtracks.eff.org/

The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.

I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.

In general, you should try to be as “normal” as possible, use standard settings for everything, just accept English, etc…

I just want to point out that billionaires do not have billions on their bank accounts, they own companies worth that much. The issue is the concentration of power they have through that.

I’m not sure if you’ve ever had a public project, but for most people, be it YouTube, twitch, github, whatever, its not so easy. Negative comments grate on you, and, over time, can really take a toll.

William Osman interviewed a bunch or creators about this: https://youtu.be/DVCpKfedfok

Its not as easy as to call people out. Some people go great lengths out of spite, doxx you, send you death threats… Is it really worth it? Not that a “fuck off” will work anyway.

You say people will join you but they really don’t. The reality is there are a ton of crucial open source projects being run by one person on the edge of burnout. See curl, xy, etc.

Money absolutely would help and I wish the EU would put additional funding into this.

I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.

Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.

The Finns could probably take Russia on their own. They have been continuously preparing since the winter war. Everything is build around it, everyone has trained for it, they even test moving their entire economy to war economy on a regular basis.

Maybe you should read that article you linked completely. EU battle groups are multinational rapid response forces, and merely a subset of troops the EU can muster. Germany alone has 180k active service personnel.

I just want to voice the thought that “ripped off” is not a good term for this. It has a very negative connotation. The reality is, people try all kinds of stuff and whatever works sticks. That’s a good thing.

You mean a hotbar? Minecraft didn’t come up with that.

That is impossible. There are more unique experiences than one can have in their lifetime. Getting a bachelors, meaning really surface level understanding in one topic takes three full time years. If you actually had nothing else to do, you could do that for maybe 15 topics. And that’s just learning. What about sports, music, traveling and the endless other human activities.

This is probably the way, because a traditional “mail server” is actually 4-5 different servers working together.

• postfix for SMTP
• dovecot for IMAP
• amavis to plug in…
• spamassassin as anti spam
• clam-av as antivirus

And they can all be very easily misconfigured to break everything completely. Great learning experience though.

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

But not paying for it almost guarantees it.

No I’ve never seen this. Usually they send you an email to the admin address of the domain with the code.

Ultrasonic cleaner with isopropanol solution.

Its always encrypted, just that the keys are in RAM when it runs.

In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.

AES is already post quantum crypto so that sounds a bit marketingy.

I’m using it and never going back.

It’s not just the privacy aspect, but the fact that most results in other search engines suck. The first two pages would usually be ads - first the bought ones, then company websites and copywritten blogs. I get that way less with kagi. I find useful stuff faster and my brain is less polluted.