From what I understand - avoidance is using legal means to avoid paying tax, while evasion is using all the other means to evade getting taxed altogether.

Only commenting on the orc part, but that’s what russians call themselves.

Don’t know, been rolling with Gentoo for some time now.

I wouldn’t trust “out of the box” support anyway as that would imply trusting microsoft keys.

Podcini, got it on f-droid. Does what it says on the tin!

It is a good thing!

Do you know how that works? Is it something like Ubuntu where Canonical uses some sort of chain from Microsoft or do you have to embed the cert they provide into UEFI yourself?

🤣

Yes, failing to safeguard keys is fatal, but that applies to everything. But if fs you’re storing keys on is behind luks and they’re readable by root only - you’re as safe enough. There’re also LSMs like selinux that can increase the complexity of attack.

I don’t know about nitrokey specifically, but TPM is an option (not good enough, imo) and a simple luks encrypted usb. You could get some convenience by storing the key to unlock it somewhere on the encrypted root.

In general - you cannot stop a targeted attack no matter what, but staying safe from all the automated ones is doable.

No it can’t. You’re still thinking about github and its built in “forking” mechanism.

There is no federated guthub because git itself is. Just clone the repo - you’re part of the network already!

It is a system one has to understand fully, i.e. not like ssh, where you can understand connecting to a remote host without bothering about key pairs, x11 forwading, etc.

I was lucky enough to have figured out Gentoo enough where plugging in secure boot was just extending my own system update script. Admittedly, I don’t know how much other distros fight back.

In general - things that are colourful and/or have special effects.

Blue Planet, Top Gun Maverick, Fast and Furious saga (not the first few, 4k made no difference there) come to mind first atm.

Things that have acting and script itself as the main selling point generally are perfectly fine in 1080p. The Office and Slow Horses would be a good example of that, I suppose.

Personally, I get everything I want my son to watch in the highest quality I can - Shawshank Redemptiom and Shutter Island are the latest additions to my library that, I think, would absolutely fine in 1080p, but… 4K HDR it is :D

Yea, I guess that initial total lack of understanding and big headlines has left a long-lasting scar. Admittedly, secure boot could be used to lock a machine down if the ability to turn it off and/or manage the keys yourself was removed.

We’ll get there, eventually :)

The Bootkitty sample ESET found is unable to override a defense, known as UEFI Secure Boot, that uses cryptographic signatures to ensure that each piece of software loaded during startup is trusted by a computer’s manufacturer.

AKA not that big of a deal, yet. An article from another post about this also mentions GRUB explicitly as a requirement as well as PoC using self signed keys, which renders it sort of impossible to abuse.

UKI + your own keys + secure boot is still not broken.

• Get a house with a garden (backyard)
• Start my own laptop/desktop line
• Obtain and maintain a naturally aspirated manual V12 Aston Martin

What has worked for me quite well over the last few years was answering the phone without saying anything. Spammers usually are dead silent as it’s just a voice recognition bot waiting for a “hello” or similar and hang up within a couple of seconds if nothing is said. Regular people have “static” most of the time. I’ve had a few recruiters call while having their mic on mute, but they start talking themselves fairly quickly.

I only have the indoor one, but Reolink is fine. Used it as a baby cam. No cloud bs, supports an rtsp stream. App has gone downhill, but due to rtsp I sort of don’t care.

Happy it works for you!

I’m running it on arch so that I never have to go through big upgrades. Been over 5 years now - so far, so good!

In regards to docker - it’s just a container. You can make any executable run a container. I quite like a lean system myself, though.

I’ve never heard of mailcow specifically, but I was intentionally avoiding all-in-one packages when setting up. Life has proven that good things aren’t easy and easy things aren’t good.

And so far I’m happy with that decision - setup is modular, was already able to extend it with postfwd, dual dkim signatures (rsa and ed25519), mta-sts and some other policy I can’t recall right now.

I’ve also specifically wanted to run as little code as possible that’s exposed to the internet - as such, I chose to not have webmail.

I don’t, but I could probably come up with one next weekend.