Something like https://graphite.com/ to create stacked PRs that are reviewable probably would have helped. Can be replicated with local LLMs or remote AI providers with locally configured agentic workflows. Never used graphite personally, but I’ve seen some open source maintainers use it to split up large PRs.

There is a praise/validation kink for that.

Firefox Nightly + arkenfox userjs + uBlock Origin + Bitwarden as my daily driver.

Been a couple years since I checked up on arkenfox still being good. I get flagged as a bot all the time and constantly get popups about WebGL (GPU fingerprinting) so I assume its working as intended for my threat model.

Tails when I really care.

Mullvad VPN as my regular VPN with ProtonVPN for torrents.

GrapheneOS / NixOS as my OS.

Proton Visionary for most cloud services except passwords and I don’t really use Proton Drive. I do use ProtonPass for unique emails to every provider.

Kagi for searches / AI.

Etesync for contacts because Proton didn’t sync with the OS last I checked.

Backblaze B2 for cloud storage with my own encryption via rclone (Round Sync on GrapheneOS)

Keypass for a few things like my XMR wallets and master passwords I don’t even trust in Bitwarden.

https://jmp.chat/ for my mobile provider.

Pihole with encrypted DNS to Quad9.

https://onlykey.io/ for the second half of my sensitive passwords (Bitwarden, LUKS, Keypass, OS login). First half memorized.

Its a lot. I burned myself out a couple years ago keeping up with optimizing privacy and this setup has served me well for 2 years without really changing anything. The cloud services are grey areas in terms of privacy but the few ads that leak through uBlock have zero relevance to anything about me.

Toooo real. Its like companies have taken the worst of everything and just call it agile. List out every task and estimate them so we have timelines, but don’t actually architect anything as that’s waterfall. Fake waterfall, with fake dates, but fingers will be pointed like they were real commitments, and spend a month doing it for this executive power point instead of fucking off so devs can build the damn thing.

I ended up just building a box after looking for the perfect NAS and finding it didn’t exist. The software is usually just crap or the hardware is underwhelming. Got a Node 804 case to slap in plenty of HDD space. Running NixOS so I’m in control of the software. In retrospect I wish I had gotten a rackmount type case. Tossed in an Arc GPU for better transcoding shortly after the initial setup.

Well Discovery S1-2 will then be a prequel for you then for SNW since its the same actors for Pike and Spock. If you enjoyed those you should enjoy Discovery. I also watched Discovery after SNW since I wasn’t tracking all the recent series at the time.

I enjoyed both but Discovery isn’t as much of a throwback as Picard was.

If you do watch it, Strange New Worlds (SNW) is worth checking out also. If I recall correctly, SNW resumes Pike’s and Spock’s story after Discovery season 2 (same cast) and Discovery seasons 3-5 forks off with the rest of the Discovery crew.

Lower Decks (animated) also extends the Discovery story. Have not seen it myself, but there have been headlines Discovery may or may not be cannon based on Lower Deck’s trying to fix continuity issues or something as the last episode goes all multiverse. Even if true, it doesn’t sway my enjoyment of the story and characters.

Pretty snappy. All the gnome APIs are written in C. It doesn’t run on node, it runs on gnome-javascript (gjs) which exposes all the C APIs through JavaScript. If you use the Astal wrappers its pretty painless but using the gnome APIs directly in gjs is a little weird since you have to consider things like memory management.

I have it activate a layer when held where all the other keys are remapped.

I also use a 45% keyboard (https://wilba.tech/jd45) and its done in the keyboard’s firmware (https://qmk.fm/), so I need the extra keys.

I have an older model of the JD45 with a full bottom row.

It is gnome, but https://aylur.github.io/astal/showcases/ is pretty awesome if you’ve done any React development. Pretty much coded up my own desktop environment with typescript and tsx for layout stuff. Lot’s of fun widgets.

Note that I use nixos so pretty much everything is hand picked instead of a prebuilt ready to go environment. Hyprland for the basic desktop, Astal for my desktop shell with widgets, toolbars, etc.

Can confirm, it is information they already have. Below is likely the API the telco exposes to the bureau. Each data point queried returns true, false, or a confidence score.

It is intended as an anti-fraud tool. Not saying I agree with it. Something like PGP is sufficient for building out a web-of-trust without needing to share my personal information.

https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/camaraproject/KnowYourCustomer/r1.4/code/API_definitions/kyc-match.yaml&nocors#tag/Match/operation/KYC_Match

No programming knowledge required.

Graphene only supports Pixels due to the titan chip. The versions with “a” are cheaper. Check when they go end of life to find the cheapest if you care about updates. So probably the 6a or 7a if you want at least 2 years of updates.

1. Not sure on this one.

2. The auditor is to make sure you are installing an authentic version of graphene. That it is not a modified version that has been tampered with (e.g., backdoors).

3. Automatically enables MAC randomization. This can help with being tracked on public networks. Fingerprinting techniques have gotten better though with deep packet inspection and even measuring radio characteristics. I’ve seen demos of two brand new and identical models of iPhones being distinctly picked out due to variances in the radios during manufacturing.

Doesn’t help with advertisers tracking behavior based on IP. VPNs help with “blending-in” by putting multiple users behind the same IP. Provider matters here. Needs to be a VPN provider that won’t just sell your data or cave to law enforcement. Mullvad is my preference. Paid with crypto. RAM only logs. That said, use Tor or I2P for anything you don’t want subpoenaed.

For additional tips:

• Can’t remember if its on by default, but auto-reboot to put data at rest (encrypted and not in RAM). This is for a state-actor threat level, and less about advertisers.
• I prefer pin codes to unlock my device and don’t use biometrics. Graphene has a feature to randomize the pin pad every time to protect against a recording of the pin be entered. Specifically where the numbers aren’t picked up on the video but the pattern your hand makes can be seen. Again, more of a state-actor threat level.

No. Its all text file config. You wouldn’t use live CD mode. You define your own how you want it to work.

Its a steep learning curve so if looking for off the shelf solutions, don’t use nix. If you need something custom but through a single config paradigm, nix is awesome.

Soap boxing here but I feel these kinds of use cases is what NixOS is built for.

Declarative config to setup the system, users, and apps.

Declarative and customizable impermanence exactly how you want it.

I use Tails as well but NixOS is my daily driver. Anything not marked explicitly to persist is dropped each reboot. I’m the only user so I keep the last 30 days of non persisted data for like a power outage but that’s something I had to go out of my to setup for my use case.

1000% this. I’m now rediscovering my rather fluid gender identity and attraction to both genders that started in my late 30s. Looking back, all the signs were there, I just kept things private as it wasn’t socially acceptable. Had some outlet with the teen goth scene, which was nonexistent in college. Grew up in a heavily catholic influenced region.

Have an awesome wife who is supportive and revealed she is (now was) also closet bi from the same generation.

We moved away from there, but when I visit family all the churches are run down and closed. I smile every time knowing their grip is loosening. All the LGBT hate today just tastes like desperation.

There is anonymity and pseudonymity.

Do you need your opsec to be resistant to state-level actors (oppressive regime, censorship, illegal activities)? Well then you need to make sure you don’t introduce anything that will deanonomize you.

Are you trying to be resistant to mass data collection efforts used for profit? Being on the pseudonymity spectrum is a good step.

Dealing with the latter is like dealing with a bully. Make it not worth their time. They just want to put you in bucket X so they can estimate the most likely way to influence you for reason Y. Pseudonymity is about having multiple aliases that get put into different buckets so their privacy invasive efforts are less effective.

I’m both experienced and know jack shit because there is just too much to learn. I just started using it (1998ish) to make cool looking UIs. Its been my daily driver for 15 years now.

You will never learn it all. Over time you may become more familiar with the terminal or you may not. Doesn’t matter. You do you.

Its pretty easy to test drive. Grab a distros “Live CD” version, put in on a thumb drive, reboot and play around. This wont be persistent. When you’re ready, install it on an external SSD. Play around some more now that your edits will be persistent. You’ll mess up. Take notes. Start again once you’ve hosed your system.

The original used XI where it was 9 or 11 depending on the side.

edit: Nope I was wrong. That post links this one, lol.

https://infosec.pub/post/19153879

For our lower environments we use rsync like the author but skip the pipeline altogether. The servers have a watch script to restart when files are rsynced. We then have a local watch script that rsyncs on file changes.

Relatively instant deploy (2-5s) whenever a file is saved.