data1701d (He/Him)

“Life forms. You precious little lifeforms. You tiny little lifeforms. Where are you?”

- Lt. Cmdr Data, Star Trek: Generations

  • 75 Posts
  • 629 Comments
Joined 1 year ago
cake
Cake day: March 7th, 2024

help-circle

  • Vulnerabilities certainly do exist, but I’m pretty sure the attacker has to be well-equipped

    I’d call it a protection against data getting cracked in a petty theft, but if your attack vector is much more than that, there are other measures you should probably take. I think Clevis also works with Yubikeys and similar, meaning the system won’t decrypt without it plugged in.

    Heck, I think I know someone who just keeps their boot partition with the keys on it on a flash drive and hide it on their person.



  • I use Clevis to auto-unlock my encrypted root partition with my TPM; this means when my boot partition is updated (E.G a kernel update), I have to update the PCR register values in my TPM. I do it with my little script /usr/bin/update_pcr:

    #!/bin/bash
    clevis luks regen -d /dev/nvme1n1p3 -s 1 tpm2
    

    I run it with sudo and this handles it for me. The only issue is I can’t regenerate the binding immediately after the update; I have to reboot, manually enter my password to decrypt the drive, and then do it.

    Now, if I were really fancy and could get it to correctly update the TPM binding immediately after the update, I would have something like an apt package shim with a hook that does it seamlessly. Honestly, I’m surprised that distributions haven’t developed robust support for this; the technology is clearly available (I’m using it), but no one seems to have made a user-friendly way for the common user to have TPM encryption in the installer.


  • I’m pretty sure by default, virtual networks are not enabled automatically if you’re not using virt-manager GUI.

    To make it run automatically, run the following: virsh net-autostart default

    If it’s not that, just to make it easier to find information, what’s your host distro? I’m guessing by mention of Kickstart files that it’s something Red Hat related, possibly Rocky 9 based on your choice of guest.


  • Weird. It must be that my taste is very indie/alternative. You can always also check if the artist has their own shop.

    That’s how Jonathan Coulton does it. They Might Be Giants does it as well (in addition to a Bandcamp), but most of their stuff from 1990-1996 is stuck on their former label, so they can’t sell DRM-free audio, only vinyl and/or cassette.








  • Is this xfce-winxp-tc? I ‘ve played with it before and it’s awesome.

    However, I don’t use it because while the XP start menu replica is cool, I need a Win7-style search bar, and Whiskermenu sticks pit like a sore thumb here.

    I think a 7 replica would be awesome, but I think some parts of Aero can only truly be replicated with a new WM and DE, such as the color changes in the taskbar for different applications. Many themes just fall short - proportions and effects are slightly off and such.






  • Discord also has an app from Linux - you can get it as a Flatpak (an official one) or as a native package, although they don’t provide a repo for native packages and expect you to manually download a package file every time there is an update.

    For the native packages issue, someone created an apt repo on Github, and if you look in the CI routine, you can tell they’re using the official Discord packages and not modifying them.

    Honestly, I should probably be sandboxing it more.

    It’s annoying to use a proprietary service, but the This Might Be a Wiki community is rather enjoyable.