@ctr1 - eviltoast
  • 0 Posts
  • 50 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle
  • ctr1@fl0w.cctoLinux@lemmy.mlBest App Launcher on Linux
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    I use fzf with a popup terminal:

    # example for i3
    bindsym $mod+Return exec --no-startup-id kitty -T _menu_ -e bash -c 'ls $HOME/.local/bin/ | fzf | xargs -r -I{} i3-msg -t command exec $HOME/.local/bin/{}'
    for_window [title="_menu_"] floating enable
    for_window [title="_menu_"] resize set 600 800
    

    I like this approach because it’s simple and configurable. I prefer to see only the symlinks/scripts that I put in my local bin folder, but it can easily be extended to support .desktop files, multiple folders, filtering, etc.


  • 👋 right on! I actually also have used containers as a key to my security layout before, but yeah you miss out on all the benefits of portage.

    I was doing something crazy and actually running Gentoo inside each one! It was very difficult to stay up-to-date. But I basically had my host as barebones as possible and used LibVirt containers for everything, attempting to make a few templates that I could keep updated and base other VMs on. I was able to keep this up for about two years then I had to relax (was my main PC). But it was really secure, and it does work.

    The benefit of encapsulation is that you have a lot of freedom inside each container, like install a different distro if you need to. Also as long as they are isolated you don’t need to worry as much about their individual security. But it’s still good to. I ran SELinux on the host and non-SELinux (but hardened) in the guests.

    SELinux has a lot of advantages over users/groups, but I think the latter can be just as secure if you know what you’re doing. For example with SELinux you can prevent certain applications from accessing the network, or restrict access to certain ports, etc. It’s also useful for desktop environments where a lot of GUI apps run under one user- e.g. neither my main user nor any other program can access my keepassxc directory, only the keepassxc process (and root) can (even though the application is running under my main user). You can also restrict root quite a bit, especially if you compile in the option to prevent disabling SELinux at boot (I need to recompile my kernel to disable it).

    But again while it is fun to learn, it is quite a pain and I’ve relaxed the setup on my new computer to use a different user for everything (including gui apps), which I think is secure enough for me. But this style relies on my ability to adhere to it, whereas with SELinux you can set it up to where you’re forced to


  • Like others have mentioned, SELinux could be a great addition. It can be a massive pain, but it’s really effective at locking things down (if configured properly).

    However, the difficulty will depend on the distro. I use it with Gentoo, which has plenty of support/docs for it and provides policies for many packages. Although (when running strict policy types) I usually end up needing to adjust them or write my own.

    Obviously Red Hat would be another good choice, but I haven’t tried it. Fedora also has good support, but I’ve only ever used the OOTB targeted policies.

    That said, I’ve started relying on users/groups more often lately, since it really gets in the way of everything.


  • I have this device and use it to store my keepassxc and onlykey backups, and it’s useful to me because I’ve stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).

    It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.

    I’ve had to rely on it before but only because I didn’t prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it’s worked great for me.




  • ctr1@fl0w.cctoLinux@lemmy.mlIs anyone using awk?
    link
    fedilink
    English
    arrow-up
    10
    ·
    11 months ago

    Yes! Awk is great, I use it all the time for text processing problems that are beyond the scope of normal filters but aren’t worth writing a whole program for. It’s pretty versatile, and you can split expressions up and chain them together when they get too complicated. Try piping the output into sh sometime. It can be messy though and my awk programs tend to be write-only



  • ctr1@fl0w.cctolinuxmemes@lemmy.worldOh no ...
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Nice, sounds pretty cool. FZF is great, I need to try out some new things with it. Never got into snippets but I’m sure that speeds things up considerably, will think about it.

    Yeah separate config files is probably the best approach if you have a lot of things configured. I haven’t done that yet, but might try soon. My config has generally been pretty simple, mostly bindings and plugin settings. But I started developing in the TTY and had to shoehorn-in a conditional theme and such to get it to work properly, leaving it pretty unorganized.

    | I can never leave vim. It has taken over the pathways in my brain.

    Haha, yeah



  • ctr1@fl0w.cctolinuxmemes@lemmy.worldOh no ...
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    For a while I would have agreed, and I used sway for years. But recently I switched back to i3 (i3-rounded) due to display issues with my AMD GPU. I started doing most of my development in the TTY, and found that switching from TTY to Wayland takes half a second and can sometimes break my GPU (until I switch between TTY and display a few times). With X11 it’s instant and without issue ¯\_(ツ)_/¯. Hoping that gets fixed down the road, or that it’s specific to my GPU.


  • ctr1@fl0w.cctolinuxmemes@lemmy.worldOh no ...
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    This is always the first thing I get set up:

    # focus next available workspace on this output

    bindsym $mod+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && i3-msg workspace $(($ws-$ofs))

    bindsym $mod+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && i3-msg workspace $(($ws+$ofs))

    # move window to next available workspace on this output

    bindsym $mod+Shift+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && dest=$(($ws-$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest

    bindsym $mod+Shift+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq ‘.[] | select(.focused) | .num’) && ofs=$(i3-msg -t get_outputs | jq ‘map(select(.active)) | length’) && dest=$(($ws+$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest

    Works with sway if you replace i3-msg with swaymsg (and remove --no-startup-id, since it’s not needed for Wayland).

    Edit: ampersand issues, trying quote instead of code block


  • I usually use Awk to do the heavy lifting within my Bash scripts (e.g. arg parsing, filtering, stream transformation), or I’ll embed a Node.JS script for anything more advanced. In some cases, I’ll use eval to process generated bash syntax, or I’ll pipe into sh (which can be a good way to set up multiprocessing). I’ve also wanted to try zx, but I generally just stick to inlining since it saves a dependency.





  • ctr1@fl0w.cctoPrivacy@lemmy.mlgraphenos
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    1 year ago

    I’ve been using it for years and I think it’s great. Currently on a 6 Pro. It’s true that some apps don’t work without Google Play services, but GrapheneOS has the option to install the google stuff in a sandbox, so you shouldn’t run into any issues if you do that. Personally, I don’t use Play services unless I need to, and use Aurora store for any apps that aren’t on F-Droid.

    In any case, you can always revert to stock or try another OS

    Edit: as faede has pointed out, it appears that Google Wallet has issues. Also, the usage docs mention issues with banking apps in general, so that’s something to consider


  • If you’re willing to spend the time to learn how to write custom policies, SELinux can be used for this, to some extent. It’s highly customizable and can sandbox your apps, but the process of doing so is quite complicated. I wrote a small guide on custom policy management on Gentoo in another comment if you’re interested.

    There’s also apparently a “sandbox” feature, but I don’t know much about it. I just write my own policies and make them as strict as possible.

    As an example, my web browser can’t access my home directory or anything except its own directories, and nobody (including my own user), except root and a few select processes (gpg, gpg-agent, git, pass) can access my gnupg directory.

    This only covers security/permissions, and doesn’t include many of the other benefits of containerization or isolation. You could also try KVM with libvirt and Gentoo VMs; that works pretty well (despite update times) and I did that for a while with some success.