If you do, then also choose full-disk encryption. It doesn’t make sense to close a small hole only to leave the big one gaping wide open. And yet on Linux FDE is mostly off by default, even in today’s era of encryption, even on laptops. Personally I don’t understand it.

Once you’re encrypted, then Secure Boot (if you even have the option of it) mitigates against the “evil maid attack”. To get access to your encrypted computer, the attacker will need physical access to it twice: first to swap out the bootloader, then to harvest the password you unsuspectingly passed to their freshly installed malware.

For most targets (i.e. you, probably), this would all be far too much trouble. But technically it closes a loophole: it means that you can go to Russia as a spy or a journalist and not have to carry your laptop on your person at all times.

In 20 years of using Linux my partition scheme has always been to say yes to whatever the OS suggests.

Desktop environment? Who needs a desktop environment?

You never define “clean”.

To strip excess URL parameters (i.e. beginning “&”, almost certainly junk) if the clipboard buffer contains a URL and only a URL (Wayland only):

if url=$(printf '%s' "$(wl-paste --no-newline | awk '$1=$1' ORS=' ')" | egrep -o 'https?://[^ ]+') ; then
  wl-copy "${url%%\&*}"
fi

Translation for those not completely up to speed with the stakes of all this?

Yep, I use trash-put, and trash-empty with a 30-day timeout. But no bit-scrubbing needed because the partition is encrypted.

Photorec, on the other hand, was truly a gift from the cosmos

Can confirm. Over the years I’ve had recourse to this little tool several times and always found to to be almost disturbingly effective.

To explain why AMD is fine: Linux doesn’t care about the brand, it just needs a chip that uses the x86 instruction set. This was Intel’s invention and AMD occupies the niche of Intel’s competitor. Intel is Coke, AMD is Pepsi, basically.

Several years ago I came to the conclusion that, for the kind of device models that I personally use (i.e. cheap ones), rooting has now become too complicated and dangerous (if not impossible) and that it’s better simply to move my computing back to the desktop while waiting for a more open and free mobile platform to emerge.

This question does not belong here.

PS: yes, you all disagree, but how many of you other than OP were actually interested in the answer to this ultra-niche support question which concerns a single utility that you probably don’t even use? There needs to be another community for these questions.

Small-time dictators, shorely.

An almost exact question was asked here about 3 days ago, maybe begin there.

Almost any Windows machine with an Intel sticker on it will work so it really depends on your priorities:

• ethics - buy from a Linux specialist like Tuxedo to avoid paying Microsoft
• safety (no surprises) - buy whatever your big-box retailer is selling at your budget
• bang for buck - buy a Lenovo ThinkPad second-hand

Good job. But don’t worry if you have to look up answers. I’ve been at this for 20 years and I still have to look up and double-check basic syntax like the classic find -exec one. No big deal if only takes a couple of seconds.

This is definitely the sort of thing that LLM AI tools can help with, in theory.

Use dark mode at night and you won’t need Redshift any more. It’s only relevant for white screens.

PS: This IS in fact the optimal solution - if not for you then for others. I used Redshift for years, suffering its periodic breakages, babysitting the timezone issue, and it was worth it, because a retina-searing reddish-white screen is better than a retina-searing whitish-white screen. But a dark screen is SO much better for my eyes than either of those. I can’t believe I waited so many years to do that and I’m never going back.

While this analysis is somewhat convincing, let’s not forget that for now Firefox is all we have. Important not to throw the baby out with the bathwater.

In my ideal scenario, Mozilla becomes like the Wikimedia Foundation. Which has somehow also accumulated “Scrooge McDuck amounts” of cash but seems to be on a firmer footing and better managed.

If that’s the only reason, it’s not a great one. You could solve it by storing the password with your important documents.

is it’s usually not a one-click process

It is, these days. Ubuntu and Fedora, for example. But you still have to select it or it won’t happen. PopOS, being explicitly designed for laptops, has it by default.

If the government gets my drives I assume they’ll crack it in no time.

Depends on your passphrase. If you follow best practice and go with, say, a 25-character passphrase made up of obscure dictionary words, then no, even a state will not be cracking it quickly at all.

If a hacker gets into my PC or a virus I’m assuming it will run while the drive is in an unencrypted state anyway.

Exactly. This is the weak link of disk encryption. You usually need to turn off the machine, i.e. lose the key from memory, in order to get the full benefits. A couple of consolations: (1) In an emergency, you at least have the option of locking it down; just turn it off - even a hard shutdown will do. (2) As you say, only a sophisticated attacker, like the police, will have the skills to break open your screenlocked machine while avoiding any shutdown or reboot.

Another, less obvious, reason for encrypting: it means you can sell the drive, or laptop, without having to wipe it. Encrypted data is inaccessible, by definition.

Encryption of personal data should be the default everywhere. Period.

Absolutely. LUKS full disk encryption. Comes as an opt-in checkbox on Ubuntu, for example.

And I too cannot understand why this is not opt-out rather than opt-in. Apparently we’ve decided that only normies on corporate spyware OSs need security, and we don’t.

Misinformation. OP is advocating that you shoot yourself in the foot.

The CEO said something silly on Twitter which revealed either that (a) he shares an exceedingly banal opinion with literally half of America or (b) he’s not above a bit of preemptive sycophancy to advance his (positive) anti-trust agenda.

There’s nothing particularly scandalous in the offending tweet:

• Implying that the Democrats are now “the party of big business” is arguably true (and very boring)
• Implying that the Republicans now “stand for the little guys” is dumb but also arguably true, unfortunately - the working classes swung to Trump in the recent election while the Democrats are fast becoming a party of high-earning elites (which is why they lost)
• Saying that the antitrust actions began under Trump I is, well, true

Proton is not owned Zuck-like by its CEO. It’s controlled by a foundation with other stakeholders on the board, including the inventor of the Web himself. In its niche it is still by far the best option. Ditching it for a nebulous non-existent alternative because the CEO expressed a dumb and extremely commonplace opinion is just silly and self-defeating.

PS: to be clear, OP is peddling misinformation because it’s not true that “Proton took the stance” of anything. It’s the personal opinion of the CEO that’s at issue. It’s a major distinction. I find it disappointing that people interested in privacy would have such little respect for a private individual’s right to have their own thoughts.

PPS: to be extra clear, my comments are about the post above, not stuff that people are reading elsewhere. But the substance stands. See discussion for detail.

Interesting, thanks. Had not considered that second point.