I would still like to understand why Jami is never mentioned in these posts. I’m not aware of any technical or security objections, and the less I hear about Jami, the more concerned I become about using it.

Devonian all the way, baby. Gimme some deep-fried, breaded dunkleosteus!

This is really good to hear. As someone who hasn’t used Windows since 2004, it’s easy to lose perspective of how daunting a self-switch can feel.

I’m glad to hear your experience is going well. I know you’re experiencing many little annoyances and things which seem harder than they should be, but are not focusing on those. It’s always good to hear the perspective from a new user!

OnlyOffice is a Russian company. Some people might care about the latter part.

The connection between OnlyOffice and Russia has caused some controversy. The company has moved headquarters and attempted to hide its Russian ties through shell companies. The company develops its product in Russia and presents itself in the Russian market as a Russian company. For this reason some Ukrainian businesses have moved away from OnlyOffice.

Wikipedia has more info (with references) for the curious.

Salem’s Lot.

It was forbidden, but on TV, so I’d flip channels to watch it in 30 second clips. It was far more terrifying that way, as I found out later in life; watched all the way through, it was a fairly mediocre film.

Don’t Orca prey on polar bears?

Yeah, the whole “taking your business elsewhere” is bullshit in the modern world. It might work in a town without internet that has 3 barbers; sure, you take your little protest purchase to another barber maybe it has an impact.

But I’ve lived in a neighborhood for 6 years where my internet connectivity choices have been Comcast, or DSL. That’s not a choice. When the only competitor is equivalent to no service, it’s not competition; it’s a monopoly.

I’m not talking about your application at all; I was responding to @chrash0’s comment that JSON may not be great, but it’s better than YAML, and TOML is better than both, for configuration.

I was agreeing with them and adding more reasons why YAML stinks.

Nothing at all directly to do with your project, just having a convo with @chrash0.

You also don’t get runtime errors with TOML when an invisible tab turns out to be invisible spaces.

I gave my dad one of my spare laptops four years ago; it had never had Windows on it (being from the halcyon days when Dell sold laptops with linux pre-installed), so I put Mint on it for him.

Early this year he called and said one of the keys stopped working so he’d bought a newer, used laptop and could I help him put Linux on it, because that’s what he was used to. Over the phone, I helped him download and burn a new Mint image from his ancient desktop, and verbally walked him through switching the bios to boot from the USB, and through the Mint install menus.

Since then, he’s called me once for technical support for getting his printer connected.

Dad’s in his 80’s and was a cop with an associate’s degree; he’s never claimed to be a brainiac. That is what convinced me Linux is ready for anyone, but that the choice of distribution is important. I think dad never upgrades or installs new software, but that’s OK. I have to update and reboot every week because I’m stupidly loyal to Arch.

I’m sorry that your mom had a bad experience; that’s super frustrating.

The Remarkable 2 is fantastic. You can ssh into it, and scp from it. There are some filesystem layout quirks, but it’s good. Peerless writing experience. Great battery. Plenty storage. Large screen. No backlight, sadly. Good for

• taking notes
• reading & annotating PDFs
• reading technical books, with illustrations and diagrams
• reading graphic novels

Not so good for reading for pleasure, like fiction. It’s too big. It’s best for active reading and writing.

I have a Kobo Aura H2O for recreational reading and travel. Massive memory and an SD expansion slot. Backlight. Pretty indestructible, I read it in the jacuzzi.

虇

UTF-8 codepoint 8674

When I lost my job, someone I knew at the C level in a different industry put me in touch with a guy closer to my field. After we introduced ourselves he said,

“After hearing X describe you, I was expecting a deep bass voice.”

The conversation faltered after that.

Yeah, yeah, you can write the guy off for being superficial, but I’m the guy who needed the favor, and all the help I could get.

First impressions matter. I’d absolutely have used a voice alteration tool to make my voice deeper on interviews; people respond differently to bass.

This is why I don’t interact with family or friends. My mom doesn’t know my email address.

Practice enough and you can unlock that achievement!

No solution I’ve found, but I’ve been working on this myself. As I see it, there are two situations, and four categories of data:

I. My wife survives me II. We both die, e.g. in a car

• Digital media
• Financial accounts
• Subscriptions
• Physical possessions

I’ve been thinking about getting an M-Disk writer for media, because ultimately, backing up to B2 is fine until I’m gone. Family members will need physical media for the photos and stuff.

For secrets, I’m planning using SSSS. Keys will be given to members on each side of my wife’s and my families. If we both die, they’ll have to get together, put their keys together, and decrypt the KeePass DB.

The online accounts are almost all financial; those are in a KeePass DB. My wife already has access to all of that through power is attorney, and if we both go, it’s SSSS for the family.

The third data category are accounts and services that will be to be stopped. I don’t subscribe to much, but the VPS provider and B2 will have to be terminated, and a document with instructions and with the credentials is in the SSSS archive.

The final category are assets: home, mortgage info, where and what the M-Disks are, a copy of the will that deals with all of the valuables, and any notes about anything not covered in the will. That’s in documents in the SSSS archive.

I still have to put the archive together. I’ve been working toward a state where all of the secrets are in a cryptfs that’s shared on the LAN and automatically encrypted with SSSS and synced to a share. Once I have that automated, I’ll communicate out the SSSS keys and a how-to document.

In some ways, it was easier when you just died and your kids fought over the china. But I have a plan.

A good one is one called “Excel”. You make up numbers and put them in boxes, with the goal of getting “impression” points. The fancier your graphs, the more points you get. You can build up your points to get “promotions”. The best feature of this game is that your points can make you IRL money!

Some people find the game boring, but I think that’s only because they’re not creative enough with making up numbers, and get bogged down in “truth” and “accuracy.”

Ok, I went and read some more about it, and you can manage keys with the kernel user session keyring. So it’s possible.

It brought me back around to why systemd is so shitty.

Session Keyring (Rejected)

This strategy involves placing all keys for fscrypt in KEY_SPEC_SESSION_KEYRING. Using the current session keyring means that fscrypt will not need elevated privileges to place keys in this keyring, eliminating the need for a setuid binary. It also means that if something like pam_keyinit is used, the keys will be inherited across things like sudo.

However, this strategy has a few significant downsides that led to it not being used. The first issue is that keys unlocked in one session for a user are (sometimes) not accessible to the user in other sessions. This can create confusion for users unable to access certain directories. However, the bigger problem is that systemd is incompatible with use of the system keyring. The systemd maintainers are of the reasonable position that the session keyring just shouldn’t be used.

fscrypt

Emphasis mine. Because the user session keyring is incompatible with systemd, the Poetterites say it shouldn’t be used.

The only way to handle keys securely Ok base Linux shouldn’t be used because it’s incompatible with systemd. What a way to see the world: so convinced in the superiority of your monolithic monster system that you argue against an immediately available way of improving security.

It’s incompatible, by the way, because systemd doesn’t run user jobs in the user’s session, but in parallel sessions. This means that, if you use systemd, you can’t use the most secure way of handling secrets with fscrypt, the kernel user session keyring.

I watch YouTube with FreeTube on the desktop, and Tubular on mobile. Both are always over VPN, and anonymous (not logged in).

I haven’t logged into YouTube in literal years.

Is it possible to configure the kernel to allow access to decrypted contend only through the user session?

Theoretically, kernel keys can be set to be readable only by the user session, and in an uncompromised root is not able to read those keys. I can imagine a filesystem encryption design that uses a user session key to en/decrypt data on the fly using a user session key, such that not even root or a process in another user session could read the mounted filesystem.

Does such a system exist? As I understand, this is not the way dm-crypt or LUKS work. FDE and TPM are still vulnerable to hacking while everything is running, unlocked, and mounted.