👋 right on! I actually also have used containers as a key to my security layout before, but yeah you miss out on all the benefits of portage.

I was doing something crazy and actually running Gentoo inside each one! It was very difficult to stay up-to-date. But I basically had my host as barebones as possible and used LibVirt containers for everything, attempting to make a few templates that I could keep updated and base other VMs on. I was able to keep this up for about two years then I had to relax (was my main PC). But it was really secure, and it does work.

The benefit of encapsulation is that you have a lot of freedom inside each container, like install a different distro if you need to. Also as long as they are isolated you don’t need to worry as much about their individual security. But it’s still good to. I ran SELinux on the host and non-SELinux (but hardened) in the guests.

SELinux has a lot of advantages over users/groups, but I think the latter can be just as secure if you know what you’re doing. For example with SELinux you can prevent certain applications from accessing the network, or restrict access to certain ports, etc. It’s also useful for desktop environments where a lot of GUI apps run under one user- e.g. neither my main user nor any other program can access my keepassxc directory, only the keepassxc process (and root) can (even though the application is running under my main user). You can also restrict root quite a bit, especially if you compile in the option to prevent disabling SELinux at boot (I need to recompile my kernel to disable it).

But again while it is fun to learn, it is quite a pain and I’ve relaxed the setup on my new computer to use a different user for everything (including gui apps), which I think is secure enough for me. But this style relies on my ability to adhere to it, whereas with SELinux you can set it up to where you’re forced to

Like others have mentioned, SELinux could be a great addition. It can be a massive pain, but it’s really effective at locking things down (if configured properly).

However, the difficulty will depend on the distro. I use it with Gentoo, which has plenty of support/docs for it and provides policies for many packages. Although (when running strict policy types) I usually end up needing to adjust them or write my own.

Obviously Red Hat would be another good choice, but I haven’t tried it. Fedora also has good support, but I’ve only ever used the OOTB targeted policies.

That said, I’ve started relying on users/groups more often lately, since it really gets in the way of everything.

I learned by watching a bunch of cppcon videos, reading cppreference, and writing a lot of programs. Learning how to understand the error messages is also really important

Ah true! Thanks, yeah that’s a better way to do that. It seems I’ve developed a bad habit of going into visual more often than I need to- will keep an eye out for that

As a Vim/NeoVim user my number one reason is speed. There’s a pretty steep learning curve, but it doesn’t take long to see noticeable improvements.

Aside from terminal applications generally running faster than GUI ones, there is a tremendous amount of flexibility that it offers when it comes to actual text editing. For example, you learn how to type things like _f(vi(cfoo _f(ci(foo^† which goes to the beginning of the line, finds the first open parens, selects everything inside of the parens expression, then replaces that text with “foo”. After a while these kinds of inputs become second nature, and you can start using them to construct macros on the fly that can be applied to different places in your code.

One major downside is that it can take some configuration to get working the way you want it, especially if you want an IDE-like environment. NeoVim comes with a built-in LSP interface, which I’ve been able to get working pretty well for all of the languages that I use the most, but it’s still kind of a pain to configure.

I’m sure Emacs is similar, but I’ve never used it. I don’t think many people use Nano unless they need to edit something in a terminal but don’t know how to use Vim. On that note, being comfortable with a terminal editor means that you’ll have no problem if you’re SSH-ing into a server or using the TTY console.

^† _f(ci(foo avoids an unnecessary mode change, see comment below

No problem! And yeah, it’s good to see people talking about it over here. I think it’s the best tool for online privacy OOTB (depending on your threat model), and it gets better the more people use it.

The difference is that your ISP doesn’t know where your packets are headed, and the destination doesn’t know where your packets came from. The ISP sees you connect to the entrance node and the destination sees you connect from the exit node, and it’s very difficult for anyone to trace the connection back to you (unless they own both the entrance and exit and use traffic coorelation or some other exploit/fingerprint). Regardless, both parties are generally able to tell that you are using TOR if they reference lists of known entrance/exit nodes. Also the anti-fingerprinting measures taken by TB are a bit more strict than other privacy-focused browsers

It’s great for anything low bandwidth that isn’t tied to your identity, and helps for peace of mind, despite its issues. You do run into captcha or DDOS protection issues occasionally, but the new tor circuit for this site button sometimes works. Also it uses letterboxing to prevent resolution-based fingerprinting, which isn’t very pretty, but leaving it at its default size (or locking the size using the WM) works well and is good for privacy.

fl0w.cc- single user; the domain is meant to be part of my username :)

Thanks! This works pretty well for now, until a more integrated solution comes along. I made a slight modification, since the original script only works when you’re at the community level. This version redirects community URLs as before, but also redirects any non-matching URLs to the search form of your home instance. It seems to work pretty well for posts. Comments and user profiles have some issues- searching comments works as long as the user is commenting on their own instance, and searching profiles works as long as the user is registered with that instance.

Edit: It actually does seem to work well for comments; I was using the B/W chain link icon rather than the multicolored fedilink icon. Also, I added another regex to fix profiles, so this should now work with anything that is searchable from your instance.

javascript:((inst = "lemmy.world") => { const l = location; const m = l.href.match(/(?:.*)\/c\/(.*(?=\/)|.*$)/i); if (m) { l.href = `https://${inst}/c/${m[1]}@${l.host.toString()}`; } else if (l.host !== inst) { const m = l.href.match(/(?:.*)\/u\/([^@]*(?=\/)|[^@]*$)/i); if (m) { l.href = `https://${inst}/u/${m[1]}@${l.host.toString()}`; } else { const q = new URLSearchParams(); const m = l.href.match(/(?:.*)\/u\/([^@]+)@(.+(?=\/)|.+$)/i); if (m) { q.append('q', `https://${m[2]}/u/${m[1]}`); } else { q.append('q', l.href); } l.href = `https://${inst}/search?${q.toString()}`; } } })()