Looks fantastic but how much are apps sandboxed? I don’t want WhatsApp to see all my files for example.
Looks fantastic but how much are apps sandboxed? I don’t want WhatsApp to see all my files for example.
And blocks Tor.
to test if it’s Firefox’ fault
Firefox follows web standards the most, but because most people use Chromium-based browsers web developers make websites for Chrome instead for the web.
IMO it’s the best (desktop) Chromium-based browser. Which means it’s a bad browser but there are a lot of worse options.
If you don’t have hardware encryption you can use --cipher xchacha20,aes-adiantum
option when running cryptsetup
to make it way faster than standard aes cipher in software.
I don’t believe one can run Linux on it.
Someone will prove you wrong. Not me. But someone will.
Great! Exactly on time for the next release of Debian :)
I was interested in technology and programming and my mom recommended me to check out a raspberry pi. Her friend’s son has one. So my first comouter was a raspberry pi with RaspbianOS when I got my first PC it seemd normal to install something that I was using for the last year and its free. So I installed Pop!_Os, a year later Fedora and a half year later Arch. I’ve been using Arch for more than 2 years now.
I’m using Arch because you start with nothing and you can make any system you want. I have disk encryption, btrfs as a filesystem, secure boot with my own custom keys, I’m running self-build kernel, I’m using apparmor and I can use any program from AUR, etc. Thats my personality. Things that you can’t see but are important to me.
On other distros some of these things would be very hard to do. Especially without Arch Wiki.
Yes but you have to do that for each service if I understand correctly.
I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don’t have a central service like docker. And watchtower and nextcloud AIO don’t work on Podman. So I switched back to docker.
Then atleast fake it until you make it!
No problem ;)
That was really hard to do. I created a note for myself and I will also publish it on my website. You can also decrypt the sd using fido2 hardware key (I have a nitrokey). If you don’t need that just skip steps that are for fido2.
The note:
Download the image.
Format SD card to new DOS table:
As root:
xz -d 2023-12-11-raspios-bookworm-arm64-lite.img.xz
losetup -fP 2023-12-11-raspios-bookworm-arm64-lite.img
dd if=/dev/loop0p1 of=/dev/mmcblk0p1 bs=1M
cryptsetup luksFormat --type=luks2 --cipher=xchacha20,aes-adiantum-plain64 /dev/mmcblk0p2
systemd-cryptenroll --fido2-device=auto /dev/mmcblk0p2
cryptsetup open /dev/mmcblk0p2 root
dd if=/dev/loop0p2 of=/dev/mapper/root bs=1M
e2fsck -f /dev/mapper/root
resize2fs -f /dev/mapper/root
mount /dev/mapper/root /mnt
mount /dev/mmcblk0p1 /mnt/boot/firmware
arch-chroot /mnt
In chroot:
apt update && apt full-upgrade -y && apt autoremove -y && apt install cryptsetup-initramfs fido2-tools jq debhelper git vim -y
git clone https://github.com/bertogg/fido2luks && cd fido2luks
fakeroot debian/rules binary && sudo apt install ../fido2luks*.deb
cd .. && rm -rf fido2luks*
Edit /etc/crypttab
:
root /dev/mmcblk0p2 none luks,keyscript=/lib/fido2luks/keyscript.sh
Edit /etc/fstab
:
/dev/mmcblk0p1 /boot/firmware vfat defaults 0 2
/dev/mapper/root / ext4 defaults,noatime 0 1
Change root
to /dev/mapper/root
and add cryptdevice=/dev/mmcblk0p2:root
to /boot/firmware/cmdline.txt
.
PATH="$PATH:/sbin"
update-initramfs -u
Exit chroot and finish!
umount -R /mnt
On my main profile on GrapheneOS there are 7 closed source apps and 1 self build technically closed source (for now) all out of total 71 apps.
7 out of 705 installed packages are non-free packages on my RPi server.
On my Raspberry Pi 4 4gb with encrypted sd is:
Pi is overkill for this kind of job. Load average is only 0.7% and ram usage is only 400M
There are way more Chineese than Americans.
Actually you can already run minecraft PE on linuc for quite some years, so nothing new.