Ah nice! Thanks for the suggestion. Yeah --preview is a great feature that is good to remember.

And true, it’s better to use find -executable than ls. Although in my case I would use -type f -o -type l since I want to include symlinks (often I will cd into my local bin folder and ln -s $(which ) to add it to my launcher). I’m using ls since I only put executables in there and using relative file paths so that it’s nicer to look at. But cd or sed would work as well

Yeah the xargs + i3-msg part is a bit clunky but I’m not sure what else to do, since the terminal window needs to close immediately, which prevents the application from running. I tried a few variations with nohup and launching in the background, but haven’t found another solution. But I’m sure there’s a way

I use fzf with a popup terminal:

# example for i3
bindsym $mod+Return exec --no-startup-id kitty -T _menu_ -e bash -c 'ls $HOME/.local/bin/ | fzf | xargs -r -I{} i3-msg -t command exec $HOME/.local/bin/{}'
for_window [title="_menu_"] floating enable
for_window [title="_menu_"] resize set 600 800

I like this approach because it’s simple and configurable. I prefer to see only the symlinks/scripts that I put in my local bin folder, but it can easily be extended to support .desktop files, multiple folders, filtering, etc.

👋 right on! I actually also have used containers as a key to my security layout before, but yeah you miss out on all the benefits of portage.

I was doing something crazy and actually running Gentoo inside each one! It was very difficult to stay up-to-date. But I basically had my host as barebones as possible and used LibVirt containers for everything, attempting to make a few templates that I could keep updated and base other VMs on. I was able to keep this up for about two years then I had to relax (was my main PC). But it was really secure, and it does work.

The benefit of encapsulation is that you have a lot of freedom inside each container, like install a different distro if you need to. Also as long as they are isolated you don’t need to worry as much about their individual security. But it’s still good to. I ran SELinux on the host and non-SELinux (but hardened) in the guests.

SELinux has a lot of advantages over users/groups, but I think the latter can be just as secure if you know what you’re doing. For example with SELinux you can prevent certain applications from accessing the network, or restrict access to certain ports, etc. It’s also useful for desktop environments where a lot of GUI apps run under one user- e.g. neither my main user nor any other program can access my keepassxc directory, only the keepassxc process (and root) can (even though the application is running under my main user). You can also restrict root quite a bit, especially if you compile in the option to prevent disabling SELinux at boot (I need to recompile my kernel to disable it).

But again while it is fun to learn, it is quite a pain and I’ve relaxed the setup on my new computer to use a different user for everything (including gui apps), which I think is secure enough for me. But this style relies on my ability to adhere to it, whereas with SELinux you can set it up to where you’re forced to

Like others have mentioned, SELinux could be a great addition. It can be a massive pain, but it’s really effective at locking things down (if configured properly).

However, the difficulty will depend on the distro. I use it with Gentoo, which has plenty of support/docs for it and provides policies for many packages. Although (when running strict policy types) I usually end up needing to adjust them or write my own.

Obviously Red Hat would be another good choice, but I haven’t tried it. Fedora also has good support, but I’ve only ever used the OOTB targeted policies.

That said, I’ve started relying on users/groups more often lately, since it really gets in the way of everything.

I alternate between helix and vim depending on the task, and their key bindings are kind of opposite from each other in a lot of ways. I’ve found that switching back and forth has kept me on my toes a bit and I don’t feel as locked in to one editor as I did with vim before trying helix.

So I’m now stuck with my customized neovim, devoid of any hope of abandoning this strange addiction.

I would also try getting used to the defaults or a minimal config, which is also a good way to feel at home in the editor regardless of the system

If you want to mess around with scripting instead of an editor I would recommend Awk- it works great for CSV files and is really powerful. Usually you can use -F, to separate using commas, but for full CSV support (with potential quoted commas) you need to use something like -vFPAT='[^,]*|"[^"]*"' (which isn’t POSIX compliant but works with gawk)

I’m not sure how to paste directly into a pane, but you can copy by opening up the scrollback in EDITOR from search mode using Ctrl+S e. This creates a file in /tmp so I try to make sure to clear it when I’m done.

I usually only copy and paste between editor windows using a script that mimics xclip (automatically used by helix), and if I need to paste a command I either edit my bash history or write a script.

Great list. Customizing the font is definitely a priority. I recommend one of the Terminus fonts. Also zellij multiplexer + helix editor is a great combo that works well in the tty.

One thing to add is that it took me a while to create a decent 16-color theme for helix and vim, and while they’re okay by default you can actually get a pretty nice looking IDE if you spend some time tinkering with the colors

Maybe try programming? It’s incredibly exciting once you get the hang of it. It can be frustrating at times but it’s really rewarding. Since becoming my hobby/job its given me an endless source of things to do at home. Plus it can open up new career paths :)

For vegetables I throw everything into a big stew with a lot of different things (kale, broccoli, cauliflower, onion, potato, mushrooms, tofu, garlic, beans), lots of hot sauce, seasoning, olive oil, etc. and eat the same thing every day, for the most part. I don’t eat enough fruit but I do have a handful of dried fruit with oats every day

Haha yeah, nicely put. I do enjoy the content, mostly because I’ve been following these creators for some time, and it’s hard to find a replacement for it… there is a lot of great content there, but it makes me feel gross using it. And same, I had no problem finding an alternative for Reddit (this), probably because I was not very attached to individual creators there.

I’m hoping a decentralized solution gains traction, but in the meantime I’ve been trying to limit the amount of information I share with the platform. I’m not actively trying to restrict my usage (most of that was achieved when I stopped using an account), but maybe it’s a good idea to do so. I mostly use it when eating or going to sleep, and there are better ways to occupy that time.

Major bugs usually get fixed pretty quickly- I always check the GitHub to make sure I have the latest version when I have issues. And Invidious can work as an alternative most of the time, but some instances work better than others

I stopped using recommendations years ago and only use NewPipe and Invidious. I did notice a reduction in my watch time, but there is plenty to watch when using a subscription-only feed. I havent added very many channels to my list since then, but personalized recommendations aren’t worth the privacy cost. Hoping to leave the platform eventually

No problem! And yeah, it’s good to see people talking about it over here. I think it’s the best tool for online privacy OOTB (depending on your threat model), and it gets better the more people use it.

The difference is that your ISP doesn’t know where your packets are headed, and the destination doesn’t know where your packets came from. The ISP sees you connect to the entrance node and the destination sees you connect from the exit node, and it’s very difficult for anyone to trace the connection back to you (unless they own both the entrance and exit and use traffic coorelation or some other exploit/fingerprint). Regardless, both parties are generally able to tell that you are using TOR if they reference lists of known entrance/exit nodes. Also the anti-fingerprinting measures taken by TB are a bit more strict than other privacy-focused browsers

It’s great for anything low bandwidth that isn’t tied to your identity, and helps for peace of mind, despite its issues. You do run into captcha or DDOS protection issues occasionally, but the new tor circuit for this site button sometimes works. Also it uses letterboxing to prevent resolution-based fingerprinting, which isn’t very pretty, but leaving it at its default size (or locking the size using the WM) works well and is good for privacy.

An extension would be cool! I’m currently trying to do something similar, in some sense; I’ve patched my instance to filter out DB results from public queries so that only my posts and comments are visible (unless I am logged in).

The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine?

I believe it might be possible, but I’m not sure. It seems that the protocol itself is mostly geared for synchronizing data and distributing updates. From my limited understanding, servers follow users or communities on other servers, which inform those servers that updates should be sent to the requesting inbox. These updates are then used to build up a local copy of the remote page. In the case of a remote community, users interact with their local copy and notify the remote community of those changes.

For example, I am viewing a local copy of this post that I received from lemmy.ml, and my reply to your comment will be stored locally. My server will notify lemmy.ml of this comment (including its contents), and lemmy.ml will notify my inbox if anyone interacts with it (because I am a follower).

It seems that at least some of this syncing might not be necessary… a lightweight frontend could rely on the API of each site it connects with to build up the activities it sends. However, this would probably cause some unnecessary traffic, as such a follower would both receive updates and query the API. Also it would probably break some things, such as ap_id (see the multicolored fedilink icon, which points the original copy of the content on my instance).

fl0w.cc- single user; the domain is meant to be part of my username :)