kravietz 🦇 @kravietz@social.privacytools.io

@sheogorath But will Grub password protect from evil maid attacks such as this one? https://github.com/nyxxxie/de-LUKS

Because the main problem is that in Ubuntu the bootloader is loaded from an unencrypted partition, which can be modified off-line...

3) When there's choice between .deb and Snap/Flatpak version available (there is for Firefox, Brave and many other popular programs) always go for Snap/Flatpak version as it runs in a much more effective sandbox.

This doesn't come completely free either because with Snaps your profile file move to the sandbox but it's quite a simple operation.

2) Always run the latest available Linux distro - so in case of Ubuntu go for 19.10 - and always have all updates installed.

My answers in random order:

1) Make sure you have Secure Boot enabled in BIOS, and BIOS password set.

That's pretty much all you can do to prevent backdooring & keysniffing of your bootloader today when someone covertly gets physical acces to your laptop.

If this is a viable threat, go for QubesOS, but be aware of its limitations (e.g. inability to access GPU by the operating system, so no games or 3D graphics)

Just had an interesting question from a colleague who has a #linux notebook and works remotely from random places:

> I've got full-disk #encryption (FDE), what else I can do for #security ?

One reason why #CloudFlare's 1.1.1.1 resolver is so fast is that it seems to be making a tradeoff between speed and freshness of responses. Specifically it seems to cache RRs for as long as allowed, while other public resolvers will recheck much earlier. #dns

@mhamzahkhan Ok, I get it - I've eventually started using it on like 3rd attempt or so, but now can't live without it :)

@mhamzahkhan Have you tried Regolith?

LOL a nice list of names preferred by weirdos from different countries, for example "1000-jaehriges-reich", whose registration is blocked in .eu https://eurid.eu/en/register-a-eu-domain/rules-for-eu-domains/list-blocked-names/

At "Internet Consolidation: What Lies Beneath the Application Layer?" panel in Chatham House in London.

Starts with the question about .org sale...

@shibaprasad That works :)

#Ansible role to install, configure and manage zones using #Yadifa, a #DNSSEC enabled authoritative-only #DNS nameserver https://bitbucket.org/kravietz/ansible-yadifa/src/master/

" EU unveils €3bn research fund to develop batteries

Seven member states to invest in the project which is set to run until 2031" #renewable

https://amp.ft.com/content/53a92e68-1a6b-11ea-9186-7348c2f183af

@shibaprasad well, power *is* part of equation :)

@shibaprasad Except for 2