• 120 Posts
  • 104 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle

















  • After this and the few hiccups I’ve had with Bitwarden on Linux (official snap in part still relies on Ubuntu 18.04 libraries and still defaults to X11, not great for security focused app), I’ve decided to give Proton a shot. Went for 2 year unlimited plan, so I hope they don’t do anything stupid in that time.

    That being said, I’m not hating on Bitwarden. Based on what one of the developers said, this seems to be an oversight from their side that they should hopefully address. This is just my excuse to try out the Proton suite based on their strong focus on privacy and security, albeit with a hefty cost (and somewhat scummy strategy of listing prices as monthly but are actually paid annually, and choosing the actually monthly options are much more expensive).

















  • Yes, it’s something you write yourself. Bash is the language you use when you use the terminal. A bash script is just many lines of bash commands.

    A bash script could be as simple as

    dnf install package1 package2 package3
    dnf remove package4 package5 package6
    

    This script automates installing some packages and removing some packages. The bash script I use does a lot more, such as running commands to configure Gnome how I like it.

    If you’re not comfortable with the terminal, I would definitely recommend staying away from NixOS. To declaratively/reproducibly set up the system, it uses a language called Nix that is a fair bit more complicated than bash. It’s also just very different from traditional Linux systems like Fedora or Ubuntu.


  • Personally, I use Fedora Silverblue and use bash scripts for reproducibility. To set up a new system, all I need to to is install, reboot, run my bash script, reboot, and my system is 90% configured. With bash scripts, I am able to reproduce more of my system than I could when I used NixOS.

    A lot of people recommend Nix, but the thing about Nix is that you’re only declaring how the system is configured. Not your home folder. You need to rely on third party tools for that.

    Bash scripts can configure system and home folder. They can also be used on any distro, whereas a Nix configuration file only works on NixOS.

    Though the worst part about any new install is just signing back into everything, especially an annoyance when you have proper 2FA setup. Bash scripts or Nix can’t solve that unless you migrate data over.






  • For Secure Boot, the kernel is “signed” with a key. During boot up, Secure Boot checks to make sure that key is valid. Most kernels are signed with Microsoft’s key that is preloaded on basically every system. However, not all kernels can be signed with Microsoft’s key; if you install a proprietary driver (which you likely selected to during the setup), to continue using secure boot you need to sign the kernel using your own key.

    That’s what MOK management is for. You are adding your own key to your system to use for Secure Boot.

    Personally, I just disable Secure Boot. While it does have some security benefits, it’s not worth the headache IMO.