user28282912

Ignore the idiot posting about this RAT.

If you want to secure your Linux system, use ClamAV, a local firewall like UFW or even opensnitch for a start. Also use your head when adding apps to your system. Stick to the official repos from your distro. Things like Arch’s AUR, random PPAs in Ubuntu and any random github project are going to be much riskier by their very nature so act accordingly.

If you need to risky stuff, do it a VM and network that guest into a private internal network that can only exit over a companion PFSense VM that is dual homed to the regular LAN and the private internal network. Take a snapshot of the risky guest before you use it in a session and when you are done, roll back to your clean snapshot.

Store your passwords in something like Keepass(strong master password!) and then use syncthing to push copies of the database to at least one other box locally or in the cloud if you really have to.

Some upgrades require human input like when core service config files upgrades are offered. (ex. would like to update /etc/samba/smb.conf with the maintainer’s version or keep your own?)

In my experience this can occasionally cause background apt processes to hang while they wait for your answer to that kind of question. There is a debconf trick you can try. debian_frontend=noninteractive. You can create your own cronjob, as root, that runs a script with this export command, apt update, then apt dist-upgrade -y.

If your machine is a Tuxedo laptop, this thread might interest you. Seems as though this user was hitting thermal limits and their laptop would freeze/poweroff to keep from dying.

Run your workload in a guest VM and limit its resources to whatever you desire. You can also consider c-groups if you already know which processes are causing all of the trouble.

Ignoring what users want is the tradition in GNOME and yeah ofcourse Fedora is gonna do whatever RedHat/IBM tells them to do including push AI-slop.

I would look at these things first.

1. Try another DE, something like XFCE. See if the problem persists. Sometimes swapping compositors or display managers can help too.
2. Run memtest. Failing memory can definitely cause lock-ups.
3. Lastly I’d look at graphics drivers. If you’re running Nvidia, switch from nouveau to the proprietary driver or vice-versa and see if that helps.

It should but you can test that assumption by trying to ping any other device on the non-guest wifi. (and try ping in the other direction)

Do not, under any circumstances, conduct any private business on it. What isn’t being logged by Microsoft and shared with your employer, advertisers, various governments will be screenshot’d every n seconds. Additionally, I highly suggest, if you haven’t already, to setup a separate VLAN for this device if you ever bring it home and connect it to your home network. Defender absolutely does passive sniffing and active network scanning now. It will also be collecting and logging visible SSIDs as well. Enjoy!

Wireguard should be the default here. The rest is just networking configuration implemented in both routing and firewall. I never understood why people use Tailscale, like why would you intentionally pay someone to be man in the middle of your virtual private network? Twingate I am not familiar with.

OpenRC seems to work pretty seamlessly on Gentoo. Just throwing that out there.

So … device attestation … the same shit coming from Google, Microslop and others. At least Poettering is consistent with his shit ideation.

You might have too many old kernels installed. This would potentially fill up the /boot partition. One way to check this is:

df -h

Look for the line indicating space left for /boot.

You can then get a list of the installed kernels with:

dpkg --get-selections | grep -v deinstall | grep linux-image

If you need to remove old ones, use uname -a to identify the running kernel (should be the latest version if you’ve rebooted after the last kernel update) then remove all of the older kernel packages with:

sudo apt remove -y linux-image-amd64-xxxx

More generally speaking, I think that sudo apt autoremove should leave you with only the latest 2 kernel packages by default.

That’s weird. I was looking at this docs page and assumed that USB is how the update actually happened.

If all you need is basic paint-link functionality on Linux then you might like drawing. It is already in the Debian repositories too.

Dude … just install Debian(stable or testing) and then distro-surf using VMs in kvm/qemu. Just reading this all makes me tired for you.

Use a windows VM and then make sure that your hypervisor is properly passing thru the USB device/connection to the monitor to the windows guest vm. Not sure why you’d need a windows host OS for this.

I’d stick to reading the alpine wiki yourself vs “asking AI”. You will actually learn things that way.

Raspberry Pi’s are full of possibilities, even old ones. Here is what I’d do.

It was supposed to be a pi-hole but was never able to get the dns forwarding to work on my modem.

Not sure what you mean here but there is no reason that any modem or WAN box ever really needs to involved with a pi-hole. You can set the IP to use for DNS lookups on each host by hand… OR you can turn off DHCP services on the modem run that off of the PI, which then sends the IP of the PI/PiHole for DNS as part of the DHCP lease to each client.

At any rate, ideas for it:

• PiHole with encrypted DNS service out to the internet and past your ISP’s snooping modem.
• a Wireguard VPN server. This would allow for things like your phone to tunnel home use your fancy pi-hole to block all ads on your phone, privately. You’d also then have access to anything else hosted on your home network like Music/Movies/etc. Setup a samba share for that stuff somewhere. This raspberry pi can also pass your VPN client traffic back out to the internet if you setup (ip forwarding)[https://rob-ferguson.me/how-to-use-your-rpi-as-a-router/]. It’s an old pi, so it won’t be faster than 100Mbps, but for a phone/tablet that is likely fine.
• as a motion-activated camera or some other temperature monitoring box. You can setup a cronjob to archive the videos or send the collected temp readings to some database backend and use Grafana for a visualization front-end.
• setup a netflow collector/forwarder for your LAN using fprobe. If you network is flat and I guessing that it is, as long as you have a single network switch for both your wired and wireless clients (and a single subnet aka 192.168.0.x for all) then you can monitor the whole broadcast domain with one box. You can send/forward the captured netflow to something like Security Onion and really start to understand what’s happening on your network. : )

There are so many more ideas like weather stations, news feeds, little web services for whatever.

Well. Gentoo will let you have a direct say in every single aspect of the final system.