privsec-dev / privsec.dev Goto Github PK
View Code? Open in Web Editor NEWA practical approach to Privacy and Security
Home Page: https://PrivSec.dev
License: Other
A practical approach to Privacy and Security
Home Page: https://PrivSec.dev
License: Other
Thanks for writing Using Native ZFS Encryption with Proxmox!
A feedback for that article - for reference, in the latest Proxmox 8, I had to place authorized_keys
and dropbear.conf
under /etc/dropbear/initramfs/
for them to work.
dropbear-bin/stable,now 2022.83-1 amd64
dropbear-initramfs/stable,now 2022.83-1 all
Also, I think it's worth mentioning that dropbear can be configured before encrypting the pool - it would be a bit easier to type in the password 😂.
I've just read https://privsec.dev/posts/android/f-droid-security-issues/ and am deciding to switch to a different F-Droid client to avoid some of the issues mentioned there (e.g. targeting an higher Android API level to make use of better sandbox features, not requiring a privileged extension with questionable security practices for batch updates while still allowing batch updates).
The post mentions that
Droid-ify (recently rebranded to Neo-Store) seems to be a better option than the official client in most aspects.
However, both Droid-ify and Neo-Store seem to be alive and well:
What has happened here? Should I use Droid-ify or Neo-Store instead of F-Droid, or are they equivalent from a security standpoint?
Width and height should be specified at build time.
Says "generally people with technical knowledge and work in the field." Should be "generally people with technical knowledge that work in the field."
Edit: also a spelling error: "we are not affiliated, associiated " should be "we are not affiliated, associated "
Advice in https://privsec.dev/posts/linux/docker-and-oci-hardening/#the-no_new_privs-bit works only as
security_opt:
- "no-new-privileges=true"
when I tested it with Docker version 24.0.7 and Docker Compose version v2.21.0.
Regarding:
https://privsec.dev/posts/linux/desktop-linux-hardening/#dnssec
You might like this wiki page:
https://www.kicksecure.com/wiki/DNS_Security
Missing topics:
I recommend making a Windows guide to improve everyone's privacy & security. Here are two examples (both of which I assisted making in one capacity or another)
https://thenewoil.org/en/guides/moderately-important/desktop-settings/
https://discuss.privacyguides.net/t/windows-guide/250/4
https://deploy-preview-1659--privacyguides.netlify.app/windows/overview/#issues-present-in-windows
Finally there is the beerisgood guides to consider as well
https://github.com/beerisgood/Windows11_Hardening
https://github.com/beerisgood/Windows11_Privacy
The Proxmox with native ZFS guide doesn't have any tamper protection anyways, so it is not the end of the world without these. However, it will be good practice to
I'm experiencing some buggy behavior when visiting your site from a WebKit browser—in this case, Safari.
Consecutively clicking through 3 or so pages on your site results in the webpage crashing:
And if it's of any help, these are the error messages that appear in the console:
I haven't experienced any similar issues on other sites, so I do think it's on your guys' end.
Here are more concrete sources than just the forum thread.
https://divestos.org/misc/e.txt
I have 2 related suggestions for the guide for the Mullvad VPN on Qubes OS guide.
Basically title.
Some personal digging pointed me towards https://github.com/Kicksecure/security-misc/tree/master/usr/lib/sysctl.d/ becoming the new link. I might be wrong though*.
Btw, I love your work! Thank you so much! Much appreciated!
fdroid targets 28 now and fdriod basic (what a bizarre name) targets 33 for non system app unattended updates
The article Desktop Linux Hardening states disk encryption requires an OS reinstall if it was not enabled on first install. However, it is now possible to encrypt-in-place using cryptsetup's reencrypt feature (using --encrypt
argument), which converts a currently unencrypted partition into a LUKS container. Although this approach does require a small amount of free space available at the end of the partition for the new LUKS header (applied using another argument), I have personally used this feature and it works as intended.
Despite the unencrypted data being leaked on the disk due to previously being written unencrypted, the same occurs with an OS reinstall without writing random data such as /dev/urandom when using a HDD, or impossible on an SSD without physical destruction (since ATA Secure Erase can't be trusted to have been implemented correctly without testing beforehand), so it shouldn't be an issue in this aspect.
While i3
does not support wayland, sway
, which you recommend above recommending against i3
, is a drop-in replacement for i3
and I think this should be made apparent here, so people can switch to that if they are currently using i3
or planned to use it.
The post currently uses a cronjob. I need to update this to a launchd service that runs every 30 seconds later.
h4, h5, and h6 are currently smaller than body text. Font sizes are hardcoded upstream (adityatelange/hugo-PaperMod#541).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.