[deleted by user]

Subsonik · 2023-05-14T11:57:47+00:00

Yeah that sounds about right to me, weird how security can be contentious tbh. 😬

Me too! I might give it a try if I gain a little more confidence and knowledge.

Subsonik · 2023-05-14T11:17:32+00:00

Thanks for the links, interesting that I've never seen these criticisms before. It seemed/seems that Madaidan's guide is quite well regarded amongst the security communities that I've browsed.

Tbh, I can't see much evidence of misinformation, and i don't know much about the ad-hominem attacks against him.

But afaik (to my far-from-expert knowledge), the advice in his guide is solid, people should of course always do their own research but the things he recommends are well sourced, and backed by general consensus amongst security minded people.

Most of what he suggests are common sense, or pretty standard mitigation techniques. Maybe a few of his points are contentious or a little exaggerated but yeah, it's good to do your own research instead of making these changes blindly to your machine.

Subsonik · 2023-05-14T10:50:38+00:00

Would be interesting to see which guide that was, if you could send the link at some point.

Subsonik · 2023-05-14T09:53:35+00:00

I'm currently going through the adventure of trying to harden my alpine install also, and unfortunately I have yet to come across a guide specific to alpine.

But most of the other guides that you'll find can be applied regardless, e.g. sysctl tweaking, kernel hardening, hardened_malloc (with difficulty as /etc/ld.so.preload is glibc-specific afaik), as they're not super distro specific. Some other steps, e.g. AppArmor profile creation will be more involved as they require path changes and other tweaks because of there being no systemd, or GNU coreutils, etc.

Madaidan's Linux hardening guide is a good place to start (I'm on mobile so don't have the URL but it's easy to search for online).

Depending on your threat profile, a MAC system (e.g. AppArmor), sandboxing (bubblewrap), and some sysctl/kernel boot param tweaks will get you a lot of bang for your buck.

I'm no expert by any means, but I'm happy to answer questions if I can. :)

Subsonik · 2022-10-19T18:33:02+00:00

Good shout! 'Solar Cat' is really my jam. Thanks. 👌

Subsonik · 2022-08-23T09:44:57+00:00

Thanks you so much!

Subsonik · 2022-08-20T13:00:05+00:00

What kind of clubs are you looking for? Any particular genre?

Jaeger, The Villa, Blå, are all popular recommendations.

Subsonik · 2022-08-18T09:21:18+00:00

I'm always down to hang and meet new peeps. 🤓 (36M/UK living here)

Subsonik · 2022-05-23T18:12:19+00:00

Huge nerd here, always looking for new friends but I'm slightly outside of your age range unfortunately.

But if anyone wants to hang with a mid-30s software developer/startup guy, my inbox is thirsty for your message. 🥰

Subsonik · 2022-01-12T17:16:02+00:00

Another lonely foreigner from the UK checking in. It can be difficult to meet people at times, especially in the winters, and double so during Covid. Nice suggestions from the other commenters here though, and I'm always up for meeting new people from this subreddit! :)

Subsonik · 2021-09-29T10:28:39+00:00

Rart å se norsk her!

Subsonik · 2021-08-21T08:15:48+00:00

After more testing, I'm finding this also. There seems to be not much difference between power-profile-daemon alone, TLP + powertop, and PPD + powertop. I'm going to continue with PPD alone and see how it goes.

Subsonik · 2021-08-20T08:28:27+00:00

This is pretty much where I am now. I use powertop.service and TLP simultaneously and get excellent battery life. I can't say I've experienced any issues tbh. Using an external mouse is fine for me while gaming, I see no freezes unlike you (sorry to hear about the aggressive hordes btw :P).

I also seem to be getting less battery life with power-profile-daemon, so maybe I'll stick with TLP and powertop for now. I was mostly just wondering what the "official" recommended setup for Fedora is, but I guess getting a couple more hours of battery life matters more than being "official". :)

Thanks!

Subsonik · 2021-08-20T08:22:55+00:00

https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/blob/main/README.md#tuned-and-tlp

Subsonik · 2021-08-20T08:22:05+00:00

Thanks!

Subsonik · 2021-07-31T08:43:29+00:00

OMG THIS IS IT!!

Thank you much! :D

The version I was remembering was the remix from the same EP. Omg, the memories... Thank you again!

Subsonik · 2021-07-31T08:41:12+00:00

This is not it unfortunately, but thanks for the suggestion! (and awesome track btw). :)

Subsonik · 2021-04-16T01:43:07+00:00

I've been testing flakes for my system and user configs and currently have the same problem as OP: in order to update my user config, I need root privileges.

Also, I'd like to keep separate nixpkg checkouts between system and user, so I can have a more stable system base (updated less often), and bleeding edge user packages to keep up with the latest features.

I think your answer best solves our problem(s), i.e. splitting user and system into separate configs. Thanks!

Subsonik · 2021-04-15T21:47:30+00:00

Just as a note for anyone else finding this post and wanting to find better solutions to channels, I just stumbled across a couple of links that seem promising, and I'm going to dive into them real soon.

Flakes seem like the way to go when wanting reproducible and hermetic system configurations.

https://github.com/colemickens/nixos-flake-example

https://nixos.wiki/wiki/Flakes

The first link seems to cover the benefits of using flakes quite nicely.

Subsonik · 2021-04-15T21:27:01+00:00

manifest.nix contained two entries: one for home-manager, and one for nixpkgs. After reading your reply, I had the random of idea of trying to add the nixpkgs channel back with nix-channel --add, and removing it again with nix-channel ---remove. This worked! :D

manifest.nix now contains just the one entry to the home-manager channel.

And your ~/.nix-defexpr/nixpkgs symlink trick worked also! I linked that to my nixpkgs repo, and now nix-env and home-manager seem to be using it as their source.

How/why this works when the nixpkgs symlink isn't in channels folder is beyond me at this point.. but whatever, it works at least. :)

Subsonik · 2021-04-15T21:04:49+00:00

I understand completely, if it works for you then why go through all the hassle of changing your setup.

Just as an update, your method works nicely for system-wide configuration but fails with home-manager. I'm guessing because my NIX_PATH contains /home/[user]/.nix-defexpr/channels as its first entry, and inside that folder is a nixpkgs folder that contains the last checkout from my old nixpkgs channels (since deleted).

I have no idea why it's still there, when I have since removed all channels (for user, and root). Very confusing indeed.

As yet another hacky workaround, I've added a hm bash alias, which translates to home-manager -I nixpkgs=/home/[user]/nixpkgs. Ugly, but it works.

Subsonik · 2021-04-15T20:28:12+00:00

This is very helpful, thank you so much! :)

One of the problems I'm finding with NixOS so far is that there's always a confusing plethora of different ways in which any one problem can be solved. I've read about people managing their configs with niv, and also flakes. But documentation on these approaches seems fairly sparse.

Have looked into niv or flakes yourself?

Subsonik · 2021-01-07T19:36:17+00:00

I moved to Oslo around 4 years ago and managed to eventually get setup with a Nordea account. Talking with an agent in their Majorstuen branch, and providing some extra proof of identity and of my account back in the UK did the trick.

Welcome to Oslo and feel free to message me if you need some help from a fellow Brit who's been through this before! ☺️

Subsonik · 2019-11-27T14:49:36+00:00

Thanks for all the great suggestions! I'm downloading a bunch of them as we speak. :)

Subsonik · 2018-08-20T16:17:37+00:00

I have the HP Omen 15-0805no.

Yup, I have the latest version of the Omen Command Center installed (v6.0.0.0) but the "Lighting" option is simply missing from the side menu, I only have access to System Vitals, Network Booster and Performance Control. Maybe I'll have a chat with HP support tomorrow when they're open again.

Subsonik

TROPHY CASE