SpaceCadet

Yeah I don’t do security via obscurity

Another one who misunderstands that phrase... Yes, obscurity shouldn't be your only line of defense, but limiting discoverability of your systems should be an integral part of your security strategy.

A VPN like Wireguard can run over UDP on a random port which is nearly impossible to discover for an attacker. Unlike sshd, it won't even show up in a portscan.

This was a specific design goal of Wireguard by the way (see "5.1 Silence is a virtue" here https://www.wireguard.com/papers/wireguard.pdf)

It also acts as a catch-all for all your services, so instead of worrying about the security of all the different sshds or other services you may have exposed, you just have to keep your vpn up to date.

Born in the 70s here. I do remember LGB without the T in the 1990s and early 2000s, you probably were too young to pick up on the term. In any case, trans rights came into the spotlight much later than LGB rights.

Barracudas are SMR garbage nowadays, they're coasting on their reputation of many years ago when they were actually decent hard drives for the price.

Those look like real life windows media player skins from the early 2000s.

I like user respecting operating systems, that is the deal breaker.

If you insert snap into apt package management, so that you can go behind the user's back, re-enable snap and install a snap anyway if a user tries to apt install firefox, you don't respect the user's choice. It's the kind of thing we give Microsoft shit for.

And yes I know it can be worked around and disabled and whatnot by jumping through various hoops, but that's beside the point. As a matter of principle, I will just use something that doesn't do this. KDE on Debian works just as well as Kubuntu anyway.

How can it suck the least if it has snap?

TIL Match Group = The Bene Gesserit

Do you have one for being terminally lazy and the world's wost procrastinator?

I would assume state actors have the ability to read out your storage without needing the USB port. Even hardware security chips like secure enclave or TPM I consider to be likely compromised/backdoored by state actors.

Wouldn't they just immediately realize you've only given them the duress password?

Also, they will have imaged the phone already before attempting to unlock it, so the "delete all data" feature would be pretty pointless.

So this is basically the $5 wrench attack, but by the government