While this is a risk, it is only a real risk if the system is already exploited for regular user access. Or if there is an untrustworthy user of the system. So for most, it is not a major concern.

I like the Kobo options a lot, I have a device from them that was the Kobo Aura HD from Ebay that was $50 dollars in great condition. Kobo has better support for loading whatever you want on it without any annoying issues and it is running linux under the hood and has a lot of expand-ability because of it. These days I use a kindle paperwhite 4 and honestly, it just isn’t as well thought out. It is waterproof & has a higher resolution display but I found the Kobo OS was faster & the device with buttons had a much better design overall. So, I wish I had gone for an up to date Kobo alternative when I upgraded. So, go Kobo, don’t look back, & get second hand if you want to save some $$$.

I have determined that foot is best for me personally, like alacritty and a couple others, it is very barebones. No tabs or anything like that without tmux. But it doesn’t rely on GPU acceleration and is just as fast (or faster) than my experience using GPU accelerated terminals. Easy to configure and since it doesn’t have the GPU requirements it works on old hardware like a dream. Only possible issue is that it is wayland only but since that is all I like to use it is perfect.

I find a lot like ghostty and wezterm try to include too many features. All I need a terminal emulator to be is a terminal emulator. But then a lot of these then add tabs, build in multiplexers & more and it is more bloated than I like a simple utility to be. Additionally, I don’t need native tabs as a lot I do in the terminal uses SSH so it is easier just to use tmux/zilji and not have to manage it as much.

Wireguard could be helpful if you used a SSL terminating proxy in front of it but then you have to know the data format to parse it. So unless you are a researcher it is a long path ahead of you without any OOTB tools to do it for you.

Most cookies don’t store any data themselves. Instead it is a session/device token that tells googles servers what device is connecting and then they look up the data they have about you server side. Cookies can store more than that situationally but that is the most common use.

To get what data Google has on you check out Google takeout and you can get a “full” export of what data has been gathered.

As someone in a similar environment, there are others who care. It just isn’t worth the risk to my job & professional relationships to talk about. Most people who don’t care I won’t sway anyways and anyone who does care doesn’t need to talk to me. So, for the betterment of my family, I stay quiet at work. Outside of work though I’ll talk to my friends & anyone who will listen about the risks of the current regime.

It is the largest reason. Storing the password is one thing but to make the device reasonable to use I would likely store the key’s in TPM with a backup key. I don’t think she would be technical enough to use the backup keys were something additional to happen.

BioMyth

I understand that giving the keys can partially solve the access problem. But she would still possibly be unable to use the device. Additionally, I don’t know that she would be capable of using the keys without additional assistance and we don’t have other techies in our community who could step up in that capacity.

I don’t for a pretty simple reason. I have a wife, if something ever happened to me then she could end up a creek without a paddle. So by not having it encrypted then, anyone kinda technical can just pull data off the drive.

In the sand

Also apparently cron works in termux, so it could all probably be scripted there.

I think you could get something working using termux to install and run ffmpeg on your phone. Then using an automation app, e.g. if this then that, you could run a script in termux to re-encode the files. And automate it at night while charging.

Using the dictionary definition of a term like sanitary when applying it to an industry with its own specific definition, food prep, makes your argument seem like it is a bad faith argument. I don’t think that is your intent here, I just want to bring to your attention that your point will be missed if you use a term with multiple contextual meanings in & out of industry since it makes the argument linguistic rather than point by point.

Not gonna lie that is kinda my hobby. Pick up other hobbies, learn a bunch get okay but not too much time sunk in, time for a new hobby.

Glofiber is great! I’ve used them for a few years now and they have been really reliable & easy to work with. If you do any self-hosting they do have double NAT but after a quick call to support I was able to get a public ip without any cost.

Holy cow, didn’t realize just how bad Microsoft is getting. That behavior is unjustifiable especially considering this is just for wallpapers.

I’m on the bandwagon of not hosting it myself. It really breaks down to a level of commitment & surface area issue for me.

Commitment: I know my server OS isn’t setup as well as it could be for mission critical software/uptime. I’m a hobbiest with limited time to spend on this hobby and I can’t spend 100hrs getting it all right.

Surface Area: I host a bunch of non mission critical services on one server and if I was hosting a password manager it would also be on that server. So I have a very large attack surface area and a weakness in one of those could result in all my passwords & more stored in the manager being exposed.

So I don’t trust my own OS to be fully secure and I don’t trust the other services and my configurations of them to be secure either. Given that any compromise of my password manager would be devastating. I let someone else host it.

I’ve seen that in the occassional cases when password managers have been compromised, the attacker only ends up with non encrypted user data & encrypted passwords. The encrypted passwords are practically unbreakable. The services also hire professionals who host and work in hosting for a living. And usually have better data siloing than I can afford.

All that to say I use bitwarden. It is an open source system which has plenty of security built into the model so even if compromised I don’t think my passwords are at risk. And I believe they are more well equipped to ensure that data is being managed well.

OpenSUSE tumbleweed is a good compromise IMO. it is also a rolling release distro with built in snapshotting. So if anything does go wrong it takes ~5 mins to roll back to the last good snapshot. You can set the same thing up on arch but it isn’t ootb and YAST is a great management tool as well.