Uncle Iroh ☑️ @[email protected]

This will never not be funny:

https://nitter.net/_BarringtonII/status/1566616878591754242#m

@dave
I remember.

In our search for bags of dumped porn our little band of assholes came across literal bags of shit, bloody clothes, mild porn, child porn and BDSM porn.

More childhood memories:

@ze Think I might start keeping a closer eye on Xen CVEs.

@Solo_Knight Pure pure joy.

@ze
Agreed. The right tool for the job, always. Your use-case (travel + cross-distro dev) is pretty unique and I can't think of anything else that could handle it better.

@ze
I prefer old cheap hardware where I can flash the chipset and get rid of ME, max out the RAM and then dump an image on it. Then it's ready to accept restoring a backed-up state. Cheap and disposable hardware.

SEV? Yeah, I would like that alot.

@ze That is how all hardware should be thought of - disposable and replaceable.

@ze I've thought about this a bit, and on balance if I really were at serious risk in the way some journalists/activists clearly are, and I had to travel with my Qubes laptop then the best setup might be the boot/header route + stateless + remote backup and then ditch the local flash backup.

Ultimately, you could walk away without the laptop/flash drive and restore everything at another location on new hardware.

@ze Default state of naked linux kind of works. But that is the exact value proposition of Tails, which is stateless and awesome so I would just go with Tails.

But if you wanted the comfort and ease of using your preferred OS and custom setup while travelling, then you would need some protocol for serving/restoring your OS image + state/data.

@ze Hehe. Yeah, about that. Humans are way easier to break than encryption.

@ze Like a pxe boot? I guess so. That would solve the problem of someone trying to mount /boot and stealing your luks key as well as offering the option to backup.

But in addition to whatever solution you use, the closer you can get to The Stateless Laptop the better.

In the airport example, even if you were somehow compelled to open up the OS it wouldn't matter since there would be no data/state kept.

Curently that requires plenty of bash-fu and external storage. Have fun!

@ze You would have to do the partition backup before flying in anticipation of being searched at the airport. In which case, detaching/encrypting header is more robust.

It's not without problems though.

Doing so effectively creates a dracut/initramfs fork of the QubesOS installer. Kernel updating seems to be a common issue, as is the sleep function. Both require regular attention to grub kernel parameters, a PITA.

Still, I will try it out at some point and see what the tradeoff is.

@spectre
There are ways to reduce your spike protein load (https://worldcouncilforhealth.org/resources/spike-protein-detox-guide/) but not trusting a godamn word from the CDC's lying mouth ever again is a good start (https://childrenshealthdefense.org/defender/cdc-spike-protein-mrna-covid-vaccine/)

@ze
Other way around. Sys-usb can break kernel upgrades since it umounts your detached boot drive. Turning off auto start sys-usb when upgrading the kernel stops that from happening apparently.

When I get a block of free time in the next few months I'll try the whole thing.

@ze Same. Feels good to be ME-free.
Also, may in future see how it goes setting up a detached and encrypted boot and header.

https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205

@spectre
For similar reasons I dislike the mannersims of male Italians and Spanish. Being Matriarchal, they are overly emotional and impulsive, quick to anger and to cry - it just comes off as feminine.