Notices by Solène :flan_hacker: (solene@bsd.network), page 3

With Qubes OS, malwares do not come and go as they please using a multi-pass (5th element reference)

#qubesos #qubes

@ekaitz_zarraga does this work?

env XDG_DATA_HOME=$XDG_DATA_DIRS pandoc

@karadoc I used a mail address that is not gmail and it worked fine, it's just that the domain I was using initially (an alias service) was blocked silently

@gnemmi :flan_despair:

@lpwaterhouse unfortunately I don't have much choice in the current case.

Trying to order something on a website was not working at the payment step, I tried everything like removing the accent in my name, changing my delivery address, paying with different cards, changing delivery method.

The phone support told me I should see with my bank, but offered to generate an order with a link to pay, so we tried this and it didn't work.

Then, after a second call, I've been told that it was certainly my bank because they spent 10 minutes investigating and they do not block anything, and just at the end, they told me that I should try with a @gmail.com address because they have a system that may block orders from "suspicious addresses". I changed my email to something else (not gmail.com though :D ) and it worked

-_-

Who decided there that gmail.com addresses are more legit than others? Most of the scam I receive is sent from gmail :flan_molotov: :flan_bored:

I needed a TLS wildcard certificate but it's always a pain to handle, I just found way better!

Caddy web server can generate TLS certificates on demand, so I can make it listen on *.foobar.com and when a new subdomain is requested, it will generate a new ACME certificate for this.

https://caddyserver.com/docs/automatic-https#on-demand-tls

It has limitations though, it can be easy to DOS the system by requesting a lot of subdomains. That's why it's possible to add a mechanism "ask" as a safe-guard. The implementation is up to you, but a simple solution could be a persistent timer that would only allow a new certificate every minute.

See the following link for the "ask" option https://caddy.community/t/serving-tens-of-thousands-of-domains-over-https-with-caddy/11179

@rqm what's wrong? The installer supports it now

@ttyS1 a WAX202

@max no

@thinkberg switching to "WDS" mode

I had poor performance on 5 GHz wifi network on OpenWRT, I was only able to reach 30 Mbits/s while the 2.5 GHz was reaching 250 Mbits.

Switching the access point type from "access point" to "access point (WDS)" solved the problem :flan_shrug:

It's supeeeeer fast now :flan_cool:

@guidostevens I started using it since less than 24 hours 😅

so far, I found the documentation to be lacking, it is not clear how profiles works in parallel or if some permissions (like networking or wifi) are managed by the Owner profile?

I do not use it for strong privacy needs, so our usage will differ a lot.

But so far, it seems that if you want to prevent data collection, just install google stuff in profiles where it's affordable, for the least apps you will need, using a burner account.

For instance, I'd do that if I had to install a crappy app to do XYZ once.

At the moment, I made a profile to handle the communications (IM + GSM), one for gaming and one for multimedia (including android auto and maps).

The cost to switch between profiles is high, so I try to do something usable. But my main goal is security, not high privacy.

@Sable_Shade I switched to Graphene OS less than 24 hours ago ^^

I have a lot of stuff to learn, I can't share for now but I'll write about it, be sure!

@piero LineageOS :)

@morgant did you see https://www.undeadly.org/cgi?action=article;sid=20241129093132 ?

@rooneymcnibnug https://forum.qubes-os.org/t/setup-openbsd-qube-with-usb-passthrough-audio-and-1920x1080-resolution/19789

@rooneymcnibnug there is a guide explaining how to do so using UEFI, this will give you higher resolution and sound

@ripe le site tourne tout seul en général, il se met à jour autant que possible plusieurs fois par jours. Ça doit tomber une panne une fois par an peut être sur une Snapshot foireuse ^^ ça va continuer comme ça ;)

@oook I may finally trust my phone, eventually