I recently orchestrated this, although in my case I've chosen to use 1password's cloud based store as my primary secret store, so I'm accepting some exposure right off the bat that you might not be comfortable with.
Basically, I have a borg backup job which runs every day, in a 3-2-1 replication strategy with the backups being sent both to a locally encrypted NAS (backups themselves have an additional layer of encryption via borg) as well as off-site with BorgBase. Those backups scoop up an export of 1password that I have a reminder to kick off manually about once a month via this script: https://github.com/eblume/blumeops/blob/main/mise-tasks/op-b...
The password that decrypts the key (along with the password that decrypts the backup) is stored on a piece of paper in a fireproof safe in my house. I've got a reminder to practice the entire DR process every six months, although I've only done it once so far as this is all pretty new.
Thanks, it's also available via my 1password cloud account, so it'd have to be a joint fire at my home and the 1password data center (and my phone, for that matter). Pretty bad day I feel.
Unrelated note: this was the first time I've linked to my static generated docs for this project and it was really fun watching the grafana dash of my fly.io nginx proxy pick up all the scraping traffic. Thanks for warming my cache :) I work with this tech all the time at my day job but this is the first time I've hosted something from my home, it's genuinely made my afternoon to see it light up.
I sync the database to my phone, and a couple of other devices too with syncthing. I need it on my phone anyway to log into accounts while I'm out and about.
What clients are you using ? Trying syncthing with synctrayzor with my windows boxes and Synctrain on my iPhone and it’s mostly alright but still a little spotty.
I'm also using Synctrayzor on my Windows 10 machine. I'm on Android using the official Syncthing app there as well as on Linux. It sometimes takes a while for them to discover each other, and it of course works better when all the devices are on my home network. The only real problem I've encountered is when filenames have special characters another OS doesn't like.
Hey thanks for the quick reply! Yeah, I've noticed the discoverability is a lot more consistent when I just foreground the app on both devices and let it sit for 10-15 seconds. So used to instant gratification in this age :\
Well, the same issue exists for your BitWarden recovery keys or 2fa method. You need to have proper and redundant off site backups for anything valuable.
How often do your change your passwords? Assuming they are decently long and all that, why would you change them at all other than when a site gets breached?
The only reason my Keepass database changes is because I make new accounts on sites every now and then, and that's a fairly rare thing these days. And if I get so ungodly unlucky that my house burns down before my off-site database is updated to have that new account listed, I'll still have access to the email that account is associated with, so I can still recover the account either way.
Every time I add an account, for one. And there's still plenty of (dumb) sites which force me to change my password and sometimes username periodically.
Keeping an offsite database in sync is tedious, especially if it's delivered via sneakernet.
I add an account to that database maybe twice a year, probably less. Do you make a lot more accounts than that?
The off-site solution I have updates a lot more often than that, although that's only because only the really important stuff is backed up in that way; the stuff I truly need to survive my house burning down.
I'm almost done with that aspect of my life now, but every school year it feels like there's a new slate of apps, parent communication portals, etc. I need to manage these as well.
It's way more often than twice a year for me. And it's accelerating.
Fair enough, but it’s genuinely super easy to have a regular copy of your password manager saved in the cloud. You can also have a less frequently updated version stored somewhere physical that isn’t your house. My house burning down has never been a concern for me, as I’ve taken the proper precautions for my data.
For me as a desktop linux poweruser, I find this potential transition pretty intimidating, I've never flashed a phone with a custom rom let alone switch to a completely different OS, and I am not sure if the phone can even be reset to its original OS, if things go south.
/e/OS at least has a browser based installer[0] for quite some supported phones.
I definitely recommend trying it out, installing a custom os on my phone gave me the same feeling when I first ran debian on a laptop struggling under windows (even though the performance gains aren't that apparent in my opinion).
The /e/OS installer is terrible though and often fails, even on their officially supported phones (like Fairphone). The standard recommendation in their forums is nah, just install /e/OS through the command-line.
Also, /e/OS has pretty bad security practices (shipping very old kernels, very old vendor firmware, and missing most AOSP security patches).
Also, be careful to follow the instructions really carefully. For some devices it's really easy to get the phone in a boot loop, where the only resort is to get your vendor to repair it. E.g. Fairphone 6 has downgrade protection and will become a brick if you relocked the phone when the old system's Android SPL is newer than the new system's.
I flash phones almost every other week. And tablets. I have been flashing since Androids came out. But never bricked. But maybe that is why I don't have any problems.
Lots of people brick their phones by relocking the bootloader when the Android SPL before flashing was newer than the newly flashed OS when the phone has downgrade protection (e.g. Fairphone 6). The Fairphone/e Foundation forums are pretty full of people making this mistake. Then the only solution is paying Fairphone to fix it.
"flashing" a phone is largely the same as any OTA update. There's of course always a risk of it going wrong, disk failures are always possible, but it's exceptionally hard to do so accidentally. Especially with custom ROMs where they basically never include a new bootloader, so "flashing" is no different than installing an OS on a desktop system - it's just writing to the boot partition. Which you can always do again since the bootloader is still available.
It is not 'largely the same as OTA' on phones with downgrade protection. Once you lock the device again, it's game over because the bootloader refuses to boot an older version of the OS, and you cannot unlock the phone anymore. Happens all the time in the /e/OS and Fairphone forums.
It really depends on the device. E.g. Pixel is quite hard to brick. Though they do sometimes increment the anti-rollback version:
In that case you have to be careful to not flash an older version to both slots and lock the bootloader, which is possible, because many non-Google/GrapheneOS images are often behind on security updates.
It is still largely the same, those downgrade protections apply to OTAs as well. Those anti-rollback don't brick the device, either. It might not boot to a working OS, but you can still get back to the bootloader to flash something newer. Unless you blindly lock the bootloader without testing if it boots first and the bootloader can't be unlocked again I guess, but that's quite a sequence of bad choices all around
It is still largely the same, those downgrade protections apply to OTAs as well.
But the Android SPL versions of OTA updates from Android vendors monotonically increase.
It might not boot to a working OS, but you can still get back to the bootloader to flash something newer. Unless you blindly lock the bootloader without testing if it boots first and the bootloader can't be unlocked again I guess,
This is false. As long as the boot loader is unlocked, many phones will boot the downgraded image fine. It stops booting it when you lock the boot loader and on many phones, you cannot unlock it again. You need to boot the OS to enable OEM unlocking again, but you cannot boot the OS because the bootloader refuses to.
The Fairphone community is full of people who though 'oh it boots, so I can lock', locked it and they were in a boot loop and had to send their phone to Fairphone to get it repaired for 60-70 Euro (I don't remember the exact price, but that is the ballpark).
There is an adb command that can fairly reliably detect whether the boot loader can be locked. But I'm not going to post it here, because people have to read the full flashing manual, plus in the past there was a bug where the anti-rollback would trigger even with a newer SPL.
At any rate, flashing is not for most people and it was much easier when there was no rollback protection. Of course, rollback protection does make phones much more secure.
---
I wonder if your experience is based on Pixel or older/other Android devices that do not have rollback protection.
> Are you seriously implying that flashing phones doesn’t risk bricking them or you’re not aware of that risk are you serious?
Yes, that is generally the case. As a general rule with an Android phone reflashing the OS itself or the bootloader carries no risk of bricking the device (meaning making it impossible to recover without specialized hardware and/or opening up parts that were not intended to be opened).
There are plenty of ways to "soft-brick" a device such that you might need to plug it in to a computer, and adb/fastboot can definitely be a pain in the ass to use (especially on Windows), but if you have a device with an unlocked bootloader it's very rare to be able to actually brick the device while doing normal things.
Now, if you're doing abnormal things like reflashing the radio firmware you can absolutely brick some devices there, but you don't have to do that just to boot an alternative OS and generally shouldn't be doing it without very good reason and specific knowledge of exactly what you're doing.
I'm not going to say there are no devices where the standard process to flash an alternative OS is dangerous, but none of the relatively common ones I've ever owned or used have been built that way because OEMs don't want their own official firmware updates to be dangerous either.
tl;dr: It is sometimes possible to brick a device by flashing the wrong thing incorrectly, but the risk of doing that if you are just installing an alternative OS through a standard process is basically zero.
The challenge I've found when looking for instructions for flashing one of my old phones is the assumption of knowledge some rom builders have, or perhaps an assumption about their audience. This seems like it has the potential to bit someone in the ass because if they're relying on other sources like the lineageOS wiki or forum posts elsewhere for example there's no guarantee it'll stay available, complete, or relevant to their variant over time. It's an added burden for what is a gracious volunteer role, but it's a handicap if they want more people using the fruits of their labor.
I can't be bothered to change my phone's default ringtone and yet I've had very little issue installing LineageOS and GrapheneOS on the various phones I've owned over the years.
You can use actually git (it's also integrated in Overleaf).
You can even export ZIP files if you like (for any cloud service, it's not a bad idea to clone your repo once in a while to avoid begin stuck in case of unlikely downtime).
I have both a hosted instance (thanks to Overleaf/ShareLaTeX Ltd.) and I'm also paying user for the pro group license (>500€/year) for my research team. It's great - esp. for smaller research teams - to have the maintenance outsourced to a commercial provider.
On a good day, I'd spend 40% in Overleaf, 10% in Sublime/Emacs, 20% in Email and 10% in Google Scholar/Semantics Scholar and 10% in EasyChair/OpenReview, the rest in meetings.
you can use git with overleaf, but from practical experience: getting even "mathematically/technically inclined" people to consistently use git takes a lot of time... which one could spend on other more fun things :-)
- What RFCs are useful to read if I want to learn networking well
- I heard that the best way to learn low-level programming is by rebuilding already existing programs. what high quality RFCs can I use as a guide to code-my-own <so and so program>
There are a number of problems with trying to learn networking from the RFCs. First, they're specifications, not tutorials, so they just assume that you have a lot of background that you otherwise have to infer. Second, it's very common for a protocol to have been iteratively developed over the years and so split over a number of RFCs. In some cases, people will eventually try to consolidate things into a single document or document suite, but it's a big pain to do that, so it often doesn't happen.
Finally, a lot of the foundational RFCs were written long before we had a good understanding of how to design a robust networking protocol. For example, if you just implement TCP's original rate control algorithm [RFC 793] you get a system which is very vulnerable to congestion collapse (see https://ee.lbl.gov/papers/congavoid.pdf for more). Even with a more modern specification for RCP as in RFC 9293, you kind of have to work to piece together the shape of a working system. The QUIC RFCs are better because they were written all at once, but it's still not really designed to teach you.
IMO a better place to start is TCP/IP Illustrated by W. Richard Stevens. Volume 1 really explains the protocols. Volume 2 shows how to actually implement them.
> 3) to consider what others may be thinking and feeling
Personally I find myself often considering how other people might feel too much and end up being a people pleaser, so I need to work on that aspect of my social skills
It's really essential that one have (1) down (to be self-constituted) down in order for (3) not to lead to a circle of confusion. If I feel very assured in my own relationship with the universe, that doesn't depend on how anybody else sees me, and my security does not depend on others being happy with me. And when I don't need to make anybody happy, connection and compassion arise naturally from a place of curiosity--there are feelings of abundance and security underlying it rather than confusion or anxiety.
That sounds simple but the self-constitution part takes years of serious searching and work; some things (good therapists, good meditation teachers, good books, consistent practice, etc.) help the journey along, but there is no quick route.
Any particular books you recommend? people keep mentioning _how to win friends and influence people_ and I am not sure if it's just mindless productivity gurus hype
Right now I'm reading As It Is by Tulku Urgyen Rinpoche (if you don't have previous experience with Buddhism I'd recommend starting with something broader like Zen Mind Beginner's Mind, and find yourself a Buddhist meditation group!), and Self-Therapy by Jay Earley. Something else very much written for an intellectually-oriented audience but that gives inklings of a ladder into non-intellectual being, is Unwinding Anxiety by Judson A. Brewer. I liked it at the time, though I found I needed more help practicing the things that that book suggests, which led me deeper into Buddhism and eventually towards Dzogchen.
I wouldn't recommend How to Win Friends and Influence People, it is all about fine-tuning behavior to make a better impression on people, and that doesn't sound like the heart of the issue you described. The heart of that issue _could_ be that one clings to mind-concepts rather than trusting the whole being and feeling a connection with the universe. If so, one must slowly learn to trust the felt experience of life, to know that gut feelings and open-heartedness are just as important as thoughts (moreso in many respects), to trust that one can relax one's whole being and be carried by an infinite love within. It is a gradual progression.
As a lifelong obsequious people pleaser, I have realized that I make it about me by trying to figure out what people want from me, or I'm focused on how I can look better in their eyes. Instead, truly trying to understand how someone is feeling and reflecting that to them has been so much more gratifying for me (and hopefully for my friends and family.)
+1. I say this jokingly, but in a sense being a people-pleaser vs being empathetic is a “skill issue.”
Being focused on how people might think of you is shallow and tastes like narcissism. Even if in your own mind you are “thinking about others” too much you are really only thinking about yourself through their eyes.
Being present in the moment with someone and their feelings involves getting out of your own narrative.
This section was the hardest for me to understand. I personally don't like the idea of building a mental theory of mind and then evaluating your responses based on how you think someone might react. I prefer to be authentic in my action even when I know it is going to be ill received or not be in my advantage. I do what I do for a reason and I have to trust my internal compass. If after all that my actions are taken the wrong way then I accept that. Self reflection to keep myself in check, most of the time i stand by what I said. You cant live life without being mean, rude, offensive sometimes thats what the situation calls for.
But maybe im an asshole, I genuinely have no idea.
> The game went through so much delays that it's release became sort of a meme
Tiny correction (AFAIK): It was never really "delays" as there was no release date until ~3 weeks ago, when they announced it'd be released in a month. But yeah, development time was long.
it has been a rockier history than that - it was playable at E3 in 2019, and there have been multiple teased (but not specific) release dates along the way. e.g. the Wikipedia has some of it: https://en.wikipedia.org/wiki/Hollow_Knight:_Silksong
to be clear: I'm not complaining at all, I'd much rather have a good very-delayed sequel than a bad one. but the "it's releasing again" -> "it's delayed again" memes do have reasonable origins.
For some rarely use server, this could be the case.
However, any frequently used servers that will always be some base configuration via ansible, dotfiles etc. that can add the base alias to the shell.
reply