Christopher Crockett chaorace

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}

Screen sharing on Hyprland (Arch Linux)

This will be a step by step guide on exactly how I installed box86 on my Acer Spin 513 equipped with a Snapdragon 7C. This guide should work for several other Snapdragon Chromebooks, though YMMV. Mediatek devices will follow a similar setup, but you will compile the Rockchip (RK3399 or similar) version instead of SD845. Now on with the show:

Step 1 - Setting up Crostini

I've tried this on Crouton, but unfortunately it just doesn't seem to work on my ARM based Chromebook. If you have Crouton installed on an Intel Chromebook, it should work, but I'm not sure about AMD based Chromebooks, as their graphics drivers are different.

It's tempting to immediately create a new Crostini container, but that's actually not what we need here just yet. You see, box86 relies on something called binfmt-support in order to work. Inside Crostini, this means creating a "privileged" lxc container. You may want to have a separate container just for running x86 applications in; for this guide, I'll be using one called "x86" for

Initial checks

Start by checking that there aren't any previous ssh keys inside the FIDO2 authenticator of your YubiKey. You can check if they exist by running the command below:

nix shell nixpkgs#yubikey-manager -c ykman fido credentials list

If the command above outputs a string mentioning "ssh" or "openssh", then you have already got a key generated and store on your YubiKey.

Evaluating additional authentication factors

Before generating a new ssh key to store on your YubiKey you must consider which additional required authentication factors you want to use. Below you can see a table with the available factors and their corresponding command:

	Hi All!

	I've recently launched a tool that wraps many of the commands here with a user interface. This desktop application is currently available for macOS. There's a roadmap outlining planned features for the near future.
	Feel free to request any features you'd like to see, and I'll prioritize them accordingly.
	One of the most important aspects of this application is that every command executed behind the scenes is displayed in a special log section. This allows you to see exactly what’s happening and learn from it.

	Here's the link to the repository: https://github.com/Pulimet/ADBugger

	App Description:
	ADBugger is a desktop tool designed for debugging and QA of Android devices and emulators. It simplifies testing, debugging, and performance analysis by offering device management, automated testing, log analysis, and remote control capabilities. This ensures smooth app performance across various setups.

	c.content.user_stylesheets = ['/path/to/reddit.user.css']

	# or if you have a directory with .user.css files:

	import glob

	c.content.user_stylesheets = glob.glob('/path/to/*.user.css')