Works for me with Voyager on mobile.

Intel Outside

Shriveled up in fear

Tldr:

Rootful podman with podman run --userns=auto is more secure than one rootless host user running many pods, because those pods could (theoretically) attack each other.
though you still have the possibility of an exploit in the image pull

Rootless podman running one pod (as in service including database and so on) per host user with different subuid Ranges is the most secure, but you have to actually set that up which can be a lot of work depending on distribution.

All devices launching with Android 10 and higher are required to use file-based encryption.

To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:

• Kernel Support for Ext4 encryption or F2FS encryption.

• Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys.   
  

• Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys.   
  

• Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.

https://source.android.com/docs/security/features/encryption/file-based?hl=en

Lose access to your MS account = lose your data forever. No warnings, no second chances. Many people learn about BitLocker the first time it locks them out.

It seems like they just got locked out of their Microsoft account (which stores the bitlocker key). Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?

Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.

But my streak is at 419, I can’t stop now!

Most backdoors are dangerous and dumb.

Why do you need EV certs?

Absolutely bamboozled

Just the usual amount. I don’t think we want to know.

^{We’re a smaller chamber but a lot more echo.}

Somethign I haven’t seen mentioned yet is clevis and tang, basically if you have more than one server then they can unlock each other and if they’re spatially separated then it is very unlikely they get stolen at the same time.

Though you have to make sure it stops working when a server get stolen, using a mesh VPN works just as well after the server is stolen so either use public IPS and a VPN or use a hidden raspberry pi that is unlikely to be stolen or make the other server stop tang after the first one is stolen.

but I often have to use email on other people’s computers

why?

public computers have usb drive access disabled

But why would you ever want to log in to your private e-mail on a public computer?

Luckely we’re not relying on emails for security relevant and or private information, right?

The emails are unencrypted, emails in transit are in transit between the e-mail servers and relays and use secure tls channels.
They are only encrypted from your phone/notebook/browser to the server, then when send they will be encrypted till the next server.

Every server/relay first decrypts everything send to it, because it has to due to the TLS terminating at each server.

See also your source:

Transport Encryption: This form of encryption is used to secure your emails while they are transmitted over the internet. Most of today’s email services, including Gmail, employ transport layer security (TLS) to protect emails in transit. While it encrypts emails between servers, it doesn’t protect the content once it reaches the recipient’s inbox.¹

In practical terms, Your e-mail server, your e-mail servers relay (if it has any) and your recipients relay server/server can all read your email unless

End-to-End Encryption (E2EE): E2EE takes encryption a step further. It ensures that only the sender and the recipient can decrypt and read the emails. Even the email service provider cannot access the contents of the email. E2EE is typically achieved through third-party encryption tools or services.¹

Which takes active effort from both the sender and the recipient to make work - it’s almost only possible with people you know and little else.

¹ https://umatechnology.org/gmails-new-encryption-can-make-email-safer-heres-why-you-should-use-it/

You can use caddy-l4 to redirect some traffic before (or after) tls and to different ports and hosts depending on FQDN.

Though that is still experimental.

Only thing I can comment on is that 99% of all E-Mails you will get are unencrypted and can be read by your relay. (There are few e2e encrypted emails being send.)

So either trust them or don’t use a relay.

Step 1: Get write access to the project you dislike.

They don’t have quantum in the name.