plembo

Brave on Linux desktop

Brave is a fork of Google's Chromium that provides a privacy-respecting alternative to the commercial Google Chrome browser. I use it where LibreWolf won't work at all or without unreasonable effort, like when I need WebUSB or a site's code spectacularly fails to conform to web professional best practices.

It goes without saying that what follows reflects my experience on Ubuntu 22.04 LTS desktop at a moment in time. Like many other software apps, the availability and configuration of some features change over time: so YMMV!

Installation

Brave works on all platforms. Since I'm currently on Ubuntu desktop, I follow the installation instructions for that distribution.

Configuration

The defaults for Brave are pretty reasonable, but here are the changes I make in Settings:

plembo

IronFox on Android

IronFox is a privacy-minded fork of Firefox mobile for Android. It comes recommended by the LibreWolf project, who have a similar privacy focus for the desktop. What I like most about both of these forks is that their choice of defaults requires minimal effort on my part to set up and maintain my primary browser.

Installation

Because I already make use of F-Droid for installing open source apps that are not included by Google's Play Store, I have added IronFox's standalone F-Droid repository to the F-Droid app on my Android devices and use that to install IronFox.

Configuration

Here are the changes I make to Settings in IronFox after installing:

1. Open browser and accept the setup defaults (choose Cloudflare as DNS-over-HTTPS provider)

plembo

LibreWolf on Linux

LibreWolf is my standard desktop browser. It is a Firefox fork that makes my llfe easier by having sensible privacy defaults out of the box.

Installation

As I am currently on a Debian based distribution (Ubuntu, likely transitioning to Mint), following these instructions.

Configuration

Because of its shipping defaults, I have found LibreWolf quick and painless to configure. Here are the changes I make in Settings after installing:

1. Home > Homepage and new windows > Custom URLs: enter my personal homepage URL

plembo

Keyboard shortcut to kill X11 server under Ubuntu desktop

The decision to disable/change the venerable Ctrl-Alt-Backspace keyboard shortcut for killing the X server in the Ubuntu/Gnome desktop has been a persistently unwise one.

At least for now, the most straighforward way to restore it is to install gnome-tweaks. Then go to:

Keyboard & Mouse > Additional Layout Options > Key sequence to kill the X server

Ctrl+Alt+Backspace: checked

References:

plembo

Custom settings for Vivaldi on the desktop

NOTE: I haven't used Vivaldi in some time, but in light of the downward spiral of Mozilla I'm restoring this gist just in case.

This is a relatively short list for a reason: at least as of version 7, Vivaldi's default settings are reasonably secure, private AND ergonomic. Note that the settings available for the mobile versions of Vivaldi differ considerably from those in the desktop versions.

Also keep in mind that my configuration with Vivaldi ysed just four extensions: uBlock Origin Lite, Bitwarden password manager, Raindrop bookmark manager, and Dark Reader to apply dark mode to web pages. As a result, I disable any corresponding services built into the browser. I don't allow my browsers to store bookmarks, passwords, contacts, addresses or payment info.

Only my changes to the defaults appear below.

• General > Homepage > Specific Page > your favorite homepage

plembo

Notes on local DNS for Android

Recent releases of Android famously ignore/bypass any local (i.e., self-hosted) nameserver passed along by DHCP or specified in a wifi profile, in favor of Google's own public nameservers. The only other option is to enable "Private DNS" (DNS over HTTPS, or DoH) in the global network settings for your devices. The stated reason for this are easy to understand: to avoid compromising security or privacy when connecting to random wifi networks. But we all know there's more to it than that. The most charitable explanation would be that Google (and others, including Mozilla) is fixated on getting everyone on DoH, even at the cost of frustrating we few peasants who want to run our own local DNS. Let them eat cake.

There are a few alternatives available to those of us who would like to address local hosts and services on our home networks by name, rather than IP address:

1. Apple mDNS. Like Microsoft's legacy WINS, mDNS still isn't very reliable and won't work for hosts and device

plembo

Firefox install checklist

WARNING: Mozilla has a habit of changing the order and content of Firefox settings on different platforms and between versions (they seem to especially enjoy stripping options out of their mobile versions). Those changes may not be reflected here (I already have a day job).

Installation

The following procedure was tested with Firefox 136 (64-bit) on Ubuntu 22.04 LTS running the default Gnome desktop.

For Ubuntu Desktop I use the binary installer (https://www.mozilla.org/en-US/firefox/new/) and basically follow the official documentation for system installation [1]. To allow automatic updates I set permissions so my user has write permissions over /opt/firefox (on my systems I'm a member of the local staff group, so I do ```sudo chown -R root:staff /opt/fir

plembo

My Public Key

This is my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFkd45EBCADEL7qh/BTL3IjjBuZX1orf5J8QnCYbqFN63/z8YSUxPN1vfao0
+ZU9xKEbkfdbNZl7GfMz5wyOr8tXU13orbaaoL9ZbPTCG/B9fy1BFgo3d/5JExd2
x7gveSCVpAEBPFpTaDjPjSZEdXAUCqYLEBLLDipGNZKxkbWZYLeDzOoBbL8P9Mob

plembo

icsp: a ICS to TSV converter

Alexandre Lotte, the author of icsp describes it as a "Small, fast and simple command-line tool to conver calendar exports (.ics files) into TSV/CSV files for easy analysis and usage in broader use-cases."

And so it is.

I had accidentally imported a holiday calendar into my default Proton Calendar, when I realized two very horrible things: (1) I had no backup; and (2) no one really provides tools for removing entries from calendars in bulk. Later, I would add "Proton Calendar doesn't have a versioning system". But then, no one else does either.

I was screwed.

A few minutes (OK, about a half hour) of searching the Internet, and I found icsp: which turned out to be everything its author wrote that it is.

plembo

One (non-root) podman account to rule them all

NOTE: This was written while experimenting with using podman in lieu of docker. But please be aware that not all docker solutions are compatible with podman, and some may still require root even under podman.

Going rootless is one of the main reasons for switching to podman. But if you're running shared services on server for internal users and don't want a separate account for each app, creating a special (non-privileged) account for all pods may be the answer.

This work was done on Ubuntu 22.04 LTS using the shipping Ubuntu package for podman (podman-3.4.4+ds1-1ubuntu1).

Prerequisites

Install podman and enable the podman.socket service (I'm using the version in my distro's official repository):