Sandboxing in systemd? I would’ve shown my (somewhat manual) method but then I was strolling through the GitHub and saw shh (systemd hardening helper). It uses strace to generate suggestions. You’ll need to be extremely careful, playing inside a sandbox summons debugging hell. I tried it briefly.

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
Why dabble with Firefox? Everything is customizable. How long will this be so? Who knows. , I have custom stylesheets that hide comments everywhere (Firefox/Chrome) among other things. “Experts” only?
about:debugging#/runtime/this-firefox
chrome://browser/content/browser.xhtml
toolkit.legacyUserProfileCustomizations.stylesheets true

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
I was twiddling a bit with neovim (lua) and realized something. You’ve got on one end in the hyper dimension, and overpowered hyper dimensionizable programmable editors? on the other emacs (elisp). Neovim is vim’s (vimscript) successor.
All enjoy a similar predicament. The truth (of time) is that no one really learns an IDE (forget programmable editors). Many IDEs exist now with natural language bells and whistles to the minutiae.
Natural language bridges a (psychological) accessibility and discoverability gap. Of course, if you don’t win the lottery enough times, you’ll be left hanging dry (on tokens).

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
How hard is it to run Linux? It depends on your luck and persistence. I received a junked Lenovo 11e Chromebook recently and it would always freeze at 99% during any distribution install (classic). Enabling a kernel parameter fixed it. How did I know this? Don’t even ask.
#define SDHCI_QUIRK_BROKEN_CQE (1<<17)
(1<<17) = 0x20000
sdhci.debug_quirks=0x20000

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
There are a lot more speech programs on Linux now. I was a bit curious and searched through the distribution package managers recently.
Some use Vosk or Onnx as runtimes.

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
To quiet down Firefox’s network activity at the application level:
Set global (about:policies
) policies in
/etc/firefox/policies/policies.json
Block untrusted connections with
proxy.pac
[?]
in policies.json
. Enable the
file in (about:settings
) network settings.
Additionally user.js is configurable (mine). Firefox derivatives do similar pre-configurations. Chromium derivatives have policy settings too.

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
There’s a quick way to test the offline behaviour of programs on Linux.
unshare -c -n bash
Then only loopback is available.
$ ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
List network namespaces with lsns
.
$ lsns -t net
NS TYPE NPROCS PID USER NETNSID COMMAND
999 net 2 111 user 3 systemd
888 net 1 222 user unassigned └─bash

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
In UNIX everything is a file. A file is a file and a directory is a special kind of file…

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
I saw something peculiar the other day. Hallucination? The microsoft.com domain was serving up 192.168.1.0 and 192.168.1.1 as A records in a 7 address round robin.
That’s a spooky reminder to check your rebinding setup — that is, if you’re playing with fire ().
For example,
unbound
with private-address
and private-domain
. Then
test if DNS rebinding is possible.

Another wandering soul whispering into the void. If you are looking for my blog you are in the wrong place. The profile and header pictures are brought to you by cdd20.
Are the caches warmed up? vmtouch and fincore are two useful programs.
What do they do? Basically, one can peek at what’s been cached into memory. I somehow ended up re–looking into this today. The Linux kernel is intelligent.