data1701d

I once experimented with something similar, except it was supported to trigger my smart speaker and drop into another part of the house to tell me.

Honestly, I really need to replace my proprietary smart speaker system with something self-hosted; it’s just I only recently have had the time to start cinsidering.

Vulnerabilities certainly do exist, but I’m pretty sure the attacker has to be well-equipped

I’d call it a protection against data getting cracked in a petty theft, but if your attack vector is much more than that, there are other measures you should probably take. I think Clevis also works with Yubikeys and similar, meaning the system won’t decrypt without it plugged in.

Heck, I think I know someone who just keeps their boot partition with the keys on it on a flash drive and hide it on their person.

In my case, no; it’s all a single machine - it is in the initramfs and uses the system’s TPM to (relatively) securely store the keys.

It can be set up with an attestation server, but you certainly don’t have to do it. The Arch wiki has a really good article on getting it set up.

I use Clevis to auto-unlock my encrypted root partition with my TPM; this means when my boot partition is updated (E.G a kernel update), I have to update the PCR register values in my TPM. I do it with my little script /usr/bin/update_pcr:

#!/bin/bash
clevis luks regen -d /dev/nvme1n1p3 -s 1 tpm2

I run it with sudo and this handles it for me. The only issue is I can't regenerate the binding immediately after the update; I have to reboot, manually enter my password to decrypt the drive, and then do it.

Now, if I were really fancy and could get it to correctly update the TPM binding immediately after the update, I would have something like an apt package shim with a hook that does it seamlessly. Honestly, I'm surprised that distributions haven't developed robust support for this; the technology is clearly available (I'm using it), but no one seems to have made a user-friendly way for the common user to have TPM encryption in the installer.

I’m pretty sure by default, virtual networks are not enabled automatically if you’re not using virt-manager GUI.

To make it run automatically, run the following: virsh net-autostart default

If it’s not that, just to make it easier to find information, what’s your host distro? I’m guessing by mention of Kickstart files that it’s something Red Hat related, possibly Rocky 9 based on your choice of guest.

Weird. It must be that my taste is very indie/alternative. You can always also check if the artist has their own shop.

That’s how Jonathan Coulton does it. They Might Be Giants does it as well (in addition to a Bandcamp), but most of their stuff from 1990-1996 is stuck on their former label, so they can’t sell DRM-free audio, only vinyl and/or cassette.

Do you have FluidSynth installed? I had similar issues recently - I just have a script that restarts pipewire automatically on login.

PS5 controller also works.

I booted Buildroot with kernel 5.17 on a Pentium II laptop off a CD I burned once - I needed to dump a drive once and that was the only hardware I had on hand that could dump 2.5” IDE drives and had a working CD drive so I could boot something other than the operating system installed on the drive.

Honestly, I rather like the default XFCE terminal. In fact, I was using it even before I used XFCE back when I was just playing with the default GNOME in VMs before I daily-drove Linux.

Is this xfce-winxp-tc? I ‘ve played with it before and it’s awesome.

However, I don’t use it because while the XP start menu replica is cool, I need a Win7-style search bar, and Whiskermenu sticks pit like a sore thumb here.

I think a 7 replica would be awesome, but I think some parts of Aero can only truly be replicated with a new WM and DE, such as the color changes in the taskbar for different applications. Many themes just fall short - proportions and effects are slightly off and such.

I think the main other distro I used in that VM at that time was Fedora 37 at that time, which should have also been using Wayland. I had made the VMs because I was working on Debian packaging for an application I liked and wanted to make sure the modifications I made didn’t break it on other distros.

I’m not necessarily a “Wayland is the embodiment of evil” kind of guy, but I love XFCE and pretty much won’t leave it unless it dies, meaning I’m on Xorg until they port XFWM4.