Skip to content

Latest commit

 

History

History
153 lines (108 loc) · 5.46 KB

README.md

File metadata and controls

153 lines (108 loc) · 5.46 KB

🔧 ~/. dotfiles for Arch Linux Tests


© xkcd.com

🙋‍♂️ Advisory

Many scripts will cache data on your storage device. This data can be used to impersonate you. Encrypt your storage device before it is too late.*

🚀 Getting started

Clone

cd
cd dev
git clone https://github.com/make-github-pseudonymous-again/dotfiles
cd dotfiles

Install software

sudo sh bootstrap/install-base

Install dotfiles

bash bootstrap/dotfiles-update

Install hardware-dependent software

Graphics

Usually one of the following drivers will work. Check the intel graphics, nvidia, and nouveau pages on the wiki.

pacman -S mesa vulkan-intel
pacman -S mesa xf86-video-intel
pacman -S xf86-video-nouveau
pacman -S xf86-video-ati
pacman -S nvidia

Microcode

Configure early loading of microcode updates depending on your CPU (if AMD or Intel).

SSD ATA_TRIM

Setup trimming for all solid-state drives partitions (including the ones under LUKS).

Power

In general, check out Power management on the Arch wiki.

For systems with hybrid graphics (with both an integrated GPU and a dedicated GPU), see Bumblebee to save laptop battery or energy.

Heat

Consider installing thermald.

Install system

Logout, login, then

up -i

Update system

up -a

👩‍🚀 Usage

See wiki.

🚧 Plugins (beta)

This repository has grown so large that, without modification or curation, it is unusable for anybody other than myself. To palliate this issue, I started moving important functionality away from this repository. The goal would be to have a plugin/package and dependency handling system that would work in the realm of configuration files and scripts. See my list of dotfiles packages and the instructions to install a dotfiles plugin.

⚠️ Please use storage device encryption

The advisory above remains relevant even if you do not use these configuration files: you most probably do not use a stateless machine that forgets everything on each reboot. Inside your permanent storage device you will find temporary authentication keys/tokens (e.g. a subset of the browser cookies) for all kinds of services (your bank, your e-mail provider, ...). This is so for convenience and is considered standard practice.

A lower bound on the number of services directly vulnerable to impersonation attacks in case of theft of your computer can be computed by taking the sum of services you actively use and for which you conveniently do not have to enter a password each time you reboot. In most cases, this number is quite high.

Once theft as occurred, in order to defend yourself effectively, you have to revoke all stolen keys/tokens before they get abused. Do you have a list? Are you fast at keyboard typing and point-and-click games? Do you enjoy stressful situations?

Fortunately, a lot of services have traded convenience for security. For instance most banks would use Multi-factor authentication (e.g. Two-factor authentication, or 2FA) to sign any transaction, service change, or even login. Also most of these temporary keys and tokens are really temporary: if your thief waits for too long he will not be able to abuse them.

However, considering I have only given you a glimpse at the list of possible attack vectors enabled by data theft (do you want your family pictures to be dumped on the web?) and considering the availability of good encryption software on most modern operating systems (for server, desktop, laptop, tablet, and mobile), you should consider the investment worth it.

Oh! And theft does not need to occur inside your 24/7 camera-covered, dog-guarded, three-meter-high-fenced property. It can happen anywhere you bring your portable devices. It can also happen in a dumpster, right after you "recyled" your "old" device.

Please use storage device encryption.

👏 Credits