thayer

As mentioned elsewhere, the easiest method is to encrypt only the data drives. This way you can secure shell into the server upon restart and decrypt the data. I've been using this method for years now without issue.

You'll need to provide specifics if you want solutions to many of these issues.

• What exactly isn't working with your Yubikey?
• Which bank apps? Did you check the compatibility list maintained by GOS?
• Which apps aren't working without Google Play?

For the keyboard, there are several FOSS keyboards which support spacebar navigation, but you can also install Gboard and simply disallow any permissions, including network access.

Regarding Signal, this would be a reality for anyone with a non-Apple device. You may need to find a compromise and simply use SMS, RCS, or even just email when dealing with certain people.

There will always be one-off features available only on other devices or platforms. Only you can decide whether they are worth the cost of security and privacy.

If you're now getting I/O errors that won't even get you booted, it sounds to me like drive failure is imminent.

For what it's worth, I've never had to change my io scheduler in the nearly twenty years I've used Linux. You can check your current scheduler with the following command: cat /sys/block/sda/queue/scheduler (change the block device to whatever yours is...sda, nvme0n1, etc.).

In my case, it was already bfq: one mq-deadline kyber [bfq]

Distrobox will resolve your issue with VSCode and then some. Run archlinux, debian or whatever you want as a container. Then, install VSCode/VSCodium (and any other apps that Chimera lacks) inside the container OS. This will keep your development environment containerized and safely away from your host OS.

Thank you, sebastinas and gang!

It definitely sounds like a hardware issue since it has survived multiple disk wipes and distro changes.

1. Make and verify your backups now if you don't already have them
2. Are you using the command line package manager or GUI?
3. What is your current distro?
4. Are you near capacity on your storage?
5. Run a S.M.A.R.T. test and review the results

I've been very happy with both Silverblue and Kinoite. I've installed it to all of my workstations now and can't imagine ever going back to a traditional distro.

Your comments suggest that you're already aware of distros like Silverblue so, if I may ask, how are these different than what you're looking for? Silverblue comes with several flatpaks installed, but you can easily remove these and you'll be left with a pretty barebones ostree image.

I've been super happy with my 8th gen Intel NUC i5. I put it in an Akasa Turing fanless case, installed an NVMe for host OS, and an 8TB SSD for data. It's low power and so quiet that I couldn't imagine ever using fans again.
I also have a USB 3.2 drive dock for external backup HDDs, but I only turn it on when actively doing a monthly backup.

8TB holds more media than I'll ever need, but I do trim movies and shows regularly. For some, 8TB won't be anywhere near enough, and SSDs exceeding this are ridiculously expensive.

We swapped our 2080s for 6800 XTs last year and couldn't be happier...a 7900 GRE should be great for gaming, but I can't speak to LLM performance.

I was able to extract the img from the ISO using geteltorito as described in section 5 of this ArchWiki article. Once you mount the resulting img file, you'll end up with the same file contents achieved by running their Windows BIOS Utility through wine.

The relevant binaries appear to be under the folders, N24ET76P and N24ET76W. Both scan clean for me, for whatever that's worth:

curl -X POST -F'file=@N24ET76P/$0AN2400.FL1' https://pk.fail
{"details":{"analysis-time":"1.395106993s","hashes":{"md5":"ba73792a5fc831ca84b4cd3a21c03247","sha1":"24a5bb42d670c7705aed06588f0092ec11a32564","sha256":"b9510c73657460ae24c550b71d217a543b0fc3c30a3e081eff31d9d8f1a2bdda","sha512":"8ef6f0dcffbca05b79710b8599b1b1c926ee59185a675bc7eeede6da040c751097303ada523611271de6aaf190a597cdd6e9d5cf564d06987abcf712f61227c6"}},"status":"not-vulnerable"}

curl -X POST -F'file=@N24ET76W/$0AN2400.FL1' https://pk.fail
{"details":{"analysis-time":"1.438471526s","hashes":{"md5":"de1551b0bcc73e19375f7111def72278","sha1":"cd41f36d018f940c308a7be25a20e81bdb7e4cf2","sha256":"b3f646095e47bb94f04390c756cb4133201b1231a8b224174f10bb06bd3835f2","sha512":"55143f4903f92d88057bc9d4232b0d328e9ace36330f35fafdf0485d8bebb3f79b9fedc88ab1dec7fc04a8a3e0890887c1dd7632a2ffa397fb0917be90e3f93f"}},"status":"not-vulnerable"}

The linux command mentioned in the Ars Technica article elsewhere here is efi-readvar -v PK. For Fedora and Arch users, efi-readvar is available in the efitools package.

Edit: Clarity