I think you mean registers not buffers. buffers are file(s) loaded in memory while registers contain text yanked/deleted/last command/last search, etc.
You can see all registers in use with :registers
, to paste from a register say "2
in insert mode use key combination <ctrl-r>2
or in normal mode "2p
. You can check out more in :help registers
. Unnamed register or ""
is the system clipboard I think. To copy texts in a register you can prepend yank (/delete/cut, etc.) with that register "_
(for black hole register[^black_hole])
This is for neovim. Have keybinds for them and there saved you a plugin :D
[^black_hole]: Text yanked in this register is gone, i.e. it's not saved in any register.
I wouldn't be so sure it doesn't affect NixOS^[1].
I am not a security researcher, nor a reverse engineer. There's lots of stuff I have not analyzed and most of what I observed is purely from observation rather than exhaustively analyzing the backdoor code.
Also, it may take 10 days to downgrade the package^[2].
I remember seeing a post on lemmy blocking posts with certain words on firefox (and its derivatives) with ublock origin.
- Open
My filters
tab in ublock origin extension settings. - To block posts with word
random
onlemmy.ml
, add this to text fieldlemmy.ml##div.post-listing:has(span:has-text("/random/i"))'
.i
afterrandom/
matches case insensitively.
grep -i fried menu
I have no idea what TPM is
Read Skull giver's reply or look it up.
Re-reading your post, I take you want to avoid typing long and tedious password? And that's why you want to auto-decrypt?
- (Recommended) You could use strong memorable passwords that are not difficult to type and enable autologin. Related xfcd comic:
- systemd-cryptenroll: For TPM usage, I highly recommend using secure boot. Though not sure if you can easily do that. A less secure alternative using systemd-cryptenroll would be use tpm2-pin and bind key to no pcrs (discouraged). But then you'll have to use luks2 for encryption.
Notice from
man systemd-cryptenroll
regarding tpm2-pin:
Note that incorrect PIN entry when unlocking increments the TPM dictionary attack lockout mechanism, and may lock out users for a prolonged time, depending on its configuration. The lockout mechanism is a global property of the TPM, systemd-cryptenroll does not control or configure the lockout mechanism. You may use tpm2-tss tools to inspect or configure the dictionary attack lockout, with tpm2_getcap(1) and tpm2_dictionarylockout(1) commands, respectively Also tpm2-pin is not disk encryption password and short alphanumeric password needed so tpm decrypts the device; so encryption password should be secured in a safe place. Also check if your distro supports systemd-cryptenroll.
-
usb drive: read previous comment
-
clevis: It probably isn't as simple as systemd-cryptenroll but I guess you can use zfs and combine that with tpm2-pin if not using secure boot (discouraged).
You'll have to make a compromise somewhere between security and convenience. Even if you use pam mount, you'll have to enter the password, biometrics won't do.
Edit: remove unnecessary user tag and add img uri
Assuming you want:
- Single password prompt instead of auto-decrypt with tpm
- User's files to be encrypted
There are several ways to achieve this:
-
autologin (recommended for single user system): / is encrypted using luks or zfs native encryption and user's home needs to be unencrypted. User's password may be same as encryption password for convenience, though they still are two passwords used for different purposes.
-
pam mount: / is unencrypted or auto-decrypted and user's home is encrypted independently from / using zfs,luks,fscrypt,etc. In this case, user's login password must be same as user's home encryption password. It's suitable for multi-user system. NOTE: It cannot be used with autologin since user's home needs to be decrypted to log in.
WARNING: For tpm usage, using secure boot is highly recommended to prevent unauthorized user from accessing key stored in tpm.
To prevent auto-decrypt with tpm, tpm-pin can be used (with autologin for requirement #1).
-
systemd-cryptenroll with/without tpm: As far as I know it can be only used to unlock disk encrypted with luks2. It can be used without tpm with pkcs11-token (e.g. YubiKey) or fido2-device. It also uses parameter encryption while key is unsealed, so safe from key sniffing via communication bus. This is easy if secure boot is enabled and luks2 is used for encryption.
-
clevis with tpm: It can be used in place of systemd-cryptenroll. May be used with zfs native encryption. Though I'm not sure if it uses parameter encryption (correct me).
-
unencrypted keyfile on usb: Not sure about zfs, but you can use keyfile on a usb drive to decrypt luks containers.
NOTE: I'm not a forensic/security expert. I listed a brief overview of methods I could think of to keep user's files encrypted while providing single password till login.
Meanwhile kde scattering everything in .config/
afaik openzfs provides authenticated encryption while luks integrity is marked experimental (as of now in man page).
openzfs also doesn't reencrypt dedup blocks if dedup is enabled Tom Caputi's talk, but dedup can just be disabled
that sounds good.
Have you used luks integrity feature? though it's marked experimental in man page
oh shit I forgot to set up subvolumes
lol
I'm also planning on using its subvolume and snapshot feature. since zfs also supports native encryption, it'll be easier to manage subvolums for backups
It'd help if you mentioned the package itself.
Let's say you wanted to install neovim, there are many similar packages available, viz. neovim, neovim-gtk, neovim-qt, etc. they all have description and most packages have link to homepage, hinting their purpose. But you can ignore *-unwrapped packages if you are not packaging yourself.
This seems like packaging problem, most of the time it works. If not, notifying the maintainers via issues could help or you'll have to fix it for yourself or use other package manager.
Go to package homepage if available and check their releases and compare them with version shown on search.nixos.org. If homepage is not available, go to source and get the url from src attribute and check the original source and compare with version shown on search.nixos.org.
You can check the commit history for the "source" file. Also you can update it yourself. If you're lucky and know nix, then you'll only have to update the url/version and hash like here.
you can checkout https://nixos.wiki/wiki/Nix_command and may be https://nix.dev/manual/nix/2.18/. Unfortunately I can't find an comprehensive guideline for begineers. Others can chime in if they know.
Notice about experimental features nix-command and flakes.
If you see documentations other official sources, most often they'll use flakes/nix-command but since they're not officially stabilised (not as in broken) yet, documentation/blogs may vary. This can be quite frustrating if you don't know about it.
Without flakes/nix-command, to install (let's say) neovim on non-NixOS distro
nix-env -iA nixos.neovim
, you can see that when search on search.nixos.org and click on the required packages, then choose one of the three tabs: nix-env, nix-shell or NixOS-configuration.nix-env installs the packages in your user environment, you can rollback and stuff.
nix-shell downloads the package and spawns a new shell (your shell prompt changes to [nix-shell]:) and you can use the package there and package won't be installed. This is good for trying packages before installing.
For using flakes/nix-command, first you'll have to enable them otherwise you'll get this error
you can append
--extra-experimental-features nix-command
to the above commandnix shell nixpkgs#neovim --extra-experimental-features nix-command
and it'll work temporarily.OR
Append this line
experimental-features = nix-command flakes
to /etc/nix/nix.conf to enablenix-command
andflakes
.nix shell nixpkgs#neovim
is equivalent tonix-shell -p neovim
though in the former it's using nixpkgs-unstable branch of github.com/nixos/nixpkgs.nix profile install nixpkgs#neovim
is equivalent tonix-env -iA nixos.neovim
though it's said to stop using nix-envPS: This could be more comprehensive, my writing skills are shit lol