Ha! I sound keen like an AI cause I was thinking about exactly this problem when I saw your post and have been continuing to research.
The GNOME keyring does not defend against rogue processes for now. However KDE wallet can prompt a user before access (I’ve not tried it):
https://docs.kde.org/stable_kf6/en/kwalletmanager/kwalletmanager/wallet-access-control.html
…this seems a fair bit safer, presuming it works.
Some hints here:
https://wiki.archlinux.org/title/GNOME/Keyring#PAM_step
- Alternatively, if using GDM and LUKS, GDM can unlock your keyring if it matches your LUKS password. For this to work, you need to use the systemd init in your mkinitcpio.conf as well as the appropriate kernel parameters, and you should make sure that your system’s real-time clock is set to UTC rather than local time (see [2]). See [3] for more details.
When using a display manager, the keyring works out of the box for most cases. GDM, LightDM, LXDM, and SDDM already have the necessary PAM configuration. For a display manager that does not automatically unlock the keyring edit the appropriate file instead of
/etc/pam.d/loginas mentioned below.
I think you are absolutely right to examine whether your system defaults to too much convenience versus security for your threat model. For GNOME keyring:
Any application can easily read any secret if the keyring is unlocked. And, if a user is logged in, then the login/default collection is unlocked. Available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used by default and would be easy to bypass anyway.
The GNOME project disagrees with this vulnerability report because, according to their stated security model, untrusted applications must not be allowed to communicate with the secret service.
Applications sandboxed via Flatpak only have filtered access to the session bus.
https://wiki.archlinux.org/title/GNOME/Keyring#Security
So while flatpaks that play the game are ok everything else is on trust. For the average user perhaps this is the right balance, though your Signal example suggests it’s too lax for anyone nowadays.
I would like to see system secrets protected however they are accessed, not just for flatpaks.
F-droid themselves gave an update in April:
https://f-droid.org/en/2026/04/03/twif.html
If you’ve been holding off updating Syncthing-Fork we have two pieces of news for you. First, the original dev continues to collaborate still, we know this was a pain point back then. Second, we’ve just added BasicSync, A simple app for running Syncthing, which just controls Syncthing’s running behaviour as hands off as possible, while the original service hums in the background.
So it seems since the handover things have settled but there is also a new fork which takes a more bare-bones approach.
Grateful the SFC has got users’ backs!
…[the group] has claimed responsibility for similar DDoS attacks on the likes of eBay’s Japan and US divisions, as well as BlueSky in just the past month alone.
Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros.
From the github if you were wondering:
Free, open-source, self-hosted wardrobe organizer. Catalog clothes, build outfits, PWA. Docker one-liner deploy.
I mention https://lemmy.ca/c/linuxphones in case you’ve not found it already. It’s not like an authoritive, central forum where everyone goes but maybe it’s a start.
For example filesystems like btrfs can be very sensitive to errors in ram due to all the checksumming. On the positive side you’ll know about it fast!
More than one it seems:
https://forum.typst.app/t/tinymist-vs-typst-vim-vs-typst-preview-nvim/1775/7
Rick Astley’s birthday is 6th Feb 1966, just saying
Hello
Somebody developed a Home Assistant integration for monitoring and managing sourdough starters
I like your thought so I wondered if there is a site to help people pick a distro and found this:
For a windows gamer type of person it came up with Linux Mint
https://distrochooser.de/en/d59f9b3e7b9b/
…at the top of a long list of other choices. Not bad!
NY is next
New York Senate Bill S8102A goes further. It “requires manufacturers of internet-enabled devices to conduct age assurance” to check all users’ ages, and provide this info to “all websites, online services, online applications and mobile applications” – as well as app stores.
At 5mbps it should take about 1 hour for 2GB. It sounds like your actual speed is 2-3x lower. Can you take that up with your ISP? Are you certain your machine has the best connection within your control, i.e. directly wired into the router? Network equipment is not faulty? Have you tested with iperf within your network? Just in case there’s another issue beside the slow external speed…
Another thing that springs to mind is to use a backup tool like restic that will not only compress but deduplicate your data into hundreds of small files that might make upload faster. Dedup can save significant space and you can try it out locally first. Just do restic init then restic backup PATH.
Restic can use rclone as a backend also and upload straight to google: https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#other-services
Finally there’s sometimes nothing faster than physically moving data. A person jogging with a 100gb drive has great bandwidth! Is there a location with better internet within reach? A library or school perhaps?
The danger being raised with the licensing is that you can’t license something if you’re not considered to be the author. There are growing examples of courts and lawmakers determining AI output to be public domain:
The US Supreme Court recently refused to reconsider Thaler v. Perlmutter, in which the plaintiff sought to overturn a lower court decision that he could not copyright an AI-generated image. This is an area of ongoing concern among the defenders of copyleft because many open source projects incorporate some level of AI assistance. It’s unclear how much AI involvement in coding would dilute the human contribution to the extent that a court would disallow a copyright claim.
https://www.theregister.com/2026/03/06/ai_kills_software_licensing/
This is an evolving, global situation and hard to know what to do right now. I think what you’ve got is fine though - you’ve made it clear your intention is to license with AGPL. It’s just that depending on the jurisdiction it might be public domain instead.
This is another reason to be clear about the use of AI in the README so your users can make an informed decision.
nmcli to support wireguard peers, nice
Don’t encrypt the drive, encrypt the backups and put your keepassdb alongside. Use restic or similar that encrypts backups.
The contention is that Mattermost say it’s licensed under AGPL but then they add conditions which are incompatible with that license. So it seems they want to give appearance of AGPL but not give the actual rights that come with it. So therefore it’s not AGPL.
That’s good!