AMA: openSUSE dev for 15 years

  • For security, I use disk-encryption for /home and ensure secrets (e.g. VPN creds) are stored there.
  • all my ssh keys have a passphrase added. Some need a FIDO2 USB-stick to be touched (Yubikey, Nitrokey, Google Titankey).
  • I try to enable 2FA on relevant websites and avoid SMS+email modes. The good ones are TOTP/FIDO2/Passkey.
  • I use a different password on every website using a variant of bmwtools/pwhash at master · bmwiedemann/bmwtools · GitHub
  • I try to stick to packages from the main openSUSE repos so I know those went through a review.
  • In Firefox I use the NoScript, Multi-Account-Container + Sticky-Window-Container addons, so work+banking cookies are kept away from other tabs.
  • I use podman instead of docker, when possible. It runs rootless by default.
  • On my server, everything runs with KVM under its own user with GitHub - bmwiedemann/bmwvm-tools: scripts to start/stop/manage VMs so even when there was an exploit in KVM, there is still some isolation.

I mostly use vim for everything. Sometimes gvim -p for the tabs to edit multiple files. And occasionally gedit when I want to copy-paste large text to a browser window.

2 Likes