I want to prevent myself from reinstalling my system.

Any even remotely normal file on disk doesn’t stop that, regardless of encryption, privileges, attributes or anything your running OS could do to the drive. If you erase partition table it’ll lose your ‘safety’ file too without any questions asked as on that point the installer doesn’t care (nor see/manage) on individual files on the medium. And this is exactly what ‘use this drive automatically for installation’ -option does on pretty much all of the installers I’ve seen.

Protecting myself from myself.

That’s what backups are for. If you want to block any random usb-stick installer from running you could set up a boot options on bios to exclude those and set up a bios password, but that only limits on if you can ‘accidently’ reinstall system from external media.

And neither of those has anything to do on read/copy protection for the files. If they contain sensitive enough data they should be encrypted (and backed up), but that’s a whole another problem than protecting the drive from accidental wipe. Any software based limitation concerning your files falls apart immediately (excluding reading the data if it’s encrypted) when you boot another system from external media or other hard drive as whatever solution you’re using to protect them is no longer running.

Unless you give up the system management to someone else (root passwords, bios password and settings…) who can keep you from shooting yourself on the foot, there’s nothing that could get you what you want. Maybe some cloud-based filesystem from Amazon with immutable copies could achieve that, but it’s not really practical on any level, financial very much included. And even with that (if it’s even possible in the first place, I’m not sure) if you’re the one holding all the keys and passwords, the whole system is on your mercy anyways.

So the real solution is to back up your files, verify regularly that backups work and learn not to break your things.

What’s your end goal here? You try to keep files just on that one media without any options to make copies of them? Or maintain an image which has enforced files at their directories? And against what kind of scenarios?

ACLs and SELinux aren’t useful as they can be simply bypassed by using another installation and overriding those as root, same thing with copying. Only thing I can think of, up to a degree, is to use immutable media, like CD-R, where it’s physically impossible to move files once they’re in place and even that doesn’t prevent copying anything.

Geeqie is a quick one to go trough photos and it groups RAW+JPG as a single item on preview, so even a few hundred photos are quickly ran trough with just a keyboard. I’m not sure on how well it manages tags as I don’t use it for tagging, but it’s most likely in your distros repository so testing it out is quick.

Then do sudo apt install xfce4 and sudo apt purge cinnamon* muffin* nemo*.

It’s been a while since I installed xfce4 on anything, but if things haven’t changed I think the metapackage doesn’t include xfce4-goodies and some other packages, so if you’re missing something it’s likely that you just need to ‘apt install xfce4-whatever’. Additionally you can keep cinnamon around as long as you like as a kind of a backup, just change lightdm (or whatever login manager LMDE uses) to use xfce4 as default. And then there’s even lighter WM’s than XFCE, like LXDE, which is also easy to install via apt and try out if that works for you.

I understand the mindset you have, but trust me, you’ll learn (sooner or later) a habit to pause and check your command before hitting enter. For some it takes a bit longer and it’ll bite you in the butt for few times (so have backups), but everyone has gone down that path and everyone has fixed their mistakes now and then. If you want hard (and fast) way to learn to confirm your commands, use dd a lot ;)

One way to make it a bit less scary is to ‘mv <thing you want removed> /tmp’ and when you confirmed that nothing extra got removed you can ‘cd /tmp; rm -rf <thing>’, but that still includes the ‘rm -rf’ part.

Absolutely. Maybe leave Gnome/KDE out and use a lighter WM, but they’ll be just fine. Specially if they have 8GB or more RAM. I suppose those have at least dual core processors, so that won’t be a (huge) bottleneck either. You can do a ton of stuff with those beyond just web browsing, like programming/text editing/spreadsheets and so on. I’d guess that available RAM is the biggest bottleneck on what they can do, specially if you like to open a ton of tabs on your browser.

Make sure you have package alsa-utils installed and try to run alsamixer. That’ll show all the audio devices your system detects. Maybe you’re lucky and it’s just that some volume control is muted and if you’re not it’ll give you at least some info to work with. Majority of audio devices don’t need any additional firmware to work and they almost always work out of the box just fine. What’s the hardware you’re running? Maybe it is something exotic which isn’t installed by default (which I doubt).

And additionally, what you’re trying to play audio from? For example MP3’s need non-free codecs to be installed and without them your experience is “a bit” limited on audio side of things.

They both use upstream version number (as in the number software developer gave to the release). They might additionally have some kind of revision number related to packaging or some patch number, but as a rule of thumb, yes, the bigger number is the most recent. If you should use that as a only variable on deciding which to install is however another discussion. Sometimes dpkg/apt version is preferred over snap regardless of version differences, for example to save a bit of disk space, but that depends on a ton of different things.

Mullvad (apparenlty, first time I’ve heard from the service) uses DNS over TLS and I don’t think that the current GUI version has the option to enable it. Here’s a quickly googled howto from Fedora on how to enable it on your system. If that doesn’t help search for ‘NetworkManager DOT’ or ‘DNS over TLS’.

Imperial, adjustable, left handed wrench. Or left handed any common hand tool (hammer, spanner, screwdriver…). Muffler bearing. Light bulb for the crank case. Blinker fluid. The list goes on.

And, within reason, I think those are pretty decent pranks. No one gets hurt, many get a good laugh out of it, including the one looking for a two headed hammer if executed properly.

I don’t know where the Debian project is based.

Trademark and at least some copyright for the project is owned by an entity in the New York and Ian Murdoch who started the project was US citizen. But calling the whole project as USA based is wrong, it is based ‘on the internet’ as even the core team is spread across the globe.

I’m tempted to say systemd-ecosystem. Sure, it has it’s advantages and it’s the standard way of doing things now, but I still don’t like it. Journalctl is a sad and poor replacement from standard log files, it has a ton of different stuff which used to be their separate own little things (resolved, journald, crontab…) making it pretty monolithic thing and at least for me it fixed a problem which wasn’t there.

Snapcraft (and flatpack to some extent) also attempts to fix a non-existing problem and at least for me they have caused more issues than any benefits.

It’s been a while (few years actually) since I even tried, but bluetooth headsets just won’t play nicely. You either get the audio quality from a bottom of the barrel or somewhat decent quality without microphone. And the different protocol/whatever isn’t selected automatically, headset randomly disconnects and nothing really works like it does with my cellphone/windows-machines.

YMMV, but that’s been my experience with my headsets. I’ve understood that there’s some propietary stuff going on with audio codecs, but it’s just so frustrating.

The command in question recursively changes file ownership to account “user” and group “user” for every file and folder in the system. With linux, where many processes are run as root and on various other accounts (like apache or www-data for web server, mysql for MySql database and so on) and after that command none of the services can access the files they need to function. And as the whole system is broken on a very fundamental level changing everything back would be a huge pain in the rear.

On this ubuntu system I’m using right now I have 53 separate user accounts for various things. Some are obsolete and not in use, but majority are used for something and 15 of them are in active use for different services. Different systems have a bit different numbers, but you’d basically need to track down all the millions of files on your computer and fix each of their permission by hand. It can be done, and if you have similar system to copy privileges from you could write a script to fix most of the things, but in vast majority of cases it’s easier to just wipe the drive and reinstall.

I’ve ran into that with one shitty vendor (I won’t/can’t give any details beyond this) lately. They ‘support’ deb-based distributions, but specially their postinst-scripts don’t have any kind of testing/verification on the environment they’re running in and it seems to find new and exiting ways to break every now and then. I’m experienced (or old) enough with Linux/Debian that I can go around the loopholes they’ve left behind, but in our company there’s not too many others who have sufficient knowledge on how deb-packages work.

And they even either are dumb or play one when they claim that their packages work as advertised even after I sent them their postinst-scripts from the package, including explanations on why this and that breaks on a system which doesn’t have graphical environment installed (among other things).

But that’s absolutely fault on the vendor side, not Debian/Linux itself. But it happens.

I don’t know about homeassistant, but there’s plenty of open source software to interact with odb2 at least for linux. With some tinkering it should be possible to have bluetooth enabled odb2 adapter where you can dump even raw data out and feed it to some other system of your choise, homeassistant included.

If you want live data from the drive itself you of course need to have some kind of recording device with you (raspberry pi comes to mind) but if you’re happy just to log whatever is available when parking the car you could set up a computer with bluetooth nearby the parking spot on your yard and pull data from that. It may require that you keep the car powered on for a while after arrival to keep bus active, but some cars give at least some data via odb even when without the key being in ignition lock.

Wait a second. They used AMPRNet to manage these things? In here this kind of things are either hardwired to the internet or they use 3/4/5G uplink and while of course techinally possible either way to breach the system it’s a bit more difficult to find out proper IP’s and everything.

Once upon a time I had a task to plan a scalable system to display stuff on billboards and even replace printed ads on stores with monitors. The whole thing fell down as we couldn’t secure a funding for it, but I made a POC setup where individual displays had a linux host running and managing the display with (if memory serves) plain X.org session with mplayer (or something similar, it was about 20 years ago) running on full screen and a torrent network to deliver new content to them with a web-based frontend to manage what’s shown on which site. Back then it would’ve been stupidly expensive to have the hardware and bandwidth on a single point to service potentially few thousand clients, so distributing the load was the sensible solution. I think that even today it would be a neat solution for the task, but no one has put up the money to actually make it happen.

Why billboard system would have sane installed? I don’t think Debian or derivatives install it by default. Vnstat is also a bit odd, but maybe that’s just me. I assume they have multiple of these displays around and for them it would make more sense to use something more centralized, like zabbix, to monitor the whole network (obviously they could do that too).

5.2 for me. I got it as a gift, in a offical retail box. I think the box with manuals is still around somewhere, but I’m not sure where.

127.0.0.1 / 255.0.0.0