I second OpenSnitch. It’s the most annoying program i run, but the control it gives you over your outbound connections is so worth it from a security and privacy standpoint.
Once you start and run this you get to truly see how many different URLs are loaded when visiting just one website
Can’t, all corporate hardware and their software, too. Not my problem, but also not my intellectual property being stolen to be used in AI, so eh, NotMyProblemException.
A lot of proprietary tools like VScode and Jetbrains are needed on Linux if you’re a novice or not yet proficient with tools like EMacs/Vi yet. For example I couldn’t get Vscodium to load an extension I needed so I had to use VScode. But tbh I’m just making excuses cuz I don’t know how to set up a good dev environment :-(
Technically it’s even a ToS violation to install extensions from the VS Code marketplace (or whatever it’s called) if you’re using VS Codium. Many are also available somewhere else like the code forge where they’re developed and are under open source or free software licenses, but quite a few important ones are only available through the one distribution channel you’re not allowed to use, and contain proprietary components that can’t be forked to lift this restriction.
Personally, I find Kate is decent enough for most coding tasks. It does not have an open plugin ecosystem, so I guess, maybe it wouldn’t work for you. But aside from plugins, whenever I see people using VS Code/-ium, I wonder why they keep raving about it.
It just looks like a bogstandard editor with LSP support to me. And Microsoft may have gotten that LSP ball rolling, but it’s supported in lots of editors now…
VScode is certainly a heck of a lot easier to get LSPs working than e.g. vim.
If someone made it actually easy to set up neovim with lsp support that works as well as with vscode, there’d be no reason to give Microsoft any attention at all
In Kate, you just install the LSP server, which is typically as simple as apt install marksman and then Kate will automatically start it when it encounters an appropriate file.
Kate also has a Vi Mode, if that’s what you’re looking for. ¯\_(ツ)_/¯
The LSP support itself is builtin in Neovim (not in Vim though, AFAIK), but each language server needs to be configured and activated. There is a plugin with all(ish) configurations - https://github.com/neovim/nvim-lspconfig - and activation is done with a vim.lsp.enable("server-name") command, which you just put in your config and the Neovim will start the LSP when you open a relevant file.
Anyone new to these tools will be horrified at how aggressively Windows tries to violate your privacy with unnecessary data collection, phone-homes, remote calls, etc.
Linux is galaxies better in that regard. I still don’t want anything making any connections without my explicit knowledge and consent though, and there are lots of packages and applications that try to unnecessarily exfiltrate data without asking. If you aren’t using an active firewall, you are leaking.
They still work together. Pi-hole is an excellent second line of defense, but an active firewall tells you about what is trying to make connections and asks for your consent. Block lists are great, but they aren’t impenetrable. If you want to know exactly what your device and software are doing, you should also be using an active firewall.
Thanks for that suggestion, I had a passing thought a while back I should look into something like this.
Any problems in your experience? I imagine apps will fail if you’re slow to approve the outbound connection and something times out, so I get all of that, looking more for broader issues this might cause? Specifically wondering about the docker containers I run, all the development nonsense.
Both OpenSnitch and SimpleWall block by default. You can also set a timeout so that if you don’t respond in a certain amount of time they automatically create a permanent block rule. You can also check your rules and activity at any point. If a specific application is misbehaving you can always check its rules and change them, or delete them and start over. They’re very efficient, and get less intrusive over time as you respond to prompts and create more rules.
Not necessarily. These active firewall tools are much more thorough. They tell you any time an application or service is trying to make a connection to anywhere. Block lists are helpful, but still have gaps. These let *nothing *through unless you explicitly allow it, and ask you clearly and immediately when something that doesn’t already have a rule tries.
Doesn’t anyone else use things like OpenSnitch to audit all outgoing connections? I block all phone homes until something breaks, then investigate.
If you are trapped on Windows for some corporate reason, there is SimpleWall.
We’re all friends here, and friends don’t let friends let apps phone home.
Lulu is a good FOSS alternative for Macs. LittleSnitch is good too but proprietary (that’s where OpenSnitch got its name)
TIL. Don’t assume people know about this like that, for many we have never even heard of it, but I’ll be using it constantly now
I’m happy I could help!
I second OpenSnitch. It’s the most annoying program i run, but the control it gives you over your outbound connections is so worth it from a security and privacy standpoint.
Once you start and run this you get to truly see how many different URLs are loaded when visiting just one website
Can I subscribe to your newsletter? I want to hear all your other recommendations.
Can’t, all corporate hardware and their software, too. Not my problem, but also not my intellectual property being stolen to be used in AI, so eh,
NotMyProblemException.I feel like lots of people here use Linux, where you don’t need to be constantly vigilant of your applications working against you…
A lot of proprietary tools like VScode and Jetbrains are needed on Linux if you’re a novice or not yet proficient with tools like EMacs/Vi yet. For example I couldn’t get Vscodium to load an extension I needed so I had to use VScode. But tbh I’m just making excuses cuz I don’t know how to set up a good dev environment :-(
Technically it’s even a ToS violation to install extensions from the VS Code marketplace (or whatever it’s called) if you’re using VS Codium. Many are also available somewhere else like the code forge where they’re developed and are under open source or free software licenses, but quite a few important ones are only available through the one distribution channel you’re not allowed to use, and contain proprietary components that can’t be forked to lift this restriction.
Personally, I find Kate is decent enough for most coding tasks. It does not have an open plugin ecosystem, so I guess, maybe it wouldn’t work for you. But aside from plugins, whenever I see people using VS Code/-ium, I wonder why they keep raving about it.
It just looks like a bogstandard editor with LSP support to me. And Microsoft may have gotten that LSP ball rolling, but it’s supported in lots of editors now…
VScode is certainly a heck of a lot easier to get LSPs working than e.g. vim.
If someone made it actually easy to set up neovim with lsp support that works as well as with vscode, there’d be no reason to give Microsoft any attention at all
Is the LSP support a plugin in Neo-/Vim ?
In Kate, you just install the LSP server, which is typically as simple as
apt install marksmanand then Kate will automatically start it when it encounters an appropriate file.Kate also has a Vi Mode, if that’s what you’re looking for. ¯\_(ツ)_/¯
The LSP support itself is builtin in Neovim (not in Vim though, AFAIK), but each language server needs to be configured and activated. There is a plugin with all(ish) configurations - https://github.com/neovim/nvim-lspconfig - and activation is done with a
vim.lsp.enable("server-name")command, which you just put in your config and the Neovim will start the LSP when you open a relevant file.Where might I find a list of languages/LSPs that Kate supports and will load automatically like that?
Here is the default configuration: https://invent.kde.org/utilities/kate/-/blob/master/addons/lspclient/settings.json
If you do need more LSP servers or a different one for a language, you can specify your own custom configuration in the same format.
Anyone new to these tools will be horrified at how aggressively Windows tries to violate your privacy with unnecessary data collection, phone-homes, remote calls, etc.
Linux is galaxies better in that regard. I still don’t want anything making any connections without my explicit knowledge and consent though, and there are lots of packages and applications that try to unnecessarily exfiltrate data without asking. If you aren’t using an active firewall, you are leaking.
This is cool, thanks.
Does running pi hole make this redundant, or are they solving different problems?
They still work together. Pi-hole is an excellent second line of defense, but an active firewall tells you about what is trying to make connections and asks for your consent. Block lists are great, but they aren’t impenetrable. If you want to know exactly what your device and software are doing, you should also be using an active firewall.
You my friend may just have done a great thing for me
I’m glad this is helping people! Please pass it on.
Thanks for that suggestion, I had a passing thought a while back I should look into something like this.
Any problems in your experience? I imagine apps will fail if you’re slow to approve the outbound connection and something times out, so I get all of that, looking more for broader issues this might cause? Specifically wondering about the docker containers I run, all the development nonsense.
Both OpenSnitch and SimpleWall block by default. You can also set a timeout so that if you don’t respond in a certain amount of time they automatically create a permanent block rule. You can also check your rules and activity at any point. If a specific application is misbehaving you can always check its rules and change them, or delete them and start over. They’re very efficient, and get less intrusive over time as you respond to prompts and create more rules.
TIL.
Is this redundant with DNSBL?
Not necessarily. These active firewall tools are much more thorough. They tell you any time an application or service is trying to make a connection to anywhere. Block lists are helpful, but still have gaps. These let *nothing *through unless you explicitly allow it, and ask you clearly and immediately when something that doesn’t already have a rule tries.