I've been using three profiles for some time now and it works great.
One is a profile that I exclusively run in a Linux network namespace, where all traffic is routed over a wireguard VPN. A shellscript sets up the namespace, connects to a randomly selected VPN server, sets up routing and launches the Firefox profile in that namespace. That shell script is launched through a custom key shortcut.
The "normal profile" does not have many anti-tracking measures and privacy extensions enabled. I use this one for online banking or other personal activities which I don't want to route over a VPN. It's also synced with my phone.
A third profile is restricted to certain websites. It's pretty much a default Firefox, except for ublock. ublock filters ensure that only selected websites can be browsed in this profile. This profile does not clear cookies on exit etc. I use mainly it for web apps that require login.
Interesting, but almost every click on the site requires an account (with an email). I would love to be able to assess it a bit more before creating an account.
Reading the posts doesn't require an account. Seems fair that other functionality (voting, reading list, custom blogs, etc.) would require an account.
Edit: I got an account. The "blogs" page is a mix of blogs you follow and default blogs. I guess that shouldn't really need an account to see the default blogs.
>Further research revealed that the brain communicates with the spleen – an organ that plays a critical role in the immune system – by sending electrical signals down the vagus nerve. These trigger the release of a chemical called acetylcholine that tells immune cells to switch off inflammation. Electrically stimulating the vagus nerve with an implanted device achieved the same feat.
One might also achieve comparable effects by drinking baking soda.
>"We think the cholinergic (acetylcholine) signals that we know mediate this anti-inflammatory response aren't coming directly from the vagal nerve innervating the spleen, but from the mesothelial cells that form these connections to the spleen," O'Connor says.
>While there is no known direct connection between the vagal nerve and the spleen -- and O'Connor and his team looked again for one -- the treatment also attenuates inflammation and disease severity in rheumatoid arthritis, researchers at the Feinstein Institute for Medical Research reported in 2016 in the journal Proceedings of the National Academy of Sciences.
O'Connor hopes drinking baking soda can one day produce similar results for people with autoimmune disease.
I was one of the relatively early adopters in 2015 when the BQ Aquaris E4.5 came out.
I gave Ubuntu Touch a chance, particularly as I was longing for something comparable to Maemo on the Nokia N900. At first it was great. OpenSSH, bash, etc. I had some fun hacking on it. However, I quickly realized they threw a beta product at the people.
I missed phone calls because of race conditions. I couldn't connect to my wifi because my password was too long.... It overall really seemed the team at Canonical didn't have enough man power.
Eventually, these things got fixed, but too late for me. In some ways it's cool that the community hasn't given up on Ubuntu touch, unlike Canonical. I don't know how much has changed under the hood, but one can only hope the software stack is more reliable now.
I also was an early adopter of the BQ Aquaris (I even meant to get a tablet, but got too busy), and it was great, Ubuntu Touch felt so much nicer for me to use than Android... and then I stupidly dropped it, and with the bottom left of the screen unresponsive I had to toss it.
In short, the breathing increases epinephrine (adrenaline), which causes a spike in anti-inflammatory cytokines, and decreases inflammatory cytokines such as TNF-a.
It should be added that on the web I found several reports about increased tinnitus symptoms, which usually subside after the breathing is stopped, but for some it was permanent. This is why I am not doing it regularly, as I also get some ringing, but thankfully it was not permanent.
Nevertheless, I find this very method very exciting. I am glad Radboud took a look into it. However, I would love to see clinical trials on the method at last.
> “pushing in the brain” means creating high pressure in the lungs until you feel it in your head. Do NOT push the air literaly into the airways in your head, that will cause tinnitus
>.. So how do we get it that simple on Linux? I believe the answer is to find someone with enough free time to figure out how to use SECCOMP BPF to implement pledge.
> There's been a few devs in the past who've tried this. I'm not going to name names, because most of these projects were never completed.
I guess I am also one of those. I am giving it a shot with my WIP sandboxing library, which aims at making sandboxing easier for applications in general: https://github.com/quitesimpleorg/exile.h. It also aims to fix the "file system blind spot" mentioned in the article, by using Landlock and Namespaces/chroot.
Though I am calling my attempt "vows" instead of "pledge" to avoid misunderstandings. At the the end of the day, pledge() cannot be pledge() on Linux, due to limitations which the article also mentions.
Nevertheless, as has already been mentioned in this thread, as all attempts, mine also suffers from the fact that one has to keep up constantly with kernel releases and all software must recompiled from time to time against new library releases. This is a suboptimal situation. Secondly, there systems calls with currently cannot be filtered with seccomp BPF, such as openat2() and clone3() and so on.
Therefore, at this time you cannot have pledge() on Linux properly. So I am putting it on hold until deep argument inspection lands.
Overall, my experience led me to believe in order to have true, partical pledge() on Linux, it must be implemented in the kernel ultimately.
As someone else who's banged their head against seccomp and given up (put on hold) I have to say that you're missing one roadblock though. It's not enough that the kernel gets pledge(), but libc needs to cooperate too.
apropos of recognizing your name, I want to say thanks for your blog post on ssh certificates. I relied on it a ton when I was writing a host and user ca 6+ years ago.
I was a bit disappointed by some limitations back then when I tried it for a project of mine. When searching phrases where ordering matters, phraseto_tsquery() does not quite work for larger documents, as the tsvector position values are quite limited: https://www.postgresql.org/docs/14/textsearch-limitations.ht... Here I had much better success with sqlite's FTS implemention.
One is a profile that I exclusively run in a Linux network namespace, where all traffic is routed over a wireguard VPN. A shellscript sets up the namespace, connects to a randomly selected VPN server, sets up routing and launches the Firefox profile in that namespace. That shell script is launched through a custom key shortcut.
The "normal profile" does not have many anti-tracking measures and privacy extensions enabled. I use this one for online banking or other personal activities which I don't want to route over a VPN. It's also synced with my phone.
A third profile is restricted to certain websites. It's pretty much a default Firefox, except for ublock. ublock filters ensure that only selected websites can be browsed in this profile. This profile does not clear cookies on exit etc. I use mainly it for web apps that require login.