It’s used to check for website breaches. From How to stop Firefox from making automatic connections:

Firefox Monitor warns you if your online accounts were involved in a known data breach. For more information, see Firefox Password Manager - Alerts for breached websites.

To get the latest login breach information and more, Firefox connects to firefox.settings.services.mozilla.com

To disable, see here.

You can also run VirtualBox with KVM as a backend.

The attack worked, the password is cmF0dGEK.

This was obtained by generating 32 possible plaintexts for the first 10 bytes of system.zip (based on the different values in the headers of ~300 zip files on my system), plus three null bytes for the high bytes of compressed size, file name length and extra field length.

The inner zip files are just stored, uncompressed:

Archive: update.zip
Index Encryption Compression CRC32    Uncompressed  Packed size Name
----- ---------- ----------- -------- ------------ ------------ ----------------
    0 ZipCrypto  Store       d1bca061     65761967     65761979 system_lib.zip
    1 ZipCrypto  Deflate     64a3f383         2183          741 config.json
    2 ZipCrypto  Store       3731280f     89300292     89300304 app.zip
    3 ZipCrypto  Store       a2bd64f5    135518964    135518976 app_lib.zip
    4 ZipCrypto  Store       700eb186      5996410      5996422 system.zip

So 12 bytes from the original content.

The entries in update.zip are encrypted using the weak ZipCrypto scheme, which is known to be seriously flawed. If you feel motivated, and can guess at least 12 bytes of plaintext for an entry, it is possible to recover the internal state of the generator, which is enough to decipher the data entirely, as well as other entries which were encrypted with the same password. The bkcrack project implements this attack.

Since some of the entries are zip files themselves, it is within the realm of possibility to guess 12 bytes of plaintext. Parts of the zip local file header are pretty static, and you can use some of the values from the local file header of update.zip itself. Still, this would require a bit of luck / inspired guesswork.

singlelogin.re still worked for me recently.

Source

Yes, for example, syncing on a kernel panic could lead to data corruption (which is why we don’t do that). For the same reason REISUB is not recommended anymore: The default advice for a locked-up system should be SysRq B.

https://linux-tc-notes.sourceforge.net/tc/doc/cls_u32.txt:

The base operation of the u32 filter is actually very simple. It extracts a bit field from a 32 bit word in the packet, and if it is equal to a value supplied by you it has a match. The 32 bit word must lie at a 32 bit boundary.

Try perhaps the solution in https://unix.stackexchange.com/questions/648084/docker-interface-tears-down-wifi-internet

Try removing all the superfluous default routes.

Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported (GRUB bug #59409), only PBKDF2 is.

There is this patch, although I have not tested it myself. There is always cryptsetup luksAddKey --pbkdf pbkdf2.

GRUB works just fine with LUKS2 these days. There is no need to switch bootloaders.

This seems right and exactly the way I’ve set it up. On subvolid=5 I have subvolumes @ and @home, in /etc/fstab I mount / as subvol=@, and /home as subvol=@home.

https://stackoverflow.com/questions/10602504/how-does-user-js-work-in-firefox-in-detail:

It just looks like a JavaScript file. Once upon a time in Netscape 3 and maybe 4 it actually was, but now it’s just a file with a .js extension and a very restricted syntax that’s parsed by a separate (non-JS) parser and not executed in any way.

Could you run sudo lshw -C network and post the output for the wireless interface?

We have those on I2P already, see tracker2.postman.i2p for example.

You should not torrent over the tor network, but you can torrent over the I2P network. qBittorrent even has experimental I2P support built in.

But you can do this.

Memory safety would be the main advantage.