qubes-mirage-firewall VS scripts

2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/

That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.

That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).

Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]

[0] : https://github.com/mirage/qubes-mirage-firewall

sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.

I made this at one point to counter that anti-Linux FUD; I still maintain it but not as religiously -- it's become too polarised and no one on that sub is logical once they've made up their minds (which perhaps applies to me also, but shrug !)

try https://github.com/xkcd386at/scripts/blob/master/restic-find-fzf if this interests you. Like a lot of my tools, this one also uses the amazing fzf program to help you select files or directories to extract

for people who want this kind of combination but still have muscle memory for head and tail arguments, try this: https://github.com/xkcd386at/scripts/blob/master/ht

if someone wants a pure bash+fzf+ripgrep solution with slightly different behaviour, take a look at https://github.com/xkcd386at/scripts/blob/master/vgc

So... https://github.com/xkcd386at/scripts/blob/master/fclone (and yes the program name is probably even less imaginative than rfync -- suggestions welcome)

I have a script that identifies exact duplicate directories; see https://github.com/xkcd386at/scripts/blob/master/dirdups

https://github.com/xkcd386at/scripts/blob/master/usff for the win

as for session token stealing, on Linux at least I have long advocated using multiple userids to run browsers -- I log on to gmail in a user called x3-gm, to amazon in a user called x3-amz, and so on. All simultaneously and without having to logoff/logon. https://github.com/xkcd386at/scripts/blob/master/usff has the details, but that's not important; the main idea is to not use the default locations for any important logged in site. Sure there is some pain in manually moving files between userids (e.g., move statement from bank userid to gmail userid to send to my accountant), but it's not hard and some judicious use of /tmp or similar can help a lot