← Back to context

Comment by dv35z

6 days ago

I have a cron job which restarts my computer every day (Linux Mint Debian edition). I like waking up to a "fresh" computer, and since I know that it will restart every day - this is a "forcing function" to (1) be diligent about saving things that are important, (2) treating browser tabs, random notes, etc as ephemeral, and bookmarking the important stuff.

I used to work at an office where we pair-programmed with clients all day (Pivotal Labs), and most of our computers had some sort of "automatically restart / restore from a known-good image". I liked this, as it resulted in less cruft over time, and some intentionality about what getting a computer into a productive state means. It also got me thinking of using automatic routines to accomplish goals, and not being so attached to my open tabs, etc. Let it gooo....

To be more specific about this - for those wanting to get into blogging/publishing, this could mean auto-opening the website project folder using VSCodium upon user login, so its ready to go for the morning coffee. More half the time I just close it - but as a "default", it makes it easy for me to do the thing I want to do.

  sudo crontab -e -u root

  #-----------------------------
  # RESTART COMPUTER DAILY
  #-----------------------------
  00 04 * * * /usr/sbin/shutdown -r +5  "Rebooting in 5 minutes. Run 'shutdown -c' to cancel"

> Pivotal Labs

RIP Pivotal Tracker, and thank you for your involvement! It was a nice piece of software.

  • Hoping someone will boot-up an open-source version. Linear seems to be the most popular alternative to Pivotal Tracker. What did you like most about Tracker? Thanks for the kind words!

    • As I recall there wasn't an abundance of notice of Pivotal Tracker's sunset, but I did kind of expect someone to come up with a more 1:1 open-source replacement with a one-step migration tool.

      We looked at Linear and other options but ultimately ended up going with Shortcut. We wrote our own small migration script and moved over the old Pivotal IDs to keep as much historical context as we could. Shortcut's been a good tool overall, though I preferred Pivotal's Goldilocks level of compactness as far as the UI was concerned, as well as the general design.

      Pivotal's API was tidy and integrated nicely into our development process. We have some git aliases such as `git start <branch>` where the branch name will end with a story ID by convention. The alias would do the work of creating the branch, setting the remote to the dev's fork of our repo, marking the story as started, and assigning the dev as the owner. It saved a lot of manual steps, so thank you for your involvement in the project which allowed such a nice workflow!

      1 reply →

Regarding browser tabs you can always just reopen Chrome and press control shift T to get your previous tabs even after a restart

  • I have mine set to do this automatically, though it sometimes fails, I think after some updates (though I've not looked into it enough to be confident this is the pattern). In these cases reopening the tabs/windows with ctrl+shft+T reopens most, bit not always all of them, and the ones that are lost seem quite arbitrary (it might be something I've had open for days or longer, or something I was looking as a short time before restarting).

    PSA: Chrome's session restore function should not be trusted as a way of accurately maintaining state between restarts. I've not noticed the same with Firefox and Brave, though I don't currently use them as much (I'm slowly moving over to using mostly Brave or Firefox, I've not yet decided which…) so maybe they are no more reliable in this area.

  • Indeed! You can even configure it to open the last set of open browser tabs as per default, saving you a `ctrl+shift+T`.

> about what getting a computer into a productive state means

Why would you do that? Is your OS not running stable? Do you not have tight control over the software that is running? Why are you unable to keep it in a productive state?

Greetings from a Computer that only restarts for updates every few days, next to an airgapped machine that has been running for years.

  • Good questions. For some "work" use-cases, it would be starting up Email, password tool (Bitwarden), team chat (Slack), browser (with a few tabs already open).

    I am trying to get into a habit of writing/publishing, so I've got my own web-page that pops up at login, along with the code/text editor that allows me to start writing. Every individual will have their own set of "things I click on / open while sipping coffee, getting the computer into a productive state".

    In the team / consulting environment (where we would pair-program, often with different people day-to-day), the computer would start with task tracker / backlog (at the time, Pivotal Tracker, now it would be something like Linear), team knowledge base for the project area. Under the hood, it would load up common shortcuts, terminal aliases, etc.

    ----

    I often work with multiple clients, so something I've always wanted to do is have something close to "one Linux user per client", so that there isn't "contamination" between them. I haven't figured a great way to do this, but think of it a system-wide version of Chrome's switchable profiles.

    • Thank you for putting in the time to produce this answer. Amazing and unorthodox way of using the user system, I haven't even considered that. I can see that being useful.

One more forcing function I really like is to mount a tmpfs folder, and put all browser downloads there.

(Or I think making your ~/Downloads a symlink to /tmp/Downloads would do the same).

That way you don't clutter the Downloads, and catalogue anything important. The unimportant is recycled on each restart.

If your computer has any kind of secure boot / boot chain attestation stuff going on, like all phones do now, rebooting clears out pretty much all malware. Software bugs can put the system in to a bad state which can be abused by malware, but none of it can persist through a reboot since everything is checked and measured from scratch during the boot.

  • > any kind of secure boot / boot chain attestation [...] rebooting clears out pretty much all malware

    IMHO "pretty much" understates the risk.

    Malware can easily install itself as a system service, timer unit, XDG autostart or your shell profile among other places. I'll be the first to admit I never check all these places regularly.

    The only thing that should be putting minds at ease is regular OS installs from fresh images.

    Resist the temptation to do an "in place" upgrade and go with a clean ISO each time your distro comes out with a new major version.

    It's a pain but thanks to configuration management or even shell scripts it's manageable for me now.

    Admittedly six months is probably too long as well but at least it stops something lurking on a server or my desktop for years.

    • If you go with an immutable OS like Fedora Silverblue or Bazzite, every single update is a clean ISO install. And then in your user only install things through Flatpak while checking there aren't dangerous permissions enabled you will be much better off than a normal linux setup were mutations can be placed all over the place in a way that is impossible to audit or secure.

      2 replies →

  • This feels rather overstated. Your firmware check isn't going to tell you if a repo package installed/updated by your package manager got compromised, which is apparently increasingly common.

    • It's more relevant on ios/Android where you can't through normal means install malware at the system level. Linux is moving in this direction with immutable OSs and better secure boot support but there isn't an easy way to have a secure linux desktop setup currently.

      5 replies →

  • Most methods of persisting state have absolutely nothing whatosoever with kernel or modules which are a powerful way to hide malicious activity but far from the only way to persist state including malicious state. The only sane response to being infected with malicious software is to reinstall everything starting with the OS and scan user files AFTER reinstalling.

    It is possible even plausible that you can disinfect many sorts of malware from inside a compromised machine but it is inherently less trustworthy and installing from scratch barely takes any more time.

    • If you know for sure you have been infected with malware then it’s better to reinstall. But on iOS/Android and any other OS with strong boot chain security you can proactively reboot your device periodically and wipe out malware you weren’t aware of.

      It’s borderline impossible to persist malware across reboots on iOS these days.

      1 reply →

  • > Software bugs can put the system in to a bad state which can be abused by malware, but none of it can persist through a reboot since everything is checked and measured from scratch during the boot.

    This does not account for supply chain attacks nor trojan attacks which seek consensual installation. A reboot will not eradicate these threat vectors.

    • It relies on your software to be properly sandboxed and permissioned.

      What we have seen is state funded hacking groups can often exploit bugs which break out of sandboxes and embed themselves in the system. But the malicious code only exists in memory, it can’t persist between reboots because the next boot would fail the checksum and signature checks.

      Which is why security focused OSs will periodically reboot themselves to flush out possible malware and why jailbreaks and hacks for phones and game consoles usually have to be reinitiated after every boot.

      MacOS has a few measures including SIP and boot chain security to implement this, though it’s currently hard to set up a properly secure Linux desktop.

      2 replies →