AstonJ

AstonJ

How do you secure your dev machine/environment

Following on from this post in Do you use LittleSnitch or the equivalent on your OS? I think it might be worth us creating this thread so we can share tips and tricks we might have picked up over the years to help secure our dev machines and home networks - if you have any please share!

Most Liked

Eiji

Eiji

In 99.999999999% cases I prefer prevent instead of defend tactic. I block adds, 3rd part content (including cookies) and usually access sites I already known. I use Gentoo Linux and I decide what’s inside my environment setup part by part. Maybe it’s a bit too manual, but in exchange I don’t have support for everything like cups without a printer and so on. :smiling_imp:

Most of apps and services is open source alternative for BigTech products. I rarely use Google, Twitter/X account only for giveaways, Discord only for a contact with family and Slack also for Elixir contacts. I had a LinkedIn account, but for some reason just checking inbox was a “suspicious activity” and because of that they require my ID scan (which in many countries is illegal btw.), so I showed middle finger and stopped using it.

I do not pay by card online. I prefer cash or “old, good” bank transfer. Simply most type of attacks that require “rush without thinking” does not work on me. On a single key I access a terminal with lots of useful information and actions.

sezaru

sezaru

I use a Yubikey as a 2FA for doing anything with root access in my computer.

Also, for critical files, I create a vault with CryFS (which I can easily manage using the Gnome app called Vaults) and only mount it when I need something from it.

For firewall, I have a small device running PFSense that manage all the internet access to my local network instead of handling that in each computer.

Finally, for data storage and backup I use a NUC as a NAS with all data and I have a wireguard VPN setup on it so i can access it when I’m not at home.

AstonJ

AstonJ

macOS

Apart from the obvious like setting a password etc…

  • Turn on FileVault to encrypt your drive: Privacy & Security > FileVault
  • Turn on your firewall: Network > Firewall (then periodically click on ‘Options’ to check those in the list of incoming connections).
  • Enable end-to-end encryption of iCloud data: iCloud > Advanced Data Protection

Oddly - none of the above is on by default!

  • Install LittleSnitch to allow/disallow connections to the web (there are free alternatives)
  • Set up Time Machine backups (encrypted and usually run two and keep old copies)
  • Check Privacy & Security > Files * Folders to see which folders your apps can access
  • Check Privacy & Security > Full Disk Access
  • Check Privacy & Security > Accessibility to see which apps can ‘control’ your Mac
  • Check Lock Screen > require password after screen saver begins immediately/whatever you require
  • Check General > login items for apps/services that automatically start at login
  • Check your folder permissions (particularly if you have added any to you home folder). Folder > right click > info (should be you > Read & Write and everyone > no access)
  • Privacy & Security > Advanced > log out automatically after inactivity (means a password would be required instead of just Touch ID)

You may also want to look at Apple’s new Lockdown Mode, which they say can offer extreme protection.

Where Next?

Popular in Dev Env & Tools Top

renews
Hello everyone, today I created a simple Neovim plugin to check for new versions of packages used in the project, not sure if it is usefu...
New
pinksynth
Hey everybody. I was wondering if anybody here has used Panic’s Nova editor. It came out recently and I saw there was no Elixir Formatte...
New
Tyson
I know there are lot of shell-theme nerds in this group. I want to share a little something that Claude and I have been working on in our...
New
ariandanim
Dear all, Does anyone has tried using ARM Laptop Snapdragon? I am planning to buy new one for my daily coding, but still need some sugg...
New
Onor.io
I apologize in advance if this has been suggested by others but here goes. Just today I was compiling some code and once again I’m prese...
New
AstonJ
While on the theme of routers: Is your computer's internet connection wired or wireless? (Poll) Which router do you use? How do you se...
New
New
AstonJ
Welcome to our thread for Windows users :smiley: Mac users please use this thread Linux users please use this thread For those who dis...
New
AstonJ
Welcome to our thread for Mac users :smiley: Windows users please use this thread Linux users please use this thread For those who dis...
New
AstonJ
If you have any macOS tips or tricks, or a favourite way of using it, please share :icon_biggrin: For general chat about Macs, please us...
New

Other popular topics Top

albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

We're in Beta

About us Mission Statement