HOW TO SET UP #ALBYHUB ON RASPBERRY PI ?

We maintain our guides.getalby.com, but very often better tutorials are provided by community - and we are super happy about it 😻

#AlbyHub is a lightweight app that runs a lightning node with NWC connections and smooth interface on low-energy devices, like beloved #RaspberryPi.

Thanks to the guide below, you can easily spin your own node in minutes!

I’m making some viral clips for Instagram, here’s one of them.

If you have ideas drop em here!

If you’re a comedy sketch writer please DM me on Instagram @bradmillscan because I’m looking to work with some writers to script up some good sketches that we can film.

Secureblue is a security-focused desktop Linux operating system.

Features

Exploit mitigation:

Installing and enabling GrapheneOS' hardened_malloc globally, including for flatpaks.

Installing our chromium-based browser Trivalent, which is inspired by Vanadium.

SELinux-restricted unprivileged user namespaces

Setting numerous hardened sysctl values details

Sets numerous hardening kernel arguments

Configure chronyd to use Network Time Security (NTS) using chrony config from #GrapheneOS

Set opportunistic DNSSEC and DNSOverTLS for systemd-resolved

Installing usbguard and providing ujust commands to automatically configure it

Filling holes in the linux security posture

Remove SUID-root from numerous binaries, replacing functionality using capabilities, and remove sudo, su, and pkexec entirely in favor of run0

Disable Xwayland by default (for GNOME, Plasma, and Sway images)

Mitigation of LD_PRELOAD attacks via ujust toggle-bash-environment-lockdown

Disable install & usage of GNOME user extensions by default

Disable KDE GHNS by default

Removal of the unmaintained and suid-root fuse2 by default

Disabling unprivileged user namespaces by default for the unconfined domain and the container domain

Security by default:

Disabling all ports and services for firewalld

Use HTTPS for all rpm mirrors

Set all default container policies to reject, signedBy, or sigstoreSigned

Enabling only the flathub-verified remote by default

Reduce information leakage:

Adds per-network MAC randomization

Disabling coredumps

Attack surface reduction:

Blacklisting numerous unused kernel modules to reduce attack surface

Brute force protection by locking user accounts for 24 hours after 50 failed login attempts, hardened password encryption and password quality suggestions

Disable and mask a variety of services by default (including cups, geoclue, passim, and others)

Security ease-of-use:

Installing bubblejail for additional sandboxing tooling

Tooling for automatically setting up and enabling LUKS TPM2 integration for unlocking LUKS drives

Tooling for automatically setting up and enabling LUKS FIDO2 integration for unlocking LUKS drives

Toggles for a variety of the hardening set by default, for user convenience (ujust --choose)

Huge.

GM you can now try #DeepSeek R1 32B on Unleashed.chat without sending your data to CCP.

Click on the arrow to expand and watch the reasoning if you'd like.

All the data is stored locally on your browser, pay your use by lightning.

Next is making it available as DVM, API, then let it search Nostr, search the web and make it faster.