Zum Vergleich: Ich hab extrem dicke Haare, und einige davon. Ich kann mich mit einer Klinge von Gilette etwa zwei mal rasieren bevor das unschoen wird. Ich hab daher das Ding nur fuer Feinarbeiten, und mach das grobe mit nem Rasiermesser.
Ueber die Jahre ist die Frequenz fuers rasieren aber auch massiv runtergegangen, aktuell kommt alle 2-3 Wochen - wenns zu lang wird - der Bart wieder runter.
Easiest and most affordable is probably a security key like the Nitrokey or the https://www.yubico.com/. I personally don't like the company behind yubikey much, but if you want something small you can always leave in the device that's pretty much your only option.
For "cheaper, but a bit more effort" would be just getting a smartcard blank, a card reader (if you're not lucky enough to have a notebook or computer with one built in), and then either write your own applet, or use one of the available opensource ones, and upload it to the card. A variant of that would be the Fidesmo card, where you get a card and their applet.
Or you just use the TPM you may have in your system - though you'll need to be careful with that: Typically one reason for using a hardware token is to make sure keys can't get extracted, while TPMs often do allow key extraction. Software to make that work would be opencryptoki.
Generally you'd use PKCS#11 to have the various components talk to each other. On your average Linux pretty much everything but GnuPG place nice. with PKCS#11. Typically you end up with pcscd to interface with the smartcard (the above USB tokens are technically also just USB smartcards), OpenSC as layer to provide PKCS#11 on top, and software (like OpenSSH) then talks to that.
All of that should be available as packages in any Linux distribution nowadays - and typically will also provide p11-kit configured to use a proxy library to make multiple token sources easily available, and avoid blocking on concurrent access.
ssh-add supports adding keys from pkcs#11 providers to the SSH agent (search pkcs11 in ssh-add manpage), with some distribution (like RedHat) also carrying patches allowing you to only select individual tokens for adding.
If you're also using GnuPG it gets more complicated - you pretty much have two options: Stick with PKCS#11, in which case you'd replace GPGs own smartcard agent with gnupg-pkcs11-scd, or you use GPGs own card implementation, in which case you can forget pretty much everything I wrote above, and just follow the security key manual for setting up a GPG card, enable SSH agent support in the GPG agent, and just use that for SSH authentication.
A surprising amount of services (including Azure last I tried) can only handle RSA keys, so after trying ecdsa only for a while I ended up adding a RSA key again.
With that said - it's 2023, in almost all cases you should have your keys in a hardware module nowadays, in which case you'd use a different command for keygeneration.
Enterprise SSDs are certified to retain data without power for 3 months. That's extremely conservative - but I wouldn't push it to more than about two years.
Laut finnischen Nachrichten hatten die Athleten bewusst auf mehr Kleidung verzichtet um beweglicher zu sein.
For workstation there hasn't been a need to use VMWare for over a decade now, if you're on Linux. Server side, if you needed live migration you had a reason to stick with VMWare - but that also should've been solved about a decade ago. Pretty much the only two excuses for still using VMWare infrastructure are "it's old infra, and we don't really have the time to migrate away from it" or "our ops team is too incompetent to handle anything else"
At least my kid remembers quite a few things from that time. She sometimes goes "remember when I was crying so much.." following by an increasingly detailed description of a situation until I do remember. And then she tells me what the issue was back then, which she didn't have the ability to explain yet back then.
No, they can rejoin. They just need to take the same route any new applicant needs to take.
How do you handle encryption? Best provided option with client side encryption I'm aware of still leaks filenames.
It did, but note that the linked picture is the full resolution of the camera. Also, the phone had very limited storage space, and the display was in no way suitable for displaying the pictures taken, so you just hoped for the best until you managed to check them on your computer.
The S55 got lost eventually, but the camera module should still be around here somewhere.
Emacs grep lets you run grep, and formats the results in a buffer from where you can then easily visit the files at the match location.