So, as I've mentioned, you'll need another machine (I'd advice running Linux on it, but it's probably not strictly necessary)
The easiest route would probably be to run their all-in-one docker image. I believe, their instructions are rather straightforward. It would be enough to expose port 8080 only in the provided docker run command.
Then accessing from outside the local network may be accomplished via tailscale.
By default it will be accessible from within your tailnet only, but if it doesn't suite you (e.g. you want to use another VPN on your phone to hide your traffic from your provider or bypass regional restrictions) you can expose it to the internet via tailscale funnel.
So, regarding the account: it depends. AFAIK, there's no "graphene account" in grapheneos, but you can use the regular google account after installing sandboxed play services. Note: you don't have to, the only things from google I personally used were gcam (since their hdr+ thingy is quite good) and photos (since foss alternatives I've tried can't 3d transform), both without play services and internet access. On other roms there may be an optional account (ex, /e/os).
Applications: there's a messaging app (regular SMS) and gallery (not sure here, tho, mb there wasn't; once again I decided to keep using google photos), otherwise - nope. All can be obtained from f-droid/play store/aurora. Syncing probably needs to be done via 3rd party stuff (I'd probably go with self-hosted nextcloud instance, which can be done rather easily and for free with tailscale if you have a spare laptop/pc)
App installation: I personally went with f-droid plus aurora (since the proprietary software I use doesn't rely on play services other than for sending notifications, exception - gcam, but fixable with gcam services provider from f-droid with the caveat of not being able to use sandboxed play services due to the name collision). Idk how exactly sandboxed play services are "better" compared to f-droid, mb in terms of software availability? Otherwise I prefer f-droid since stuff there is Foss, trackerless and overall better audited (paste here the links to numerous articles about actual malware being found in play store).
Self-hosting nextcloud is relatively easy (I can drop some links later if you're interested), but you can also keep using whatever you used before. Also (correct me if I'm wrong) /e/ provides their cloud with some amount of free storage, so you may want to start with that.
Yea, but the move to verify the path seemed somewhat funny at the time. As for the second part - it's a shame, but expected: they need to re-compile like everything. So, I just decided to wait since all my machines are ssh-ible from VPN only
Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it's questionable since they don't link sshd with liblzma (although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd uses liblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn't pass the argv[0] requirements and also doesn't link liblzma. Also, fedora.
For me it's not about efficiency (although tiling somewhat improves it) but rather basic comfort. With stacking wms windows constantly overlap each other, and then I have to constantly re-arrange them, alt-tab like 75 times to find the one I need, etc, and tiling does solve this issue pretty damn well.
Likely RIP PCH (or the CPU, if those 2 are combined). That's kinda weird they don't install protection on USB ports 'cause those are like 20 cents (at least judging by those in my t480). On the other hand, HP's gonna HP
I'd just wipe everything; also change the passwords to the accounts used during suspected infection, mb try to ask the cellular provider the SMS history in case it reset any passwords. Y'know, the usual stuff.
I thought of it more in terms of changing constants (by casting the const away). AFAIK when it's not volatile, the compiler can place it into read-only data segment or make it a part of some other data, etc. So, technically, changing a const volatile would be less of a UB compared to changing a regular const (?)
Not sure about this particular case as the author didn't elaborate, but sometimes suckers sell binaries. Also, they've mentioned assets that may be non-commercial or require naming the original author which some forks may choose to ignore.
Anyways, I personally don't use floorp, so you better ask their devs or community.
The dude in front of the cameraperson doesn't now they're about to become a sweet roll