Fail2ban and containers can be tricky, because under the hood, you'll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation
For your usecase specifically:
If you're using VMs only, you could run it within any VM that is exposing traffic, but for containers you'll have to run fail2ban on the host itself. I'm not sure how LXC handles this, but I assume it's probably similar to docker.
The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)
I believe it was a musk move that changed the default sort order from "latest first" to "most engaged" as an intentional inconvenience to encourage users to make accounts and log in.
In a world of good-faith, rational actors, it is reasonable to consult experts in the industry you're about to regulate. In theory, a good-faith adversarial discussion will root out inconsistencies and logical fallacies within the regulation.
Obviously that's usually not the case in modern politics, but I think the system was designed when it was thought that the average person would be operating in good faith, and in that context it makes sense.
I think you go about it the other way: break data analytics and advertising off from everything else. If every unit has to be self-sufficient without reliance on data collection and first-party advertising I think you fix most of the major issues.
I've met a surprising number of "good religious people", but it's not surprising most people think they don't exist. I think this phenomenon transcends religion though
In the case of good Christians, the one unifying quality all of them have is they aren't loud, and they aren't pushy about it. They live their lives with a set of fundamental values and are always willing to go out of their way to help a neighbor. If it weren't for the symbology in their homes you might never know.
I think it's the same with anything else. If you've never met a trans person who doesn't make enforcing pronouns their entire identity, it's easy to have your perspective skewed towards the obnoxious loud ones you see online. If you don't personally know a cop or a black person, sensationalist stereotypes might be your internal idea of normal about them too. Etc...
Linux users though... we're all pushy weirdos. Not a normal good one among us :)
Actually now that it's been mentioned, have you ever tried Linux on the desktop? It's really good these days. I do not use arch btw, I'm a Debian user myself.
I think the debate is about what a reasonable class is. I don't think that an appendage, or identity for that matter, is a reasonable proxy for capability class. In my mind you really have to go one of two ways.
You either make everything class-less (think UFC 1) where all weights, sizes, abilities, genetics compete for a singular title
Or
You make science-based classes, based around whatever the best proxy for capabilities are (testosterone, chromosomes, height, weight, body fat percentage, some combination of the former, etc)
If you use nothing as a proxy, there would be a lot of people unable to compete but it would at least be unequivocally "fair". If you use science-based capability classes you would have a wider range of "fair-ish" competitions, but there might be some weird overlap where some men, some women, and those in-between bridge accepted norms.
I'm actually working on a vector DB RAG system for my own documentation. Even in its rudimentary stages, it's been very helpful for finding functions in my own code that I don't remember exactly what project I implemented it in, but have a vague idea what it did.
E.g
Have I ever written a bash function that orders non-symver GitHub branches?
Yes! In your 'webwork automation' project, starting on line 234, you wrote a function that sorts Git branches based on WebWork's versioning conventions.
Overall, we rate LGBTQ Nation Left Biased based on story selection and wording that almost always favors the left. We also rate them Mostly Factual in reporting, rather than High, due to not labeling opinion pieces, which may mislead the reader.
I was with you until I clicked the link but that doesn't seem like an entirely unreasonable take. One can be both "on the right side of history" and "intentionally or incompetently misleading".
To be clear, an operating system in an enterprise environment should have mechanisms to access and modify core system functions. Guard-railing anything that could cause an outage like this would make Microsoft a monopoly provider in any service category that requires this kind of access to work (antivirus, auditing, etc). That is arguably worse than incompetent IT departments hiring incompetent vendors to install malware across their fleets resulting in mass-downtime.
The key takeaway here isn't that Microsoft should change windows to prevent this, it's that Delta could have spent any number smaller than $500,000,000 on competent IT staffing and prevented this at a lower cost than letting it happen.
If there are any water pipes through the second half of the house you cannot let those exterior walls reach freezing temperatures. Whatever solution you go with needs to account for the entire space in some capacity.
I'm sorry but this is just a fundamentally incorrect take on the physics at play here.
You unfortunately can't ever prevent further breakdown. Every time you run any voltage through any CPU, you are always slowly breaking down gate-oxides. This is a normal, non-thermal failure mode of consumer CPUs. The issue is that this breakdown is non-linear. As the breakdown process increases, it increases resistance inside the die, and as a consequence requires higher minimum voltages to remain stable. That higher voltage accelerates the rate of idle damage, making time disproportionately more damaging the more damaged a chip is.
If you want to read more on these failure modes, I'd recommend the following papers:
L. Shi et al., "Effects of Oxide Electric Field Stress on the Gate Oxide Reliability of Commercial SiC Power MOSFETs," 2022 IEEE 9th Workshop on Wide Bandgap Power Devices & Applications
Y. Qian et al., "Modeling of Hot Carrier Injection on Gate-Induced Drain Leakage in PDSOI nMOSFET," 2021 IEEE International Conference on Integrated Circuits, Technologies and Applications
+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.
Fail2ban and containers can be tricky, because under the hood, you'll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation
https://docs.docker.com/engine/network/packet-filtering-firewalls/
For your usecase specifically: If you're using VMs only, you could run it within any VM that is exposing traffic, but for containers you'll have to run fail2ban on the host itself. I'm not sure how LXC handles this, but I assume it's probably similar to docker.
The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)