asap @ asap @lemmy.world

Posts

0

Comments

264

Joined

2 yr. ago

My comment in the comment chain was:

An attacker escaping from a container can't be system root as Podman runs rootless (without some other exploit or weak password).

We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.

While you are correct, any system is compromised if you have root, so isn't that irrelevant at that point?

Makes sense. An "immutable" distro provides no additional security benefit, however CoreOS does have a reduced attack surface area compared to other distros, which itself is a benefit.

edit: "Immutable" means "all of them are the same", not "unchangeable".

You sound confident, but the fact that Fedora is using the term "immutable" makes me wonder if you actually have domain expertise here.

Immutable means immutable. It would be strange for them to call it that if it actually means "completely irrelevant from a security perspective".

Unless you provide some evidence to the contrary I'm going to assume you aren't correct.

They 100% can.

An attacker escaping from a container can't be system root as Podman runs rootless (without some other exploit or weak password).

The filesystem itself is also read-only.

    
/dev/nvme0n1p4 on /sysroot type xfs (ro)
/dev/nvme0n1p4 on /usr type xfs (ro)
/dev/nvme0n1p3 on /boot type ext4 (ro)

  

The tick is gone for me too. Well that sucks, I guess they updated the page.

The column with the ticks is for Plus not for Free, so yes you should definitely complain to support.

One salty downvote from @rekabis@lemmy.ca :P

Selfhosted Gitea is a way to get a wiki, bug tracker or whatnot - collaborate, for example, but it's not necessary to have a Git server for your personal use.

No, but it is amazing for browsing your repos and visually seeing what you did in a past commit or a branch, while your IDE is open to your latest code. Or copying and pasting something that you need from a different repo.

For Git experts, sure they can probably do all that better inside their IDE or CLI, but for us plebs, having your own Forgejo is incredible 😍

I have mine configured to disable the wiki and issues, etc, it's just the repo browser.

With HDMI-CEC you can achieve what your wife wants. I have one remote to turn on my Nvidia Shield (with Plex, Jellyfin, Netflix, etc), and that same remote also controls all TV functions.

so your TV doesn't bother you.

Many TVs have a constant "no wifi connection" visual error if it's not connected.

Please think before you rage post. Your attempts to compare these two companies are hysterical and inane.

🙄 I think you need to take a deep breath and count to 5 if you think there was any rage or hysteria in my very mild comment.

Google's entire brand was built on amazing search, and now their search is awful.

Enshittification isn't a conspiracy and it's not a nefarious end-goal, it's just a descent into shittiness. Proton continuing to sideline Linux (still no Drive support, other apps are second-class, etc) is a great example.

If they were truly focused on the goal of promoting privacy, they would be wanting to prioritise the option for people to leave Windows and Mac for Linux. Instead, it seems like their goal is becoming "Offer all the things that are hot in the market right now."

I use UCore for my homelab and it's been flawless. Absolutely no issues. I run around 50 containers, LLMs, and host some public sites with Caddy.

The major thing that’s keeping me away from CoreOS/ uCore is all the ignition-butane-stuff. From what I’ve heard, it’s needlessly complicated

It's super super easy. Run a docker one-liner on your existing local server or laptop to host a quick webserver:

    
docker run -p 5080:80 --name quick-webserver -v "$PWD":/var/www/html php:7.2-apache

  

And put this Ignition file in the directory from above: https://github.com/ublue-os/ucore/blob/main/examples/ucore-autorebase.butane

That's it, that's the only steps. Boot off the ISO and type in the hosting URL from above.

You'll only need that when building the server the first time.

Interesting. That's a support article so is less likely to be up-to-date than the pricing page, but that being said I'm on Unlimited and don't know what the Plus plan provides with certainty.

Edit: Proton has REMOVED the P2P from the VPN tick on this plan since I took the screenshots. That sucks.

That is incorrect. Here is a link: https://proton.me/mail/pricing#compare-plans

Edit: Proton has REMOVED the P2P tick from the VPN on this plan since I took the screenshot below. That sucks.

Here is a link: https://proton.me/mail/pricing#compare-plans

Edit: Proton has REMOVED the P2P tick from the VPN on this plan since I took the screenshots below. That sucks.

I would gladly pay like 5€ monthly for little storage, VPN and few email aliases)

Includes VPN with P2P and streaming, Drive with 15GB, Proton Pass, etc.

https://proton.me/mail/pricing#compare-plans

doesn’t require rebooting as often.

You have to reboot to upgrade to the latest image, so you'll have to get rid of the ideal of uptime with years showing on the clock.

Rebooting is optional, and so far it's been rock solid. Since your workload is all containerised everything just comes up perfectly after a reboot without any intervention.

I think Debian is less maintenance

Arguably that's the best feature of an atomic server. I don't need to perform any maintenance, and I don't need to worry that I've configured it in some way that has reduced my security. That's all handled for me upstream.