Need Help w/ My Last Few Issues
moonpiedumplings @ moonpiedumplings @programming.dev Posts 18Comments 438Joined 2 yr. ago
moonpiedumplings @ moonpiedumplings @programming.dev
Posts
18
Comments
438
Joined
2 yr. ago
No, because either the initrd is signed, built into a signed unified kerbel image, or it's encrypted like on my setup (where everything but the grubx64.efi binary is encrypted and that binary is signed).
Can you elaborate on what you found lacking in kasm? Because afaik, kasm is one of the best solutions for this, giving you a full desktop session inside a docker container.
Damn you're right:
https://documentation.ubuntu.com/lxd/en/latest/howto/move_instances/#live-migration-containers
It can live migrate cattle type containers if you enable some options, but not pet type (systemd) containers.
No software is capable of doing live migration/high availability for pet type containers and virtual machines except lxd.
But nspawn isn't really a management software like lxd is, it's more of a container runtime like lxc is.
Ninja edit: Did some googling and I'm technically wrong. Hashicorp's nomad supports lxc as a driver, but according to the doc it only supports host networking...
https://developer.hashicorp.com/nomad/plugins/drivers/community/lxc#networking
But nomad also supports managing nspawn containers which is interesting.
Secure boot + encryption is enough for evil maids. They already said they had an encrypted system.
Check out sbctl (for secure boot) https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Assisted_process_with_sbctl
What do you need secure boot for?
Probably to ensure their system isn't tampered with? Depending on who you hang with, that may be in your threat model.
Nope, I just tested and the rootful podman service doesn't touch any iptables/firewall rules.
It uses what is called a "CNI", container network interface, to manage container networking rather than just overwriting all the iptables rules like docker does.
.mozilla
One of the reasons why I will probably never install discord/slack/element for desktop, and I will use the browser version is because it's nice to have everything in one, easy to move around place.
Since I have multiple profiles I can't really take advantage of the firefox sync service.
~/Documents
Notes, poetry, other work.
~/.ssh
So I can access my servers from any machine.
~/Playables
Games and related data. Although this one is of significantly less importance, since I mainly play only ome game, binding of isaac, a roguelite.
Yeah that's a gripe of mine. Thankfully podman doesn't do that.
Docker also sometimes breaks lxd and libvirt networking by changing the default forward policy from accept to drop.
The benefit of docker is portability. You can run software anywhere. Rather than going through all this pain of installing and managing systemd services, you can just run a docker container, often in only one command. Docker also handles things like setting environment variables, which are sometimes used by apps as a an alternative for, or even replacement for settings filed, like in the lemmy docker example: https://github.com/LemmyNet/lemmy/blob/main/docker/docker-compose.yml
Docker succeeds where java failed, but in a language agnostic way.
And I disagree with the author's point about disliking docker-only apps, for two main reasons. One, it isn't the developers responsibility to package things for every system, and two, docker containers are mostly self documenting, being very close to simply a shell script. I almost always look at dockerfiles, and I have only seen one or two that are not simple to extract to make them run outside docker.
For example, the lemmy docker image: https://github.com/LemmyNet/lemmy/blob/main/docker/Dockerfile
The author acts like it's some advanced witchcraft or something, but it's just using rust to compile stuff on an debian based system. Every command used to build lemmy is right there. Then, you can look at the environment variables set in the docker compose, and set them in a systemd service or something.
How do I tag people on lemmy?
u/tony
where does diagonal fall?
I haven't encountered any of these issue on matrix, but admittedly I haven't joined a lot of matrix chats.
I'm in the max server limit, 100 right now, and many of those are people who treat discord as github, which is so annoying (but many projects are of questionable legality, like Dan's palace which makes and distributes completed android and vita ports of other games for free).
One time I got excited since there was announcement for the half life 2 android source port discord. I thought it was a big update or maybe a new game, but what I saw was something like:
the memes channel is for memes, not child porn
It's just discord that has these issues. Matrix or IRC don't have these problems. Discord just creates a kind of culture that fosters this stuff.
Incorrect, from wikipedia:
The available research indicates that the brain structure of androphilic trans women with early-onset gender dysphoria is closer to that of cisgender women than that of cisgender men.[3] It also reports that gynephilic trans women differ from both cisgender female and male controls in non-dimorphic brain areas
Aka: Trans women may have been born with the body of a man, but they were born with the brain of a woman.
The chances I am going to manage a linux distro without systemd are low, but some systems (arch for example) don't have cron out of the box.
Not that big of a deal since it's easy to translate them all, but that's one of the reasons why I default to systemd/timer units.
I disagreed particularly with:
Furthermore, F-Droid doesn’t enforce a minimum target SDK
While yes, this may be a bad thing for some, certain apps, like termux (terminal emulator, even lets you make a linux chroot, some ppl play games using wine in it) only work properly on sdk's older than a certain version, since newer versions can be somewhat locked down.
I don't want to say that that article is "google good, f droid bad", but that's what a lot of what it's points are. It completely neglects to mention the downsides of google's various security models, especially for a foss community like this one. App bundles, for instance, are secure yes. But they are also an advanced form of drm (at least when made by google), must be compiled server side for each device, and other things that make them not work for the foss community.
And criticizing f Droid because it has multiple repos? That criticism is completely incompatible with the common FLOSS ideas that things should be less centralized.
Don't get me wrong, some of the points it brings up are valid, but they are biased, only focusing on on one side.
And I also don't feel the need to be alarmed by these points. What does it matter that google signs everything (in a supposedly better way) when "everything" includes malware?
As usual, no app or product can replace human discernment. Security is a process, not a product.
Once federation gets added to one of the FOSS, self hosted alternatives, I'll probably switch. I'll mirror stuff to github probably, for resume/recruiter purposes, but the CI/CD, website deployment, and main development will happen on whatever alternative I chose.
Quarto user here, I use it for my blog.
There is also a vscode extension for WYSIWYM editing.
Well, they don't seem to be replying to this post, so I guess we will never know if they have a BIOS password or even are signing or encrypting their initrd.
I still can't figure out how to tag people from eternity (infinity for lemmy).