The opulence of the UAE lets a certain type of person overlook its human rights abuses and hostility towards women and queer people to view it as an appealing travel destination. It’s probably overlooked because without that opulence, Oman is just another dictatorship actively hostile to over half of the people who might travel there.

Qubes as a daily can be pretty cumbersome with a steep learning curve, but once you get the hang of it it’s a very unique modular kind of experience, and a pretty good way to safely(ish) use one machine for many things - certainly much more so than any of the main linux distros. If you’re interested in security, worth checking out!

Linux hobbyist for 20+ years, pro for 6+. Fedora for workstations, proxmox for hypervisors, and rocky for servers is my usual personal recommendation. Beyond that, secureblue (a hardened downstream of fedora atomic) with heads firmware is a fantastic daily driver if you’re into that kind of thing.

Started with debian sarge way back in the day, currently using secureblue and qubes with fedora vms for most work, with a debian htpc on the side. For servers, I’m mostly debian-based on hardware (a bunch of proxmox machines at various sites and debian-based raspberry pis everywhere), with mostly redhat-based vms. Some alpine and freebsd baremetal and virtual machines sprinkled in here and there for flavor where they fit right.

It isn’t much to ask for a game built for one operating system to work perfectly on a completely, fundamentally different operating system, by means of the vastly complex and enormous work of thousands of people, which they donated to the world so that you can access it for free?

You can use hdparm with the -S parameter to set the standby/spindown time for a hard drive.

https://wiki.archlinux.org/title/Hdparm#Power_management_configuration

A very rough sysadmin equivalent in my mind is infrastructure-as-code, like having a base system configuration pushed out via ansible that manual configurations can be made on top of. Saves all the preparatory busywork, equivalent to chopping your mirepoix in advance.

I’m reading this post as a well-intended PSA for those who might not know that their computers keep logs, and I appreciate the poster for that. But also I got a laugh from it sounding kind of like this:

If you want to avoid providing incriminating evidence during a possible police interrogation, you must disable your brain’s long-term memory functions by lobotomizing yourself

You should only enter a password once to log in, so maybe we just use our machines 1000x more than other people?

deleted by creator

This is so cool! Thanks for your work uncovering these things, and thanks for posting it.

My adhesion was like this until I washed my bed with dish soap, and now I have to chisel my prints off with a hammer because they stick on too well.

Podman/docker leave behind old images, image layers, and containers that need to be cleaned up occasionally. podman system prune will do so.

If 8TB was taken up quickly or unexpectedly, it might be something like a container failing to start and being recreated over and over, leaving each failed container behind as it goes. podman ps --all will list all containers, running or stopped. Before doing the system prune run that and podman image ls --all to see if anything looks amiss.

Good opsec, really.

Edit: also I just realized this is the Privacy community lol

apt-get clean will clear the apt cache and should give you enough temporary storage headroom on /var to do things, but if you’re bumping up on this limit often, you’ll need to reconfigure your storage.

/var is often where processes dump a lot of data (logs, databases, etc), and subpartitioning of /var sets a cap so that when too much data is dumped there, the application crashes instead of the whole system. /var/log is often recommended to be subpartitioned separately as well, so that logging can still go on if the application data fills up and crashes.

These kinds of overruns can be intentional DOS attacks, also, so the subpartitioning is often a security recommendation. NIST 800-171 requires separate partitions for /var, /var/log, /var/log/audit, and /var/tmp

With the size of modern linux kernels, I think 1GiB for a /boot partition is the absolute minimum I would go for a current full-sized distributuon. You’ll run into these out-of-space issues on updates all the time otherwise.

The bang syntax makes duckduckgo easily the best search engine - it’s a shortcut to everything, the perfect gateway to the internet.

Courts have ruled that cops can damage property in the course of their duties with no accountability or compensation required, so they’d probably just bulldoze it out of the way and destroy it. And then insurance would say they don’t cover official acts of cops, and then the cops would send a bill for damaging their bulldozer.

There’s probably more fun and effective ways to go bankrupt obstructing ICE.

Bunch of spineless sycophants.

Unless “read-only” is being enforced by hardware (reading from optical media, etc), a compromised sudo user can circumvent anything, and write anywhere. A read-only flag or the root filesystem being mounted from somehwere else are just trivial extra steps in the way.

Improved security != extremely secure, is all I’m saying. There are a lot of things that go into making a system extremely secure, and while an immutable root filesystem may be one of them, it doesn’t do the job all on its own as advertised in this post.