I honestly don’t know how this could turn out.

It could be an amazing change that results in much more progress for hardware acceleration on guests of various types (since that is what vmware is good at) in kvm…

Or it could mean that they are dropping that feature from vmware altogether.

Regardless, I like this change because it means I would be able to run vmware machines and libvirt kvm machines at the same time, at least when I am forced to use vmware workstation.

I also dislike proprietary software in general, so I think less proprietary software and more FOSS is a good thing.

I found this: https://github.com/tenclass/mvisor-win-vgpu-driver

But it is for another foss kvm based hypervisor called mvisor.

I disagree, because they are not the same thing.

Immutable means read only root.

Atomic means that updates are done in a snapshotted manner somehow. It usually means that if an update fails, your system is not in a half working state, but instead will be reverted to the last working state, and that updates are all or nothing.

I create a btrfs snapshot before updates on my Arch Linux system. This is atomic, but not immutable.*

There is also “image based” which distros like ublue (immutable, atomic) are, but Nixos (also immutable and atomic) are not.

*only really before big updates tbh, but I know some people do configure snapshits before all updates.

Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?

I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it’s own instance of firefox, complete with different history, extensions, and setting. You could have a “Netflix” profile and a regular browsing profile.

As an alternative suggestion, consider using a linux laptop with a drawing tablet.

I use a wacom intuos s with bluetooth to takes notes on xournal++, although rnote should work as well.

Not infinite ram. I’d say double ram, plus there is a noticable, but quick delay when switching to an application that was compressed by ram. But it’s much, much faster than switching to an app that was swapped to disk.

Cachyos (arch based distro) does this hy default.

Amazon has a “refurbished” program, where you can find lots of cheap thin clients and smaller form factor desktop machines.

However, the refurbished computers often have their SSD/HDD replaced with a crappy one that is unreliable, so I would recommend assuming that you assume that you will need to buy storage in addition to that.

But, overall I really like Amazon Refurbished because you get a better quality guarantee (warranty/returns), but a cheaper price.

Winlator is really just termux + proot + box64 + wine wrapped in a neat UI (+ controller support). You can, and people have set this up manually before winlator came along. You’ll either need termux-x11 or vnc for the GUI.

Mobox is a similar project that does this automatically via a script… but I don’t see a license in their github repo, plus they require the proprietary input bridge for touch controls.

Termux recently got moved off of the play store (kinda), and is now only available on f-droid/github, because Google was further locking down what they allowed on their store.

And in addition to that, they recently added a restriction in later versions of Android: “Child process limit”. Although this limit used to not there, when enabled, it prevents users from truly running arbitrary linux programs, like via termux.

Although the child process limit can still be disabled in developer options, it doesn’t bode well for how flexible base android in the future will be, since many times corpos like Google move stuff into the “secret” options before eventually removing that dial all together.

TLDR: Termux has been, and is a thing… for now.

Also, I want to shout out winlator. It uses a linux proot, similator to termux, and has box64 and wine inside that proot that people can use to play games. I tested with Gungeon, and it even has controller support and performance, which is really impressive.

So I don’t know how much you know about the shell, but the way that the linux command line works is that there are a set of variables, called environment variables, which dictate so me behavior of the shell. For example, $PATH variable, refers to what directories to search through, when you try to execute a program in your shell.

The documentation you linked, wants you to create a custom shell variable, called SCALE_PATH, consisting of a folder path, which contains the compiled binaries/programs of scale you want to run.

This command: export PATH="${SCALE_PATH}/bin:$PATH"

temporarily edits your PATH variable to add that folder with the scale programs you want to run to your path, enabling you to execute them from your shell.

Thorium’s entire focus is on performance. As another commenter has noted, that means no security updates, and no privacy features.

I wouldn’t recommend it for daily use, but if you are playing a browser based game it’s worth testing out. I used to play krunker.io and I tested it to see if I could get more FPS (FPS equaled faster movement speed back then), but I didn’t see any major performance improvements over the major krunker clients or Microsoft Edge (other most performant browser).

No, I think if you’re using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.

https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers

So, officially no. But there are ongoing theories in the r/emulationonandroid subreddit that they are.

I think it could be either way, but it’s unlikely that they are the same person. In both cases, harassment caused them to shut there projects down, which could be a reasanobale coincidence, or could be indicative of a larger harassment campaign.

Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.

Cal state northridge?

https://wiki.archlinux.org/title/List_of_applications/Internet#Pastebin_services

That pages shows how to use curl to upload to 0x0.st.

I’ve used the pastebinit program listed on that page to upload to paste.debian.net, but it supports other sites as well.

Because forgejo’s ssh isn’t for a normal ssh service, but rather so that users can access git over ssh.

Now technically, a bastion should work, but it’s not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn’t it be configured within the other tools used for exposes services? (Reverse proxy/caddy).

And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn’t do.

So, I’m not gonna pretend flatpak doesn’t use more space then normal apps, but due to deduplication (and sometimes filesystem compression), flatpaks often use less space than people think.

[nix-shell:~/Playables/chronosphere]$ sudo /nix/store/xdrhfj0c64pzn7gf33axlyjnizyq727v-compsize-1.5/bin/compsize -x /var/lib/flatpak/
Processed 49225 files, 21778 regular extents (46533 refs), 22188 inline.
Type       Perc     Disk Usage   Uncompressed Referenced
TOTAL       53%      898M         1.6G         3.6G
none       100%      499M         499M         1.0G
zstd        34%      399M         1.1G         2.6G

[nix-shell:~/Playables/chronosphere]$ du -sh /var/lib/flatpak/
1.7G    /var/lib/flatpak/

I only have one flatpak app installed, and du says that takes up 1.7 GB of space… but actually, when using a tool that takes up BTRFS transparent compression into account, only half of that space is used on my disk.

I recommend using compsize for a BTRFS compression aware version of du and flatpak-dedup-checker for a flatpak filesystem deduplication aware checker of space used.

I think flatpak absolutely does use up more space, because yes, it is another linux distro in your distro. But I think that’s a tradeoff people accept in order to have a universal package manager for graphical apps.

Also, you can flatpak cli tools. They are just difficult to run at first because you have to do the flatpak run org.orgname.appname thing, but you can alias that to a short command. Here is a flatpak of micro, a terminal based text editor.

(I prefer nix for cli tools though, and docker/podman/containers for services).

So based on what you’ve said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?

Yeah, I don’t even know sharing Unix users is possible. EDIT: It seems to be based on comments below.

But what I do know is possible, is for Unix/Linux to get it’s users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.

Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo

After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server

Or you could have a config file for the openldap server

RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I’ve seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.

OP is on OpenWRT (a router distro), and Alpine. Those distros don’t come with very much by default, and perl is not a core dependency for any of their default tools. Neither is python.

Based on the way the cosmo project has statically linked builds of python, but not perl, I’m guessing it’s more difficult to create a statically linked perl. This means that it’s more difficult to put perl on a system where it isn’t already there, and that system doesn’t have a package manager*, than python or other options.

*or the the user doesn’t want to use a package manager. OP said they just want to copy a binary around. Can you do that with perl?