Where are these OEMs that allow proper bootloader unlocking on most of their range?
Google, Sony ...? Huawei stopped doing it, Oppo & Samsung doesn't last I checked.
IIRC docker on Windows lives inside WSL, so everything is done on Linux anyway. What's the issues you're getting?
The typical way involves something outside your network acting as a proxy. Your home network VPNs to this proxy, then the proxy sends requests down to your homelab.
I used a VPS and a VPN, I would connect to the VPN endpoint on the VPS, and then route all traffic back down to home.
You can also run a reverse proxy on the VPS, so it does TLS for clients, and speaks to the servers direct over the VPN.
Another option is things like Cloudflare tunnels, which means cloudflare does the "VPS and VPN" part of the above, but the tradeoff is that your have to trust cloudflare, rather than yourself (may be a positive or not depending on your perspective).
Lastly you could use something like tinc (which needs something on the outside to act as a negotiator) to form a mesh between NAT'd devices.
It means that if someone breaks out of your container, they can only do things that user can do.
Can that user access your private documents (are these documents in a container that also runs under that user)?
Can that user sudo?
Can that user access SSH keys and jump to other computers?
Generally speaking, the answer to all of these should be "no", meaning that each group of containers (or risk levels etc) get their own account.
There's mt32-pi, a baremetal app that emulates the classic MT-32 MIDI synthesizer.
For better or worse, the Pi (2+) seems to be the only SBC with a video output that can do 240P or other funky CRT resolutions (the DPI interface on the GPIO).
(If you buy a suitable device) You don't have to use the preloaded OS (see Graphrne, Lineage etc).
I've got three of these, pity the batteries leak THROUGH the wires and end up corroding stuff on the board.
Fun little novelties but not very practical do do anything with these days. Maybe I'll write a small program to turn it into a keyboard...
Not quite, I have to go through out of box, and then join it to the domain, but then yes!
Applies security policy, install apps, disables bloat, login in with central username and pass, get mapped drives etc
I have a Windows AD domain and have my preferences and some apps as GPOs.
In the server world we use Ansible, or in some cases maybe PowerShell DSC.
Ansible is much more focused on Linux and orchestration, but does have some support for Windows, and DSC is for Windows Servers.
Both use YAML or similar structured config to impart a state, e.g.
- name: Install Firefox
Ansible.builtin.package:
name: firefox
state: present
Meaning that ansible does the legwork to make sure FF is installed.
No, this is
- buying a surface from Microsoft
- immediately wiping it and installing Linux
- Microsoft then forcing you to authenticate using the device that is only tied to your account via purchase, and NOT login records, AND disabling other forms of auth
gedit in native Linux or WSL2. use it for Ansibke, python, C, bash, basically anything I need to edit. Has a git plugin, bottom terminal pane, left open files / current folder pane. Does all I need it to do, and it's not a huge fuckoff electron app.
I'm pretty certain that the USB IF decided to use the max possible Gbps as the cable rating, rather than the mess that was
USB 3.0 USB 3.1 USB 3.1 (Gen 1) USB 3.1 (Gen 2) ...
So it's more likely apple are just being specific in the type of cable you need.
There is a db migration command that I used to do the same thing, was pretty painless, just needed to run that and then update the config iirc
Landing gears are usually designed to drop by gravity (or manual hand cranking) alone if there's a hydraulic failure.
Just a point of clarification: Don't use RAID 5 for more than 2-4 TB. The rebuild takes so long that the mean-time-between read errors statistic basically guarantees a read error while rebuilding, which may cause the controller to trash the array.
That and rebuilding that much data might push one of the drives over the edge anyway.
The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application's ability to function, and that of Termux as well.
That sounds like proper security to me? Inability to access the user's storage is a bit lame, but they've been moving to nicer APIs for that anyway.
Android is a mobile phone OS, not desktop / embedded Linux.
One thing that people miss - either out of ignorance, or because it goes against the narrative - is that systemd is modular.
One part handles init and services (and related things like mounts and sockets, because it makes sense to do that), one handles user sessions (logind), one handles logging (journald), one handles networking (networkd) etc etc.
You don't have to use networkd, or their efi bootloader, or their kernel install tool, or the other hostname/name resolution/userdb/tmpfiles etc etc tools.
I'm going to agree with Burstar here - if you're setting out to prove that something is possible, you're going to give it the best chance you can. Once you know its possible (whether its something like using an arduino to simulate an old price of hardware, or if a compound can cause cancer), you go and refine it down.
So allowing any random, possibly compromised, possibly installed by malware, add-on to run during the Firefox account login pages (see the list of URLs in this thread) isn't a security concern to you?