Is there a way to do something like this on KDE? I’m considering streaming soon, and I want to be able to share some windows, but not all, or only share a workspace/virtual desktop with my stream.

Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?

I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it’s own instance of firefox, complete with different history, extensions, and setting. You could have a “Netflix” profile and a regular browsing profile.

Eventually? How about now?

https://github.com/brunodev85/winlator

Amazon has a “refurbished” program, where you can find lots of cheap thin clients and smaller form factor desktop machines.

However, the refurbished computers often have their SSD/HDD replaced with a crappy one that is unreliable, so I would recommend assuming that you assume that you will need to buy storage in addition to that.

But, overall I really like Amazon Refurbished because you get a better quality guarantee (warranty/returns), but a cheaper price.

As a someone who has used both Arch, and Debian, neither has less or more bugs.

Debian has the same bugs, over the period of their stable release, and Arch has changing bugs (like a new set every update lol).

Yes, Arch is going to get a lot more features. But it comes at the cost of “instability”. Which is not so much a lack of reliability but instead, how much the software changes. I remember a firefox bug that caused a crash when I attempt to drag bookmarks in my bookmarks bar around, which lasted for like a week — then it went away.

The idea behind projects like Debian, is that for an entity that needs stability, you can simply work around the bugs, since you always know what and where they are. (Well, the actual intent is that entities write patches and submit them to Debian to fix the bugs but no one does that).

Another thing: Debian Stable has more up to date packages than Ubuntu 20.04, and Ubuntu 22.04. This happens because Ubuntu “freezes” a Sid version, and those packages don’t get major updates for a while. So often, the latest Debian stable has newer packages than the older Ubuntu releases.

Linus complains the author didn’t submit the patch to some places for public comments and testing BEFORE requesting a merge.

Although a reasonable expectation, I can’t find anything about this on the kernel.org docs for posting patches. They seem to imply that you just check and verify your patch before submitting it on the kernel mailing list, but that’s it. I didn’t see any mentions of mailing lists explicitly for feedbacks or other conventions.

And before you start whining - again - about how you are fixing bugs, let me remind you about the build failures you had on big-endian machines because your patches had gotten ZERO testing outside your tree.

As far as I know, the Linux Foundation does not provide testing infrastructure to it’s developers. Instead, corporations are expected to use their massive amount of resources to test patches across a variety of cases before contributing them.

Yes, I think Kent is in the wrong here. Yes, I think Kent should find a sponsor or something to help him with testing and making his development more stable (stable in the sense of fewer changes over time, rather than stable as in reliable).

But, I kinda dislike how the Linux Foundation has a sort of… corporate centric development. It results in frictions with individual developers, as shown here.

Over all of the people Linus has chewed out over the years, I always wonder how many of them were independent developers with few resources trying to figure things out on their own. I’ve always considered trying to learn to contribute, but the Linux kernel is massive. Combined with the programming pieces I would have to learn, as well as the infrastructure and ecosystem (mailing list, patch system, etc), it feels like it would be really infeasible to get into without some kind of mentor or dedicated teacher.

Thorium’s entire focus is on performance. As another commenter has noted, that means no security updates, and no privacy features.

I wouldn’t recommend it for daily use, but if you are playing a browser based game it’s worth testing out. I used to play krunker.io and I tested it to see if I could get more FPS (FPS equaled faster movement speed back then), but I didn’t see any major performance improvements over the major krunker clients or Microsoft Edge (other most performant browser).

Linux mint debian edition is not based on testijg, but rather on stable*.

This misconception may be caused by the fact that the latest debian stable, has newer packages than many of the older-but-not-ancient ubuntu releases, which were originally based off of debian sid.

*I cannot find a first party source for this, only third party

Linux Mint Debian Edition 6 hits beta with reassuringly little drama. Think Debian 12 plus Mint’s polish and a friendlier UX for non-techies

https://www.theregister.com/2023/09/13/linux_mint_debian_edition_hands_on/

Sorry. I meant if you wanted to use only packages from one set of repositories/one distro, for if you were looking for lower level packages like the kernel or desktop environment to be updated.

I cannot find anything related to that in their documentation, their about page, or their whitepaper.

They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.

Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.

No, I think if you’re using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.

https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers

I read through the docs. I’m not sure how this enables trusted computing.

There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

https://en.m.wikipedia.org/wiki/Trusted_Computing

Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.

Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.

I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.

There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.

Cal state northridge?

Because forgejo’s ssh isn’t for a normal ssh service, but rather so that users can access git over ssh.

Now technically, a bastion should work, but it’s not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn’t it be configured within the other tools used for exposes services? (Reverse proxy/caddy).

And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn’t do.

So based on what you’ve said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?

Yeah, I don’t even know sharing Unix users is possible. EDIT: It seems to be based on comments below.

But what I do know is possible, is for Unix/Linux to get it’s users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.

Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo

After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server

Or you could have a config file for the openldap server

RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I’ve seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.

The solution to what you want is not to analyze the code projects automagically, but rather to run them in a container/virtual machine. Running them in an environment which restricts what they can access limits the harm an intentional — or accidental bug can do.

There is no way to automatically analyze code for malice, or bugs with 100% reliability.

Master Archer

Addictive arcade game about archery. Reminds me of flappy bird, not in the raw mechanics, but in the way they are both addicting in the same manner.