I dunno, why don’t you ask, eg: Russia?

Because by law in certain countries, homosexuality is persona non grata, and a filter needs to be there to legally operate in such countries.

Is this for a family PC?

Yep! Such container breakouts exist even today in Citrix !

removed like this was what got me into cybersecurity

I learned to program when I was 10 on a Commodore 64. And we would wear an onion on our belt which was the style at the time… Sorry, where was I?

Totally get that, but we live in a much more dangerous and predatory computer landscape these days. It would be foolish not to take some precautions.

Standard Ubuntu should have you covered.

One word of warning though, don’t be too egregious with the parental controls. If your kids are motivated enough, they will find a way around it.

Education really is your best weapon here. Tell them about the dangers of the modern web and computing.

What they mean is if you are a affiliated with a national government. You might also be a target if you are very very rich.

If you’re an average Joe, they probably won’t burn it on you.

Because those are regular jobs and skills? Okay, maybe not COBOL nowadays but still.

A corrupted password policy might do this

I would say that LibreOffice could potentially be more important than just a competitor to Google/MS.

With Google’s offering being cloud based and MS pushing the same way, in 10 years LO could be the main office suite that’s fully available offline.

Ah yes, everyone who disagrees is a shill. How productive.

The funny thing is, the people in the comments have done a much better job than you at providing actual arguments as to why Wayland isn’t great.

But here’s the thing about Wayland: it can and will get better. Unlike X11, the codebase of the various Wayland compositors isn’t 30 years of hack after hack making it an unmaintainable mess.

If we want to make desktop experiences that rival Windows and MacOS, including future versions, we have to make these kinds of changes. If we want to adapt to changing computing landscapes, we have to make these changes.

Wayland isn’t perfect but the Linux desktop world is in a much better place with it than without it.

The problem there is that what people come to learn about the Windows OS becomes ingrained into them as “how to use a computer”.

Almost all of that goes out the removeding window when you jump to a non-Windows OS, but especially Arch.

Did you try just a basic connection? Or is your target box using Network Level Authentication? (I’ve heard most Linux clients don’t play well with this)

Ohhh…they’re removeding around with FreeRDP? Why?! Even for someone who comes from Windows, how did they not just go ‘removed this, there’s got to be a better way’ and spend 5 more minutes Googling to find Remmina?

You say that like OpenCL hasn’t been an option for years now.

It’s also frankly not something they should have to do either.

No. They’re installing an RDP server (that is, you connect to the Linux box via RDP, not the other way around), not a client like Remmina.

Can confirm. SSH is the standard under Linux. OP will be happy to note that Windows has an inbuilt SSH client since Windows 10 that functions nearly identical to its Linux equivalent.

I can believe it. Because OP is trying to make Linux work like Windows. Note how for remote access, they jump straight to RDP and don’t even bother with SSH. Which Windows 10/11 has a native client for.

You would think you’d already have problems if someone’s managed to compromise one or more of your containers without you knowing though whether they can get the host or not

True, but the security idea behind being in a containerised environment is that your problems aren’t immediately made worse by the fact that your database server is on the same machine as your web application - since they’d both be on separate but networked containers.

What if anything do people do about anti virus in containers?

The real threat to containers isn’t AV-detectable malware, but Remote Code Execution (RCE) exploits.

Containers are best used as single purpose installations. With that configuration, it isn’t easy to get non-standard executables - including malware - onto a container.

Most RCE exploits also don’t involve the dropping of malware files onto the file system. There are some that do, but that issue is better handled in other ways.

Why? Well AVs only do something about binaries they know or think to be malware. A well crafted, customised Cobalt Strike beacon (aka: malicious remote control software) will blow through any resistance an AV has to offer.

So what do we do? Remember what I said that containers are best used as single purpose installations? Therefore you know exactly what executables should be running, making it trivial to set up executable whitelisting. That means that any executable not on the list will not run.

But even that isn’t completely bulletproof. It won’t do much against web shells, in which case your best detection mechanism is to look for applications calling /bin/bash or /bin/sh that shouldn’t be.