![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.ml/pictrs/image/q98XK4sKtw.png)
While that is true, the question is whether that’s a good thing, or not, and for whom.
While that is true, the question is whether that’s a good thing, or not, and for whom.
chmod -R
the directory first?
As long as it was encrypted with LUKS headers and not a raw cryptsetup resize
is totally capable of resizing partitions/LVs.
Entirely depends if you count HGST as Western Digital or not, because they by far dominate the back blaze reliability scoreboards. IronWolf don’t even come close and are extremely hit or miss depending on capacity.
https://www.backblaze.com/blog/backblaze-drive-stats-for-2023/
No a chroot is indeed not a container/namespace. I’m not sure what you’re getting at here. Flatpak isn’t a chroot and what I suggest you try isn’t either.
Flatpak absolutely does use containers for sandboxing. Bubblewrap is wrapper for Linux namespaces. Containers is just another name for the underlying kernel technology called namespaces. Same goes for Docker, LXC, Podman, systemd-nspawn, Firejail, etc. It’s all just userland frontends for kernel namespaces. man bwrap
, you can also use the generic unshare
to create them and nsenter
to enter those same namespaces. It’s cool technology, it’s very easy to use, a simple flag on your exec or opening of an existing fd is all that is required. I used to work on one of the many userland frontend, even have gotten a couple PRs from Jess Fraz who was one of the core Docker devs. Userns still scares the removed out of me (pretty much every single escape has come from them).
Here’s a fun experiment for you: create a root fs using debootstrap and then enter it using unshare and chroot! Tada! Container!
How can you guarantee that depencies are compatible across versions? That’s a fundamental point I think you are missing.
I’m curious why you would think that containers are bloat? They require virtually no resources and are built into the kernel. A container is literally just a flag that you add when you exec on an executable binary.
I mean sure, but that’s a period of like a couple months every couple of years.
Not sure what you’re on about… Sid and testing are usually pretty damn near bleeding edge.
How do I get rid of it.
Reinstall Debian… Problem solved, and you get rid of snap as a bonus!
You might need to disable secure boot (you can fix the bootloader shim and re-enable it later).
Why do you need a PPA? It’s packaged Debian already… https://packages.debian.org/search?keywords=guvcview&searchon=names&suite=all§ion=all
Malware attacking vulnerability in whatever third party software you end up using is far more likely. You can’t open a second tty with an existing SSH session, you’d have to authenticate again, which would require the 2FA. Using a GUI isn’t going to prevent “doing something very fast” and like I said you can rate limit ssh using nf/iptables if you think that’s helpful. I’m not sure what you are referring to when you say “terminal”, because that’s normally what is referred to as a tty.
I’m not saying this to be smug, everything you listed here is things ssh can do if configured to do so… 2FA can be configured in various ways via PAM (namely yubikey being the superior method, but the possibilities are limitless). Banning non interactive shells can be done with something along the lines of:
ForceCommand if [ "$SSH_ORIGINAL_COMMAND" ]; then echo "this server rejects non-interactive ssh usage" >&2; exit 1; else exec "$SHELL" -i; fi
Rate limiting is achievable via iptables/nftables.
Honestly, it sounds like you want ssh.
TBF I think that Phosh did a great job for small screens. I didn’t try GNOME on neither my PP nor Mobian OnePlus 6
https://www.redhat.com/en/blog/red-Hats-decade-of-collaboration-with-government-and-the-open-source-community