Unfortunately, no. Samba needs a different label. Doing that relabels things so that only containers (and anything unrestriced) can access those files.
Unfortunately, no. Samba needs a different label. Doing that relabels things so that only containers (and anything unrestriced) can access those files.
IMO, yes. Docker (or at least OCI containers) aren’t going anywhere. Though one big warning to start with, as a sysadmin, you’re going to be absolutely aghast at the security practices that most docker tutorials suggest. Just know that it’s really not that hard to do things right (for the most part[1]).
I personally suggest using rootless podman with docker-compose via the podman-system-service.
Podman re-implements the docker cli using the system namespacing (etc.) features directly instead of through a daemon that runs as root. (You can run the docker daemon rootless, but it clearly wasn’t designed for it and it just creates way more headaches.) The Podman System Service re-implements the docker daemon’s UDS API which allows real Docker Compose to run without the docker-daemon.
If anyone can tell me how to set SELinux labels such that both a container and a samba server can have access, I could fix my last remaining major headache. ↩︎
Preferring private spaces doesn’t mean being “pro car”. I very much prefer private spaces, but still overall prefer public transit. That just means I spring for a private roomette on amtrak even when it’s a non-overnight 8 hour trip to Chicago.
That’s a problem anywhere with user generated content & user defined communities. The usual example is that when BOTW came out there were at least half a dozen subreddits created and more than one survived, so there were two that were both really popular at the same time and that’s in addition to multiple Zelda and multiple Nintendo subs that might all get the same links/posts.
Its a non-powered version of a hot shoe, both of which are the thing you use to mount an external flash that’s on the top of a lot of (all?) full sized cameras.
It’s for a hook to keep the handset on when the phone is mounted flat on a wall. It can usually be slid/folded down or removed when its not need.
You can only do that with Firefox Developer, can’t you? And IIRC, they self uninstall after a week or something, don’t they?
Oh, I’m confident(-ish) in my ability to review the code, but as I understand it I have no way to guarantee that the code that’s on github is the code that AMO installs. Plus updates are automatic, so I have no way to ensure that something malicious won’t be added anyway.
I keep thinking about installing this, but the required permissions seem a bit excessive:
This add-on needs to:
- Input data to the clipboard
- Access your data for all websites
Anyone know if the ‘All Access’ permission is really required for what this is doing? It just feels wrong. There isn’t some sort of “Control Navigation for These Domains” that it could request for each enabled site or something is there?
If you have any straight straws, you might want to hold them up to the light. They get pretty grody on the inside.
Yep, the extra sad thing is that there are actually sold listings too: https://www.ebay.com/sch/i.html?_nkw=steam+deck+OLED&rt=nc&LH_Sold=1&LH_Complete=1
Some people just can’t be helped, I guess.
Bad Bot! You stripped out the only important part of the article:
For the special Limited Edition version Valve has said:
You need to be in the United States or Canada. Your account needs to be in good standing. Your account needs to have made a purchase on Steam before November 2023. Only one unit may be purchased per account.
If their experiment with this extra Limited Edition model goes well, we may see others come in future.
Additionally, their FAQ also notes for the normal 512GB and 1TB Steam Deck OLED models you will only be able to purchase “1 model of Steam Deck OLED per customer per week” but they plan to relax that when they’re confident they can meet demand.
Also, the LE is still showing as in-stock for me: https://store.steampowered.com/sale/steamdeck_2023LE
I think the OOS labels it showed a couple times might have just been from the servers getting overloaded.
Yep! I got one.
Got it into my cart within seconds, didn’t even get through more than the cart screen before I started getting 502 errors. Eventually went out of stock. But, showed back in stock a few minutes later and I was able to get my order in. My order email shows 12:29 (10:29 PST).
Already had a 512 Deck that I got in Feb 2022, but when you combine mainstream Linux gaming, OLED, and a translucent shell, apparently I have no self-control.
Fall Guys, have had it on steam since before it got bought by epic, having the SD and looking for good controller-based games right after I first got the deck convinced me to play it. I’ve played it almost every day since getting my deck in February of last year. Had been getting a bit bored of it just before the constructor update (user built levels), and the fact that it was broken for ~a week after an epic games services update didn’t help, but the new constructor levels sucked me back in. I usually play it in the morning to help me wake up, the whole bright colors & tight races thing really help my brain to start turning on.
Yep, it’s called a trackpoint: https://lemmy.world/post/7943240
Technically neither of these are donations, but:
I subscribe to Firefox VPN, and don’t actually even use it, just because I want to support them in a way where money could possibly towards FF dev and not just the Mozilla foundation (which can’t fun Mozilla corp work AFAIK).
I also have a supporter subscription at https://neocities.org because I support his ideals. Plus I get dirt cheap, easy to use static hosting out of the deal.
Edit: Oh, I guess humble bundle purchases might count, I do at least slide the sliders to make sure the charities get most of the money.
Edit 2: Oh and the Calyx Institute, that’s actually a proper donation to a registered nonprofit. With my $400/year donation I get a 4G hotspot with actually unlimited data. (They also have a $500/year for an unlimited 5G hotspot, I just haven’t felt the need to upgrade since they started offering that.) I also use CalyxOS, so it’s nice to feel like I’m supporting that.
Defense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
If your distro offers it, rootless podman + podman system service is the best setup, IMO. That will give you a docker
command that is 1-to-1 compatible with docker and lets you use tools like docker-compose that expect a docker service socket. Then you can just follow tutorials that only explain things for docker.
Assuming you meant de-federate, there are a few listed on https://fedipact.online/ that seem to be lemmy instances.