• 0 Posts
  • 84 Comments
Joined 6 months ago
cake
Cake day: June 23rd, 2024

help-circle

  • It’s a bit of a problem that there’s no serious contender to NixOS. Especially Guix is in a good position to become an alternative.

    But it will never happen, because of GNU. And before I continue, I want to make clear that this is not to shit on them.

    But realistically, only a fork could make it relevant. NixOS, despite its issues (documentation, flakes, whatever), has a massive mindshare: it’s a huge repository with very up-to-date packages, a lot of modules, and devshells are just a very handy thing for developers. You often find flakes in random GitHub repositories for that reason. There are sponsored efforts around the distribution (like lanzaboote). There are (semi-)commercial entities set up around it (numtide, determinate systems, tweag…)

    The difference between NixOS and Guix is probably so large that no commercial provider would want to put in the required work to bring Guix up to speed, and GNU is committed to other values. As such, I think only a very big volunteer effort could make a difference.






  • If I had a different specialisation, I’d probably care. But my job is mostly reading and writing documents, and they installed Miktex on my office machine, so I don’t want to complain.

    We do have formal security requirements to meet though, and I think in general locking down machines in your network is the correct choice. But it’s probably not needed in every job


  • Their higher-end models seem of nice build quality at least, but that’s something I just expect at a certain price point.

    Linux isn’t even an option at my current job, it’s WSL if anything. And that on the development machines only. Office work machines are Win 10 without any privileges, which I’m fine with. Employer pays for the time I take longer for certain things. His choice.

    Unfortunately, there aren’t that many great European options, so buying somewhat domestic is hard.


  • Ah, okay. I do have thinkpads for work, same at my previous employer, I’d say they’re pretty forgettable, not sure I’d buy Lenovo for anything that needs to be particularly secure, just read the English wiki entry for Lenovo about security incidents, but I’d be more careful when procuring for work, especially in certain fields.


  • Laser@feddit.orgtoTechnology@lemmy.worldAll the other brands went along
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    2
    ·
    edit-2
    18 days ago

    Excuse my smugness, but being excited for your premium laptop maker to bring back a feature that is standard basically everywhere (all of my four laptops have HDMI, and out of those, my two non-work ones also come with DisplayPort) is such an Apple thing

    It’s like these people claiming that you need that connectivity for a lot of work were right.


  • The way I do it with webservices is that I serve them all from virtual hosts. Scan my IP on port port 80? 301 moved permanently to same host port 443. 443? Welcome to nginx! Which webservice is actually served depends on the hostname being requested. The hostnames are just part of a wildcard subdomain with a matching wildcard certificate, so you can’t derive the hosts from the blank landing page’s cert. Though one option would be to disable https when no matching virtual host is found.

    I know this isn’t protection against sophisticated attackers, but nobody uses my home services except me when I’m not home so the exposure is very limited.

    Anyhow, with Plex you have a central provider who, if I’m not mistaken, knows a lot about how their customers use their product. The angle of attack is different.


  • Are you talking about TPM 2? Because I don’t think that makes classic ransomware more difficult. Also it doesn’t have to be strictly a motherboard feature, e.g mine comes without a fixed hardware TPM, but my processor supports fTPM, which has up- and downsides. But it works as a TPM.

    Also MS: Sadly, if your tech doesn’t have these features you cannot upgrade and it will be insecure because I will not make updates for it.

    Technically, this isn’t true, MS will continue to update Windows 10 and even individual users can receive these officially through the Windows 10 ESU program: https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates

    Not that I’m in favor of what they’re doing, I think they should rather support older hardware with Win 11 and require modern features only on modern systems. But from a security standpoint, their decision is actually good, as it builds a secure foundation. Most private users will just do whatever on that foundation (e.g. run random stuff from the Internet), but I think going forward, this is the right choice, though probably for the wrong reason of doing Intel a favor.


  • The problem I have with this is that there’s no definition of what “owning” means. Never have individuals bought a game and then owned all rights associated with it. It was always a license that included personal use and nothing much else.

    However, due to how media distribution worked, this license was generally valid forever and could be transferred to another party, and these two factors - especially the first one - make a good point: why would I enter such a license if the other side can factually nullify it at any point, while I lose that option after a certain time?

    Apart from that, media piracy was never stealing in the first place. It’s about unlicensed usage and distribution of media. And rightholders can’t be surprised if people don’t license it if the construct is so stacked to their disadvantage.








  • Laser@feddit.orgtolinuxmemes@lemmy.worldI enjoy creating conflict
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    27 days ago

    Snaps both predate flatpak and do things that Flatpaks are not designed to do.

    By less than a year judging by the article… and for individual applications, there was AppImage.

    Snaps can do things flatpaks can’t do. Which is true but also kind of irrelevant if we’re talking about a means to distribute applications in a cross-distribution manner as opposed to a base system A/B partition solution.

    Or am I misunderstanding?