I personally would be hesitant to host Immich publicly until they’ve done a security audit. The risk of accidentally exposing my photos publicly is too big for me.
That’s why I recommend using Tailscale or Wireguard directly. Personally I’m using Wireguard for me and Tailscale for other people I want to easily access my services.
I prefer swap files over swap partitions, because it makes it my partition layout simpler to manage.
If your using a swap partition, make sure it’s located on an encrypted partition, else it exposes data stored in RAM (encryption keys etc). With SSD’s it’s difficult to make sure this data is actually deleted, even after overwriting.
My preferred setup for a long time was LUKS with btrfs on top. Then subvolumes for /
, /home
and the swap file (+ /var/cache, /var/log etc.). This gives me peace of mind nothing is unencrypted except /boot.
Nowadays I simply use zram, which allows for a small part of RAM to be compressed for swap. It’s great, simple to setup and performs well. Imo it should be default for all desktops.
For swap files on btrfs COW and features like compression have to be disabled. I believe for btrfs the swap file even has to sit on a subvolume with those features disabled, so it’s not enough to only disable them for the swap file.
After 15 to 20 years of 64bit supporting systems being sold, I don’t think it’s an issue to drop 32bit support. Even if someone wants to use such an old pc for any reason, it should be fine to run an older version of Minecraft. There’s still MC 1.8 servers around, and they’ll likely continue to exist for many years to come.
Online transactions require a second factor which displays the actual amount to be transferred. This works by either an app which receives the transaction data (recipient, how much) over the network, or a device which takes the bank card and is used to scan something similar to a qr code. The device then displays the transaction data.
This makes sure a fraudulent site can’t easily change the amount or the recipient of a transaction, even if they somehow made an identical website (or close enough).
For remote transactions (e.g. online payments), the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising the risks in case of mistakes or fraudulent attacks.
https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html
It’s not perfect, especially with people using a banking app and the second factor app on the same device for convenience sake.
That’s a bummer. Seems like Google Pixel and Fairphone are the only ones left. I don’t even know why manufacturers wouldn’t allow for relocking or even unlocking of their phones. I can’t imagine they make much money with user data and the phone is already paid for. Warranty claims shouldn’t be much of an issue either, as modifications can be easily detected and it’s likely not a relevant amount of people anyway.
The banking apps I’ve tried don’t require SafetyNet, instead they use Android AOSP’s basicIntegrity
. The latter doesn’t require certification by Google, but also checks whether the device is rooted and the bootloader is locked.
This means custom ROM’s on most devices won’t pass basicIntegrity
, as only Google Pixel, OnePlus and Fairphone allow for relocking the bootloader.
At least in the EU web browsers don’t allow for authenticating transactions (beyond a limit of e.g. 30€). Either an additional authenticator app or a standalone card reader is mandatory.
Luckily my banking apps work flawlessly on GrapheneOS and even microG, likely because of they care about the bootloader being locked again.
Yes, it’s sad that Canonical is pushing Snap before those kinks are ironed out. In general it’s a solid distro for people not familiar with Linux, but having to stumble over those issues is a dealbreaker.
Linux being easier than Windows is true in some ways, but it completely sidesteps issues Windows and macOS solved for a while, e.g. forcing users to upgrade. It’s annoying but some people just… don’t do the bare minimum. E.g. a friend’s dad has been using Linux for probably a decade by now, and for some reason apt auto upgrades broke (likely powerloss during upgrade). An image based OS like Fedora Atomic doesn’t have this issue, as it won’t apply updates to the running OS (by default).
Having issue with the Steam snap isn’t surprising, as even Valve recommends against using it. A few years ago flatpak Steam had similar issues that got fixed over time.
For now I hope you’ll have more luck with the .deb!
It’s not possible to dd a Windows ISO to a USB stick.
What way too many people fail to understand, because Linux ISOs are applying this method, but this is essentially a MAJOR HACK CALLED ‘ISOHYBRID’, is that, in most cases, you cannot simply take an ISO image and copy it byte for byte to a USB drive, and expect that to boot.
But is it useful what you’ve learned? Could’ve learned something else.
(But I’m commenting on a meme, instead washing my dishes, both things that didn’t teach me much).
After using multiple tiling compositors over the years, I’m pretty much set in how my system works. There’s not much I have to do, except the occasional tweak to keybinds for launching apps, adding some window rule or changing my monitor layout. Those are things I’d have to do on any DE and they don’t take any longer.
Until I need something unexpected not yet set up by me, e.g. switching keyboard layouts. But it’s been a long time since I needed to do any of that. That’s the beauty of config files stored in git: Once it’s set, just forget about it.
Edit: I do agree though, the time it took to arrive where I am is considerable and definitely not something I recommend to others who value their time.
I notice lately that many memes origins are worse than I thought from the context they are used in. Racist, homophobic, and lying people are not something I usually accept as entertainment, but they sneak their way unnoticed into my (non-news) feed through memes. I guess most people won’t know the origins of the meme and use it according to the meaning they formed on their own. Other memes like the distracted boyfriend meme are meaningless stock photos, so I understand why many people use memes without thinking about the origins.
Anyway, thanks for pointing out who the person in the picture actually is.
You’re likely right, it seems like they made use of the code being open-source and distributed it freely after getting access through patreon. Each commit is quite big with all the source code changes of the specific early access build.
Someone pedantic: It’s source-available, because it doesn’t grant the necessary freedoms to e.g. redistribute and modify the code.
The features weren’t exactly paywalled, as the source code was always available. They merely provided beta builds to patreons, that were also available free of charge by someone else [1].
~~[1] https://github.com/pineappleEA/pineapple-src/releases~~
Selling emulators is legal, as far as we know (been a while since the last ruling). If it’s true what others have pointed out, that yuzu devs were distributing copyrighted material in their public discord and talking open about privacy, then Nintendo has support for their argument that yuzu was intentionally designed to circumvent copy protection and purposely facilitates piracy.
For most use-cases, yes. I wouldn’t want to use any distro without simple rollback anymore. This boils down to Fedora Atomic, NixOS, or btrfs + any distro.
Great to hear it works! I’ve also had issues with the SteamLibrary not being detected a few times over the years, but that also happened on SteamOS so I guess it’s a bug.
Immich recently changed license from MIT to AGPL. As far as I understand they can’t sinply relicense to a non-free license unless they redo a good chunk of code from the last half a year.
If they still used the MIT license I’d be worried too.