Why is a hypervisor the best we got? Why would better than a dedicated bare metal server? Why would the attack surface if a hypervisor be smaller than the attack surface without one?

Honest question

Thanks for evaluating! The exploit was explained to me that an unpriviliged user/Programm could use it to get root access on the whole system, which I my mind included the hypervisor. Further reading seems to proof you right, while containers were broken VMs were not.

My point still remains, although weaker: If you know exactly what you are doing you can get a system quite secure, if you are a hobby server owner like me, its not that easy. I would have not know that the use of VMs instead of containers has sooo major security implications, that something so fundamental as ssh could be exploited in such large scales, and clustering would have been needed to avoid being unsafe.

Sure, noone would use an zero day on me targeted, the thing is: I am not working in the field, from publishing of the exploit till learned about it and had the time to patch, there were a few weeks. If in those few weeks someone deploys a tool going for mass and not for single targets, I would probably be infected and added to some botnet, cryptominer or whatever.

If I have a bare metal dedicated server, which has only access to IPs contained in my whitelist on a dedicated opnsense, I have less to wory about. Sure, someone could still find a openbsd/opnsense exploit and get me, but my point is: complex systems break in complex ways, the more complex systems you use, the more attack surface u have, need to know and understand to control and mitigate it.

Not that its impossible, but for a hobbyist who tries to self teach with man pages, tutorials and forums, you can get pwnd in unexpected ways (like because you used a container for dodgy Chinese smart home devices and expected that your production environment would be safe even if one of them was malicious, but in fact you were not, because that would have needed to be a VM. AND: before copy fail was published, users would have probably also told you that containers are safe.

Eternity is really nice

First ad i genuinily enjoyed reading

I was going to build my system like that, but recently learned that host client isolation is not as strong as people make you believe.

just a few weeks ago we learned that copy fail (security vulnerability) was on major distros for years until it was fixed, it would allow containers and VMS to infect the host system. Xz utils could also lead to a broken host client separation, as proxmox uses ssh for clustering and the like.

So for really important stuff I am going to have a dedicated physical server or put it in cold storage altogether.

That said, I am by no means an expert so feel free to correct me if I got something wrong.

Agree with you in general, but I think a lot if people here are not really informed what differences there are materialistic ideologies.

Yes, Stalin bad.

But Guevara is not Stalin.

Marx is not che

Engels is not Marx

China is not communist.

Marxism is not materialism

Socialism is not communism

Also the amount of people bringing the "the 3 times people tried socialism were bad, so the whole ideology must be bad" argument are way to high IMHO.

How many times was capitalism tried? How many times it worked out? Is the USA a "functioning" state with all the oppression, racism, greed, invading other countries out of monetarian interest and environment destruction?

While I agree with you, that oppression is bad, no matter what the oppressor calls himself, we should talk about policies without resorting to dogmas and generalising people in favor of fear the hegemonic class is propagating to stay in power.

Wtf. Hard to believe this is real... Do only certain far right private schools do nationalistic stuff like that or is it a common phenomenon over there, like are public funded schools allowed to do bs like this as well?

EDIT: WWWWTTTTTFFFF

" All states except Nebraska, Hawaii, Vermont, and Wyoming require a regularly scheduled recitation of the pledge in public schools.[13] Many states give a variety of exemptions from reciting the pledge, such as California which requires a "patriotic exercise" every day, which would be satisfied by the Pledge, "

To be honest its a miracle you guys didn't turn facist earlier with stuff like that.

First of all Linux isn't a company, but the name some dude named Linus gave his code he put for free on the internet.

Most modern Linux distros are still not run by companies, that's why they don't force the data collection, ads, ai etc down your throat.

That said: Linux is made from thousands of interlocking programs, scripts, services and libraries, made mostly by some guys or gurls in their free time. So with a lot of stuff you need to fit it to your needs, as granular customization is to troublesome to have working out of the box for every different usecase there could be. So with most stuff you should not be afraid to learn the basics of terminal commands (packet manager, editor, foldermanagment)

Some OS like Ubuntu and manjaro do a lot for you, but if you have weird double monitors, you may need to manually do some stuff.

If you want as much as possible easy install options I would go with manjaro - then you can install everything where users made an AUR (arch user repository) package. Check if they have all programs you want, if not look for alternatives.

If you want a more stable system but with a bit less possibilities, go for Ubuntu, debian, popOS or something like that.

Some things may never run, for example for my music daw(ableton) with low latency and not native support on Linux or the htc vive wireless (where there isn't a driver for the PCI card for Linux) I keep a win machine around. Day to day use is on debian on my side

I'm German and that is bullshit. Never heard of mäusespeck, everyone just calls them marshmallows and they are labeled as marshmallows in the store

EDIT: I was made aware that the Problem seems be that im not a boomer. 30 years ago, when i wasnt alive, they seemed to be called this. In my WG there are people over 30 though and they also never heard of this (hessen)

Making the basic rules like Active moderation against racism, sexism, homophobia and transphobia should be a no brauner. Pls add this rule

Beating the far right? Dude they are second strongest here in Germany, had massive gains and I live in fear I will see the second German fascism soon.

What the guck do you mean beating them?

Feel safe? You think Apple is targeting them?

EDIT: not the case for all we know, situation seems to be complex and they don't want speculation

https://vt.social/@lina/114184253273866198

This isnt a shitpost community...

Most communists/socialists arent tankies (even if .ml tries really hard to convince everyone otherwise) but identify with hammer and sickle too :(

But fk tankies, I'm with you on that

Better? Maybe!

More efficient? Surley!

But easier?! Hell no! Easy means you can use it without a lot of training or studying. It is self explanatory. And there is no way on earth that vim is easier than nano. I don't need to know anything to use nano I need to check docs for hours before I can even start using vim

I was imagining something like this in hexbear or lemmygrad, as people there seemed quite dogmatic at times, but even on Lemmy.ml? Sad to see this, as I had mostly positive interactions there till now

US becoming facist is one oft the biggest news here, as they are our hegemon.

Greetings from Germany

Also the neolibs fucked with social democrats and greens for long enough they got fired

"Lost its radio signal" As if we didn't have footage of them jamming

"Blockade to avoid weapon delivery"

"Ship carrying humanitarian aid"

"These antisemitic flotilla"

"The IDF prepared in advance to intercept the ship before it could enter Israeli territorial waters; "

Enough said

No, Pleaso no, god no