Joe

NFSv3 (udp, stateless) was always as reliable as the network infra under Linux, I found. NFSv4 made things a bit more complicated.

You don’t want any NAT / stateful connection tracking in the network path (anything that could hiccup and forget), and wired connections only for permanent storage mounts, of course.

How will running a CA limit access? eg. Do you want to do client side cert validation? That sounds like an overcomplication. Also not ideal to run a CA (have signing keys) on the proxy server.

It’s a trade off. “Free services” typically require more leg work and can come with legal or security risks. I used to have a great XBMC & torrenting setup years ago. I spent significant time customizing it and various plugins, extending scripts etc. I had fun, and took necessary precautions. Millions wouldn’t. Some are happy to pay €9/month to another evil corp for convenience (where it works for them).

Oh, they do have an plan with ads. You can’t really complain about ads if that is what you subscribed to, I guess. The price difference is €6 vs €9/month in Germany, btw.

The no browser support on phones kind of sucks though.

Disney+ has ads? I’m in Germany and I don’t see any. Where are you?

edit: removed comment about browser, as OP meant on the phone

https://opensource.stackexchange.com/questions/8367/is-the-term-open-source-a-trademark has a discussion about this.

The short story is that the OSI failed to obtain a legal trademark in the US for the term “open source” (software), resulting in many opportunistic companies and individuals adopting the term popularized by the OSI (which was founded by Eric Raymond, Michael Tiemann and Bruce Perens).

There was controversy at the time due to it being a business-friendly spin on the ideological “free software”, and I personally avoided using the term for many years as a result. Even without a trademark on the now generic term of Open Source, there is still value in the OSI brand and its stamp of approval on a license.

Those who want to be crystal clear, should probably always say OSI Approved Open Source License.

Now, I’m off to have a Nescafé Approved Coffee.

Lots of ideas are patented, especially by large companies. Some ideas are pursued by the company themselves, while others sit in the patent war chest to (maybe) generate passive income and help with future litigation. Very occasionally they are used for prevention.

Regardless, such a system would be a reason for many people to avoid buying a particular car or brand of car.

I switched to flatpak steam because of this issue with a couple of games. Still annoyed that arch’s glibc maintainer removed the eac patch.

Deemix is a good way to build up your local cache from Deezer, at which point you can serve it locally.

It will mess with artist renumeration though (which seems important to you), so you might want to find another way to compensate your favourite artists.

You need training material for negative prompts too.

In some countries private law firms chase down infringers on behalf of copyright holders. They then attempt shakedowns with the threat of legal action if you don’t pay. They have a financial interest to catch people, and moral compasses vary.

Also, mistakes can happen (you, your family, guests using your wifi, in the courts, in the ISPs, in the law firms, in the tech they are using to identify people). Shit happens.

And if (when) it happens, then you would still have to deal with it, costing you time and money.

Understand the risks and make choices to minimize them if you can.

Apparmor profiles can be applied to an executable - the profile is then (if so configured) inherited by subprocesses. In my case I have a launch script to run lutris in a safe mode. It also changes the effective gid to be matched by some iptables rules (it was easier than creating a new network namespace, which is also possible). The script then checks that the Internet is inaccessible and that reading/writing to secured paths is denied before launching lutris.

Similarly I have a “safe” script to wrap other commands with an apparmor profile that stops most writes to my homedir/reads from some secure locations, which I often use to run scripts/programs from the Internet.

My sudo also requires a password (or a special keyboard combination, thanks to a custom pam configuration).

All that said and done, I’m sure I’ll be caught off guard one day.

I run a particular online windows game in a modded offline mode under Linux in network isolation and with a restricted apparmor profile. So far so good. Logs show no attempts to break out, except for the smoke test I run to ensure the sandbox is working. This is as much because of the random mods I install as the original devs (who could ban my online account).

On Windows, a VM would indeed be safer. GPU passthrough is possible … I guess easier with Windows using an onboard GPU, then passing a discrete GPU to the VM. You’ll lose some performance with a VM regardless, but it’s easy to disable networking, back up and restore from a known good state, and burn it to the ground when needed.

Probably not your issue, but high dpi mice and some wine games don’t mix well. I bought a cheap low dpi usb mouse after discovering this.

Your friends will find you wherever you are and will continue asking you such questions. There is no escape.

If you want fast GPS coordinates, then you give more location hints. Local privacy regulations apply.

Where in the world is Carmen Sandiego and Commander Keen … wait a second, the time machine’s dial is broken.

I only eat vegans. Would that count?

Who cares?

My company’s 9,000 CentOS machines and over 100,000 containers now mostly run Amazon Linux or Alpine. Rocky Linux was preferred by some, but we led the way and the rest followed. Our final licensed RH systems will also disappear this quarter (legacies of a DC-centric era), and we will be free of them.

It was inertia that kept us with RH, but their bad faith moves kicked us into action. We now have better security tooling and processes all around, too.

Good riddance, Red Hat (and IBM, until your next acquisition and corporate strangling)!

There is no point waiting for a response…the threat has been neutralized. Now repeat after me: There is no AGI.