The “tank” has an immobile or mostly immobile turret, depending on the particular design of this piece of battlefield ingenuity. Units appear to be making these modifications at the frontline to improve survivability against FPV drones but there isn’t a standard package.

Some HP printers require proprietary firmware be loaded over USB. You could try hplip but I found that although my printer is explicitly supported it couldn’t identify it via device ID.

Pay them for a public ipv4.

TL;DR don’t worry (for now) - it only impacts rpm and deb builds and impacted releases only really made it into OpenSuSe tumbleweed - if you’re running bleeding edge maybe you need to worry a little.

A laymans explanation about what happens is that the malicious package uses an indirect linkage (via systemd) to openssh and overrides a crypto function which either:

• allows access to the system to a particular key
• allows remote code execution with a particular key

Or both!

I have secondhand info that privately the reverse engineering is more advanced, but nobody wants to lead with bad info.

As for what you should do? Unless you’re running an rpm or deb based distro and you have version 5.6.0 or 5.6.1 of xz-utils installed, not much. If you are, well, that comes down to your threat model and paranoia level: either upgrade (downgrade) the package to a non-vulnerable version or dust off and nuke the site from orbit; it’s the only way to be sure.

I’m sorry, but no. PluralKit only really impacts a tiny minority of the userbase to begin with. It isn’t enough to cause people outside that group to choose the platform, nor is it enough for people outside of that minority to avoid moving to whatever the next big thing is.

We have Kubler which makes Gentoo -based images. It does a great job of enabling you to toggle dependencies that you need and building a slim, hardened image.

Edit: lddsucks, try libtree instead.

Not quite what you’re asking for, but I’ve been using Bcachefs in production for nearly 18 months now on a ~120 tb pool. The tooling is great and incredibly simple to use.

Use a shared on-disk volume mount, i.e.:

volumes:
  - /data/docker/stuff:/whatever

In both compose files.

I use a similar mechanism to enable my media acquisition stack to grab completed files and store them in their permanent location.

Edit: you can just use the same volume in both containers at the same time, but you’d typically use an NFS mount or something if / when you try and scale this out. You probably just got the volume definition a little off (or need to create it outside both containers definitions and use it there)

It may or may not work, unfortunately.

I successfully ran 2x32GB in a Dell XPS 15 that “didn’t support” it, because the larger DIMMs didn’t exist at the time it was designed and documentation was done up.

It’s not going to hurt to try, but if you have two DIMM slots it’s worth a shot; the slots are already wired up to address lines! Maybe try with one first?

Edit: the CPU specs say that it supports 64GB and only up to two memory channels. It’s looking pretty good on that end.

I’m not worried about that 😎

You should be. Your name will be associated with abuse forevermore.

The admins can tell me what’s the frequency/number they’re comfortable w/ and I can reconfigure the solution.

Or you can set some sane defaults and a timeout period. 1 request / 5 mins is fine to check if something is online and responding.

It’s just the M113.

Gavin is a made-up designation by one Mike Sparks who earnestly believes that it’s the best vehicle ever made and replacing it was a terrible mistake.

If you added wings and bolt on some javelin launchers though you might make Mike proud.

BareOS is a great open source option. The GUI is a webUI but you also have a powerful console on the shell if you need to script.

I have a multi-WAN configuration on my router, with ipv6 VDSL then ipv4 VDSL then a prepaid 4G modem as the backup link. I rarely fail over but it’s been fantastic watching traffic stats when it does.

My only downside is the CGNAT on that connection that prevents things like a backup VPN gateway…

Simply refuting the BS claim that it’s impossible for there to be a Linux virus.

This one existed, therefore the claim is false.

There are still no viruses for Linux … because it’s not possible.

Here is just one example that proves your assertion wrong.

https://www.f-secure.com/v-descs/slapper.shtml

There are no viruses for Linux.

Blatant lies.

https://en.m.wikipedia.org/wiki/Linux_malware

Oh hey.

I’ve done this in a ton of different ways.

Manually, viis GitLab CI/CD, CI/CD with Kaniko.

My current favourite though is Kubler; I did a write-up for Lemmy a little while ago: https://lemmy.srcfiles.zip/post/32334

It’s fine with Let’sEncrypt via the DNS01 challenge; my lab typically only uses one wildcard certificate for all the services there unless I have a specific need to generate an indovidual cert for a service.

At the end of the day Traefik isn’t that hard, especially if you know the core concepts; if you know both and have a need for Traefik I’d just use that everywhere.

Here’s the secret to stuff like this:

Run a single reverse proxy / edge router for all of your containerised services.

I recommend Traefik - https://gitlab.com/Matt.Jolly/traefik-grafana-prometheus-docker

You can configure services with labels attached to the container and (almost) never expose ports directly. It also lets you host an arbitrary number of services listening on 80/443.

An example config might look like this:

# docker-compose.yml
version: '3.9'

services:
  bitwarden:
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - /data/vaultwarden/:/data
    environment:
#      - ADMIN_TOKEN=
      - WEBSOCKET_ENABLED=true
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencrypt
      - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
      - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
      - traefik.http.routers.bitwarden-ui-https.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
      - traefik.http.routers.bitwarden-ui-http.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`my.domain.com) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`my.domain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012