It’s neat that this exists, but not neat if someone hosts it for a year, a bunch of fed users rely on it and share a bunch of links using it, and then the hoster takes it down for whatever reason, and now there are a bunch of dead links littered all over the place.
Even less neat if some malicious group can then buy the lapsed domain and forward all those dead links to ads and viruses.
Please host responsibly, is all I’m saying.
I would go a step further and say that any time one of these MAC systems has to resort to user interaction to do its job, it’s a straight up failure case: the system simply didn’t have enough information to do its job, ended up doing no better than a blanket “block everything” config, and is asking the user to do 100% of the heavy lifting of determining what should happen.
So, when I hear
If someone is lazy or not knowledgeable enough to make the right decision…No automated system can protect [them].
I hear: “every access control system is fundamentally broken”. Which is fine, maybe that’s true, there’s a reason social engineering is so useful. So then all these systems should prioritize streamlining that failure case as much as possible: Tell the user what is accessing what, when, how, and then make it trivial to temporarily (with well defined limits), permanently, (or even volatile-y using CoW/containerization/overlay fs) grant or deny access as quickly and easily as possible.
Every other system you’re comparing SELinux, AFAIK, handles this case better, which is why users tend to prefer them.
For the record, I’m not arguing that SELinux is bad at the actual access control part, I’m only answering why people don’t like using it, which is how it handles the failure case part. Now it’s been a while since I’ve used SELinux and I’ve never used setroubleshooter, but if you tell me it actually streamlines all of this to be smoother than every other tool, then I’ll install it tonight!
How do you know when you’re letting through a valid access, an unnecessary one that could be a vulnerability, and an actively malicious one?
I don’t think anyone is saying throw out all access control, they’re just saying SELinux adds too much unproductive friction for everyday usage. You said it takes 15m to troubleshoot. But that’s not a one time thing, that’s 15m that scales with the amount of new programs and updates you’re running. And 90% of people aren’t even going to be able to tell they’re looking at a malicious access if they’re in the habit of always working around blocks that show up.
Is this running in your rc (i.e. every single time you open a terminal)? Even if it’s safe, I’d be annoyed by any delay.
It’s not sunk cost, dude. We agreed that $120 will get them 5 years of service that meets their needs. Even if they switch to jellyfin after 5 years, they still got their money’s worth.
It’s only sunk cost if they are worse off than if they had switched earlier. I guess if you’re arguing that they would still have $120 if they switch today, I would argue they should still pay that $120 toward jellyfin’s development. And that’s assuming they have time to switch to jellyfin AND it fits 100% of their usecases, either of which could be untrue.
Or Plex currently does everything they need it to, and $120 for 5+ years of keeping that going without any interruption of service is very reasonable. In the meantime, jellyfin will only get better and there might even be other options available by then.
Stop trying to make the issue black and white, one-size-fits-all. There are perfectly legitimate reasons for people to use both Plex and Jellyfin.
So, when you say crippled kernel, do you actually mean you tweaked the kernel params/build to the point that it failed to boot? Or do you just mean you messed up some package config to the point that the normal boot sequence didn’t get you to a place you knew how to recover from and need to reinstall from scratch?
I think I’m past the point where I need to do a full reinstall to recover from my mistakes. As long as I get a shell, I can usually undo whatever I did. I have btrfs+timeshift also set up, but I’ve never had to use it.
Hah, they’re TrueNAS BSD jails, but yes, now I need to figure out how to rename the “Jails” tab in my UI to overlords.
Also, all the extra work my self-hosting endeavors generate is “creep”.
I use zerg units.
As i understand it, the OEM business has razor thin margins as it is. This seems like an aggressively unsustainable business practice, to the point that it’s making me wonder what their game is…
No, it doesn’t matter if the book is at a library or on my friend’s bookshelf, copyright law is literally the right to copy the thing. So if I make an illegal copy, I’m breaking copyright law. The “ToS” I’ve “agreed” to is the law of the country I’m in.
Afaik the cookie policy on your site is not GDPR compliant, at least how it is currently worded. If all cookies are “technically necessary” for function of the site, then I think all you need to do is say that. (I think for a wiki it’s acceptable to require clients to allow caching of image data, so your server doesn’t have to pay for more bandwidth).
My recommendation would be, have two machines: new hw for all your services, and use the old hw for your NAS. Each could be whatever OS you’re comfortable with using. Most everything on the services machine could be in docker configs, including network mount points to the NAS. You might be able to get away with using the 1080TI in the services box depending on what all you want to do (AI stuff, or newer stream transcoding requirements may require newer hw).
Moving the data from the old NAS to a new one without new disks will be a challenge, yes.
I have a TrueNAS box and used jails for services. I recently set up a debian box separately, and am switching from jails on truenas to docker on debian. Wish I had done this from the start.
I’d venture to guess this isn’t the first time Linus has had to deal with devs who have ideological disagreements and one quits. It’s not also his job to keep that from happening. What he said is true, there’s a process they have for maintaining Linux, and it doesn’t involve flame wars on social media…it involves flame wars over email 😅.
But seriously, if a devs are going to get upset at each other and rage quit, it’s not Linus’ job to play mediator.
Is it using wayland? I think we were able to install KDE through the software manager, but only the X version.
If you had asked me Q1 a month ago, I would have said yes (and in general, it is a yes, with enough effort). But i run endeavour (arch) and my partner runs mint (which ships with the Cinnamon WM), and a few weeks ago I recommended that she try out KDE Plasma for its wayland support. Turns out, this is not something the mint community supports, you can’t just install it through their software manager, and the mint forums will all tell you to switch to another distro that supports KDE. Meanwhile, on arch, I expect to be able to install it through pacman, choose it from SDDM, and I’m done. Maybe tweak something in my .config, but it’s all downhill from there.
Just a datapoint. Some distros (and their communities) seem to be more receptive to experimentation than others, which can make trying new things easier/harder.
I would recommend fedora, debian, or endeavour + KDE/gnome. Good luck!
Wow, I’m impressed you actually got that working. Sounds like quite a hack.
Ooo, the MR it links to is 10mo old and still open.
Ah, I guess the HDR support in Wayland is still exposed via an “experimental” interface. But it looks like a handful of Wayland compositors support it, including wlroots which a bunch of smaller compositors are based off of.
It did really take off about 5 years ago.