overview for myersguy

NAS / NAS + server? Unraid, Proxmox, Intel, AMD? Looking for guidance. in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 1 points 1 year ago* (last edited 1 year ago)

im a big fan of the nas device being single purpose. its life should only exist in fileserving. i have several redundant nas devices and then a big ol app server.

This is the way. Except my "big ol' app server" is an n95 mini pc that sips power.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 1 points 1 year ago

Because even if an attacker could gain access even as root he cannot modify system files.

Your comment was already from the position of if an attacker could gain root access. My responses were to that directly, and nothing else.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 2 points 1 year ago (1 children)

Your comment also contained

The filesystem itself is also read-only.

Which is what led to the further discussion of root making that not so.

I don't believe that to be the intent of the OP's comment, given their second sentence, but they are welcome to state otherwise. I just don't want them thinking that an immutable distribution gives them some kind of bulletproof security that it doesn't.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 1 points 1 year ago* (last edited 1 year ago) (3 children)

While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?

The original context for the comment chain was:

Because even if an attacker could gain access even as root he cannot modify system files.

So no, it's completely relevant.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 2 points 1 year ago (7 children)

Someone with root can run ostree admin unlock --hotfix to make /usr writable. Someone with root can also delete all restore points.

It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.

See the comment by superkret.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 5 points 1 year ago* (last edited 1 year ago) (11 children)

An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

That would be true of podman running anywhere, and is not unique to an immutable distribution.

The filesystem itself is also read-only.

You can change that real quick if you have root access.

Silverblue or other immutable on remote VPS? in c/selfhosted@lemmy.world

[–] myersguy@lemmy.simpl.website 9 points 1 year ago (14 children)

Because even if an attacker could gain access even as root he cannot modify system files.

They 100% can.

AlternativeTo: a resource I wish I would have had when I started using Linux in c/opensource@lemmy.ml

[–] myersguy@lemmy.simpl.website 12 points 1 year ago

I really appreciate Open Source Alternative To for this (although their theme seems a little broken atm).

Microsoft donates the Mono Project to the Wine team in c/technology@lemmy.world

[–] myersguy@lemmy.simpl.website 6 points 1 year ago (1 children)

The "down" was definitely edited after the fact.

Microsoft donates the Mono Project to the Wine team in c/technology@lemmy.world

[–] myersguy@lemmy.simpl.website 18 points 1 year ago (2 children)

Thanks! Not quite as wild as I was expecting (kind of surprised this was enough to push them to delete their account)

Microsoft donates the Mono Project to the Wine team in c/technology@lemmy.world

[–] myersguy@lemmy.simpl.website 18 points 1 year ago (60 children)

Do you have any sources for this?

Quiblr -- web fedi client in c/foss@beehaw.org

[–] myersguy@lemmy.simpl.website 12 points 1 year ago* (last edited 1 year ago) (3 children)

The GitHub says they plan on adding other fediverse connections in the future.