chameleon
@chameleon@fedia.io
i'm lizard
- Comment on Google to purge low-quality apps from the Play Store with new policy starting next month 3 months ago:
Eh. I've been on the receiving end of one of those inboxes and the spam is absolutely, utterly unbearable. Coming up with a better system than a publicly listed email address is on Google at this point, because there is no reasonable way to provide support when you need a spam filter tuned up to such a level that all legitimate mail also ends up in spam.
- Comment on Security and docker 3 months ago:
Personally, I do believe that rootless Docker/Podman have a strong enough security boundary for personal/individual self-hosting where you have decent trust in the software you're running. Linux privilege escalation and container escape exploits fetch decent amounts of money on the exploit market, and nobody's gonna waste them on some people running software ending in *arr when Zerodium will pay five figures for a local privilege escalation or container escape. If you're running a business or you might be targeted for whatever reason (journalist or whatever) then that doesn't apply.
If you want more security, there are container runtimes that do cooler security stuff under the hood, like Firecracker/Kata Containers implementing a managed VM, or Google's gVisor which very strongly intercepts kernel syscalls and essentially reimplements Linux in userspace. Those are used by AWS and Google Cloud respectively. You can integrate those into Docker, though not all networking/etc options are supported.
- Comment on CrowdStrike Isn't the Real Problem 3 months ago:
That's because they had a lot of people "buying the dip". CS is in a very similar position to SolarWinds during their 2020 security slipup. The extent of managerial issues there should've been unforgivable but unfortunately they got away with it and are doing just fine nowadays.
- Comment on To what extent, if at all, would have CrowdStrike's faulty update have been made easier to deal with with an immutable distro? 3 months ago:
Realistically, immutability wouldn't have made a difference. Definition updates like this are generally not considered part of the provisioned OS (since they change somewhere around hourly) and would go into
/var
or the like, which is mutable persistent state on nearly every otherwise immutable OS. Snapshots like Timeshift are more likely to help. - Comment on Help with a AMD GPU in truenas scale 3 months ago:
For that card, you probably have to set the
radeon.si_support=0 amdgpu.si_support=1
kernel options to allow amdgpu to work. I don't have a TrueNAS system laying around so I don't know what the idiomatic way to change them is.Using amdgpu on that card has been considered experimental ever since it was added like 6 years ago, and nobody has invested any real efforts to stabilize it. It's entirely possible that amdgpu on that card is simply never gonna work. But yeah I think the radeon driver isn't really fully functional anymore either, so I guess it's worth a shot...