Care to elaborate? Proxmox’s paid tier is long term support for their older releaes, and paid support. The main code is entirely free, with no features gated behind paywalls or anything like that.

Check out turbowarp, an ultra fast reimplementation of scratch.

I’ve seen games that only worked in turbowarp.

Custom editors are probably needed.

https://github.com/trelby/trelby ?

https://trelby.org/

Found here: https://wiki.archlinux.org/title/List_of_applications/Documents#Screenwriting

Kde’s spectacle (screenshot utility) does this by default now.

I don’t see any mention of games so far.

A minecraft server is always a good time with friends, and there are hundreds of other game servers you can self host.

Syd3, and gvisor, a similar project in go aren’t really sandboxes but instead user mode emulation of the linux kernel. I consider them more secure than virtual machines because code that programs run is not directly executed on your cpu.

Although syd3 doesn’t seem to emulate every syscall, only some, I know rhat gvisor does emulate every syscall.

If you compare CVE’s for gvisor and CVE’s for xen/kvm, you’ll see that they are worlds apart.

Xen has 25 pages: https://app.opencve.io/cve/?vendor=xen

Gvisor has 1: https://app.opencve.io/cve/?q=gvisor

Now, gvisor is a much newer product, but it is still a full 7 years old compared to xen’s 22 years of history. For something that is a third of the age, it has 1/25th of the cve’s.

There is a very real argument to be made that the hardened openbsd kernel, when combined with openbsd’s sandboxing, is more secure than xen, which you brought up.

I don’t know what the commenter you replied to is talking about, but systemd has it’s own firewalling and sandboxing capabilities. They probably mean that they don’t use docker for deployment of services at all.

Here is a blogpost about systemd’s firewall capabilities: https://www.ctrl.blog/entry/systemd-application-firewall.html

Here is a blogpost about systemd’s sandboxing: https://www.redhat.com/en/blog/mastering-systemd

Here is the archwiki’s docs about drop in units: https://wiki.archlinux.org/title/Systemd#Drop-in_files

I can understand why someone would like this, but this seems like a lot to learn and configure, whereas podman/docker deny most capabilities and network permissions by default.

Is your flux config public?

99.9999% of freecell games are winnable. Very nice, and one of the reasons I preferred freecell.

I understand the technical challenges with running x86 apps on arm… but multiple wrappers that do something similar to proton have already been released.

If you follow the r/emulationonandroid subreddit, they have gotten PC games working on android for a while now. One of the wrappers, gamehub, has made it to the playstore. You can just sign in to your steam account (don’t do that gamehub is sketchy af, proprietary, and by a company that stole gpl code fro, yuzu and didn’t release a derivative product), download games, and play them.

The current concern is performance, but most lower and midrange games run just fine.

Despite all the warnings not to install kali linux, I decided to install kali linux and I am now encountering an issue I would not face had I chosen to use a linux distro designed with normal desktop use in mind. Can anyone help me?

Actually, modern kali is a lot more usable than the older kali. Kali used to only have a root user, so chromium and electron apps wouldn’t start since they don’t run as root.

Despite this, nowadays I generally recommend new people away from kali, because I believe the process of installing the tools that kali provides on other distros is a valuable learning experience.

Kali is great for the professional, but but learners I prefer they get to experience the package manager or other aspects of system management.

As simpler and easier to use alternatives, check out voidauth and kanidm.

I don’t really understand why this is a concern with docker. Are there any particular features you want from version 29 that version 26 doesn’t offer?

The entire point of docker is that it doesn’t really matter what version of docker you have, the containers can still run.

Debian’s version of docker receives security updates in a timely manner, which should be enough.

I recommend libvirt + virt-manager as an alternative to hyper v.

The cool thing about virt manager is you can do it over ssh.

You are adding a new repo, but you should know that the debian repos already contain docker (via docker.io) and docker-compose.

I use authentik, which emables single sign on (the same account) between services.

Authentik is a bit complex and irritating at times, so I would recommend voidauth or kanidm as alternatives for most self hosters.

Except debian testing doesn’t receive security updates in a timely manner.

It’s designed exclusively for testing, not really for people to actually use it.

Would you use the cli?

One of the cool things I liked about calibre is that extensions worked via the cli interface as well, which made it easy to do batch workflows of operations on ebooks.

No, they added a beta vpn feature.

Does it require docker installed and being in the docker group, with the docker daemon running?

Just an FYI, having the ability to create containers and do other docker is equivalent to root: https://docs.docker.com/engine/security/#docker-daemon-attack-surface

It’s not really accurate to say that your playbooks don’t require root to run when they basically do.