one of the issues I have with mobile linux is flutter has some really good apps, but when you try to use them on linux the performance plummets, this makes a whole slew of great touch primary applications unusable.
this article was pretty hard to read, but I greatly disagree with android having bad UX, maybe for some users but to me android’s UX is pretty great
Secure your network. Worry less about escalations in your containers. You’re thinking too deeply about what is essentially a rabbit hole with a dead end for the most part, and if you don’t understand why in the first place, you should read more to understand exactly what you’re afraid of.
If you’re thinking that on your personal home network (which should be reasonably secured anyway) that someone will get physical access, then get on your network and start scanning everything, then find the ports you have open on every host, then identify the specific versions of the http servers hosting your software, then run exploits to get past any authentication which should be there, THEN have superhax ready to escalate privileges on the container runtimes so they can run remote executions…that’s all they’ll be able to do unless you have volume mounts allowing access to your stuff everywhere in said containers.
If you live in fear of everything, you’ll get nothing done.
Disclaimer: I don’t know much about securing the container itself. The considerations I discuss here are mostly networking.
What I’ve personally been doing is using k3s with Cloudflare Tunnel (routed using DNS like in this documentation) as an ingress.
With Cloudflare Tunnel, if you create an application in front of it, you can require authentication and add a list of allowed emails.
I could replace k3s with a different Kubernetes distribution, and/or replace Cloudflare Tunnel with a different ingress (e.g., Tailscale Funnel or more common ingresses like nginx).
I think the container piece is probably the least of your concerns here honestly. The biggest thing you’ll want to focus on is the ingress networking layer, but that won’t really be any different than if you were running the app normally. Generally exposing ports from your home network to the internet is not a great idea, and you try to use something like cloudflare or get a cheap cloud VPS with a reverse proxy connected to the container host via VPN.
But for general container security practice, what you mentioned is good. You could also look at the Docker CIS Benchmark for more good security practices. And container scanning tools like trivy or anchore syft/grype to identify vulnerabilities in your containers. But again this is secondary to the networking layer in my opinion.
Yes, he is been using arch for almost year and a half but he has never managed to make the drivers work, this pakage unfortunatley didn´t work neither when he tried himself or now while I’m trying to help him, thanks btw
Use anything you want. All distros should support those packages, use what you’re the most comfortable with.
I personally would recommend Fedora Silverblue/ it’s other atomic variants or uBlue especially.
It’s pretty much unbreakable, modern and supports ALL distros’ package managers through Distrobox. It’s also pretty simple in my opinion, since you pretty much don’t have to worry about traditional package management.
I think you’re searching something reliable and simple, so this would be a solid choice.
Automatic updates, they install Software as Flatpaks, GNOME is good for Tablets.
As the RAM is very low, maybe regular Fedora Workstation though. Or you layer all the Packages as RPMs, which is also totally possible.
Depends entirely on how many things these tablets should do.
webbrowser: Brave or Firefox
drm video: available in both
social media: easy as webapps with chromium/brave
youtube: freetube
signal, other messengers: flatpak best
In general Flatpak apps are often working better, on Ubuntu and Fedora base for me. Arch may be something different, but no way unless its controlled like on steamOS. Immutable Arch with tested updates would be great.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.