I found KDE Simon, and Numen … I’ve only ever used a commercial product, Dragon Naturally Speaking, many years ago. It was used so I could speak instead of typing texts but it did have functions to assign commands as well - don’t think it worked on Linux though.
Both Docker and Podman pretty much handle all of those so I think you’re good. The last aspect about networking can easily be fixed with a few iptables/nftables/firewalld rules. One final addition could be NGINX in front of web services or something dedicated to handling web requests on the open Internet to reduce potential exploits in the embedded web servers in your apps. But other than that, you’ve got it all covered yourself.
There’s all the options needed to limit CPU usage, memory usage or generally prevent using up all the system’s resources in docker/podman-compose files as well.
If you want an additional layer of security, you could also run it all in a VM, so a container escape leads to a VM that does nothing else but run containers. So another major layer to break.
Might want to check out Ubuntu Unity. It was made more Netbooks(when those where a thing) and Touchscreens. But as another poster pointed out Bliss looks really nice for this use case
I’ll look at that, thanks! I put Bliss on one and I’m not really happy with it yet. Just trying to type my wifi password had the UI wigging out on me, had to use a usb kb just to type the pass. I’ll look into Ubuntu Unity tho, thanks!
one of the issues I have with mobile linux is flutter has some really good apps, but when you try to use them on linux the performance plummets, this makes a whole slew of great touch primary applications unusable.
this article was pretty hard to read, but I greatly disagree with android having bad UX, maybe for some users but to me android’s UX is pretty great
while I was writing this comment I came across this: LinVAM which sounds like exactly what you are looking for. But, if that doesn’t work out for you here’s what I was originally writing:
Voice Attack may fit your needs.
BUT
it’s not Linux native.
It’s not free.
However, my research does suggest that it works in Linux via proton/wine, and so it may serve your needs since what you’ve described is basically exactly that software’s whole purpose. It’s popular for adding voice control to games by mapping voice commands to game controls.
i am sure LinVAM works great but i am on wayland so will have to give it a miss, also voice attack is a goto but i am unable to find how to use it in linux, theres a reddit post but deleted
It’s available on Steam, so you could get it there and run it through Proton. I don’t know how well it works there like that, but if it doesn’t work you could refund it.
Do you know what those dependencies are? They may be installable using protontricks, or manually via wine into the prefix if that doesn’t work. I have had some luck doing that for other software in the past that required dependencies that weren’t satisfied.
Secure your network. Worry less about escalations in your containers. You’re thinking too deeply about what is essentially a rabbit hole with a dead end for the most part, and if you don’t understand why in the first place, you should read more to understand exactly what you’re afraid of.
If you’re thinking that on your personal home network (which should be reasonably secured anyway) that someone will get physical access, then get on your network and start scanning everything, then find the ports you have open on every host, then identify the specific versions of the http servers hosting your software, then run exploits to get past any authentication which should be there, THEN have superhax ready to escalate privileges on the container runtimes so they can run remote executions…that’s all they’ll be able to do unless you have volume mounts allowing access to your stuff everywhere in said containers.
If you live in fear of everything, you’ll get nothing done.
Completely tangential tip, but in the very-limited video editing I’ve done recently: I’ve used Davinci Resolve, rendered as .mov, and then used ffmpeg to render to my actual desired format. e.g. h264 w/ aac audio so I can upload to Youtube:
I do think that finding the right flags to pass to ffmpeg is a cursed art. Do I need to specify the video profile and the pix_fmt? I don’t know; I thought I did when I adventured to collect these flags. Though maybe it’s just a reflection of the video-codec horrors lurking within all video rendering pipelines.
edit: there may also be nvidia-accelerated encoders, like h264_nvenc, see ffmpeg -codecs 2>/dev/null | grep -i ‘h.264’. I’m not sure if the profile:v and pix_fmt options apply to other encoders or just libopenh264.
using openh264… well that’s a choice. I would recommend to everyone that they use x264 whenever possible, and make sure to specify output crf and likely preset when you fo
A couple other things, you generally want to do pixel format conversion before the codec, is specified. You should be able to get satisfactory results with ffmpeg -i input.mpv -pix_fmt yuv420p -c:v libx264 -preset medium -crf 24 -c:a aac output.mp4 Play with preset a bit since that is where your Quality/Compression : Speed ratio comes in, CRF is the quality it handles. So you set CRF for a ballpark quality you want, then change the preset, slower = higher compression, faster = lower compression.
haha, yeah figuring out those ffmpeg flags is an absolute nightmare. My problem there isn’t so much the output format from Resolve, but source format I’m using. My camera only has the option to record in H.264/H.265 (consumer grade, what can you expect?) which Resolve can’t properly import on Linux. I could take the time to transcode them with ffmpeg before editing, but I’m usually working with ~2 hours worth of video per project and I don’t really want to wait all day for a transcode job to finish before I can even begin editing. On top of that my camera (rather neatly) generates its own proxy files while recording, and I’ve found leveraging these is necessary for getting good timeline performance on my aging rig. Now I could let Resolve generate its own proxy clips like I have in the past, but that’s more time waiting around before editing. I was SUPER stoked to see Kdenlive can natively utilize the proxy clips my camera generates.
Disclaimer: I don’t know much about securing the container itself. The considerations I discuss here are mostly networking.
What I’ve personally been doing is using k3s with Cloudflare Tunnel (routed using DNS like in this documentation) as an ingress.
With Cloudflare Tunnel, if you create an application in front of it, you can require authentication and add a list of allowed emails.
I could replace k3s with a different Kubernetes distribution, and/or replace Cloudflare Tunnel with a different ingress (e.g., Tailscale Funnel or more common ingresses like nginx).
I think the container piece is probably the least of your concerns here honestly. The biggest thing you’ll want to focus on is the ingress networking layer, but that won’t really be any different than if you were running the app normally. Generally exposing ports from your home network to the internet is not a great idea, and you try to use something like cloudflare or get a cheap cloud VPS with a reverse proxy connected to the container host via VPN.
But for general container security practice, what you mentioned is good. You could also look at the Docker CIS Benchmark for more good security practices. And container scanning tools like trivy or anchore syft/grype to identify vulnerabilities in your containers. But again this is secondary to the networking layer in my opinion.
linux
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.