I have a Microsoft Surface tablet and Fedora with GNOME works pretty well on it. I usually use a stylus or the magnetic keyboard with it but when I do use the touch screen I dont encounter issues. I use PaperWM on top of GNOME and it makes it all so easy to use.
Isolate them from your main network. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
Only expose required services (nginx, game server, program x) to the Internet. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
Use your firewall to restrict what countries are allowed to access your server. If you’re just doing it for a few friends only allow incoming connection from your country (wiki.nftables.org/wiki-nftables/…/GeoIP_matching)
Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. This is a decent setup guide digitalocean.com/…/how-to-set-up-wireguard-on-deb… and you might use this GUI to add/remove clients easily github.com/ngoduykhanh/wireguard-ui
For data science, it depends on what GPU you plan to use. If it’s an Nvidia brand GPU, go with Ubuntu or Fedora. I say from personal experience that it is easier to get Nvidia drivers working on Ubuntu or Fedora than on most other distros I have tried. If it is a Radeon GPU, it will work fine on pretty much any distro at all since Radeon does a good job following Linux standard APIs for graphics card drivers, so for Radeon products I would also recommend Debian or Mint (along side Fedora and Ubuntu).
Could it be that the manjaro repos have older versions of the HIP runtimes then what blender 4.0 is built for? Just a thought. Either way I would report it to the blender devs so they can fix it if it’s a bug
Not to replace the great advice here but if you can use a distroless image (you likely need to make it yourself) then an attacker would have a hell of a time exploiting your system. When attackers find a weakness their goal is usually to gain access to a shell; distroless images don’t have one. By the time they figure this out (or hopefully before) you should’ve detected their presence.
Also, check your logs regularly. Prevention is good but it doesn’t replace monitoring.
This is going to be unpopular, but you can easily compile both Python and R and configure them to your liking. For Python you can even use Anaconda3 and forget about installing most packages by yourself.
As for Julia, I usually just install the precompiled binary package.
So, any distribution you feel comfortable with will do.
Kernel exploits. Containers logically isolate resources but they’re still effectively running as processes on the same kernel sharing the same hardware. There was one of those just last year: blog.aquasec.com/cve-2022-0185-linux-kernel-conta…
Virtual machines are a whole other beast because the isolation is enforced at the hardware level, so you have to exploit hardware vulnerabilities like Spectre or a virtual device like a couple years ago some people found a breakout bug in the old floppy emulation driver that still gets assigned to VMs by default in QEMU.
Security comes in layers, so if you’re serious about security you do in fact plan for things like that. You always want to limit the blast radius if your security measures fail. And most of the big cloud providers do that for their container/kubernetes offerings.
If you run portainer for example and that one gets breached, that’s essentially free container escape because you can trick Docker into mounting and exposing what you need from the host to escape. It’s not uncommon for people to sometimes give more permissions than the container really needs.
It’s not like making a VM dedicated to running your containers cost anything. It’s basically free. I don’t do it all the time, but if it’s exposed to the Internet and there’s other stuff on the box I want to be hard to get into, like if it runs on my home server or desktop, then it definitely gets a VM.
Otherwise, why even bother putting your apps in containers? You could also just make the apps themselves fully secure and unbreachable. Why do we need a container for isolation? One should assume the app’s security measures are working, right?
If they can find a kernel exploit they might find a hardware exploit too. There’s no rational reason to assume containers are more likely to fail than VMs, just bias.
Oh and you can fix a kernel exploit with an update, good luck fixing a hardware exploit.
Now you’re probably going to tell me how a hardware exploit is so unlikely but since we’re playing make believe I can make it as likely it suits my argument, right?
In the cold and desolation; the mad wizard had been eeking out his existence letting the wild know about the horrors that awaited them in Redmondland.
But few listened
Then slowly the kings of Redmondland began to become more crazed in their power; wanting more and more from their subjects. Until a few, a small band of subjects took off their blinders and released the kingdom had spread so far that the mad wizard Linus was in their midst.
They stopped and listened to him
They grew tired of telling the king about everything they did and needing his permission to do anything in their own lives.
The mad wizard wasn’t crazy… he was just upset; it was the king who’d gone mad wanting to control his kingdom…
It’s basically the same time I started using Linux somewhat more. I didn’t go Windows-free until 2007 though and then returned to Windows because I needed it for something with my Master’s thesis. I kind of shudder at the thought how my old setups looked under the hood. You learn a lot in 18 years… Probably copy-pasted a lot of shell commands back then. But UT2k4 in its OpenGL glory was worth it
It’s funny how conservative Windows is, it still has components from the NT.
That calling: ensuring things are compatible with old software and not fucking your users over. Just for fun I tried to install Photoshop 6 from 2000 on Windows 11 and it works just fine. Same goes for MS Office 2003.
Why bother with Windows? Mostly the same reasons moving from Windows to a Mac can be a pain, however on macOS you get better professional software support and less reasons to virtualize Windows from time to time. To be fair, what’s the point of using X operating system if some of the tools you need require a virtual machine or you’ve to use alternatives that are sub-par, will make you waste time and have a worse experience. Again even under macOS with Microsoft’s own MS Office for Mac things sometimes aren’t as compatible as they should be.
Linux desktop is great, I love it but I don’t sugar coat it nor I’m delusional like most posting about it. Here is a list of cases that aren’t easy to deal in Linux:
People who need the real MS Office because once you have to collaborate with others Open/Libre/OnlyOffice won’t cut it;
Designers who use Adobe apps that won’t run properly without having a dedicated GPU, passthrough and a some hacky way to get the image back into your main system that will cause noticeable delays;
People that run old software / games because not even those will run properly on Wine;
Electrical engineers: Circuit Design Suite (Multisim and Ultiboard) are primarily designed for Windows. Alternatives such as KiCad and EasyEDA may work in some cases but they aren’t great if you’ve to collaborate with others who use Circuit Design Suite;
Labs that require data acquisition from specialized hardware because companies making that hardware won’t make drivers and software for Linux;
Architects: AutoCAD isn’t available (not even the limited web version works) and Libre/FreeCAD don’t cut it if you’ve to collaborate with AutoCAD users;
Developers and sysadmins, because not everyone is using Docker and Github actions to deploy applications to some proprietary cloud solution. Finding a properly working FTP/SFTP/FTPS desktop client (similar WinSCP or Cyberduck) is an impossible task as the ones that exist fail even at basic tasks like dragging and dropping a file.
If one lives in a bubble and doesn’t to collaborate with others then native Linux apps might work and might even deliver a decent workflow. Once collaboration with Windows/Mac users is required then it’s game over – the “alternatives” aren’t just up to it.
Windows licenses are cheap and things work out of the box. Software runs fine, all vendors support whatever you’re trying to do and you’re productive from day zero. Sure, there are annoyances from time to time, but they’re way fewer and simpler to deal with than the hoops you’ve to go through to get a minimal and viable/productive Linux desktop experience. It all comes down to a question of how much time (days? months?) you want to spend fixing things on Linux that simply work out of the box under Windows for a minimal fee. Buy a Windows license and spend the time you would’ve spent dealing with Linux issues doing your actual job and you’ll, most likely, get a better ROI.
Also, the guys take on “what you go for it’s entirely your choice” when it comes to DE is total BS. What usually happens is that you’ll eventually find out while you can use any DE in fact GNOME will provide a better experience because most applications on Linux are design / depend on its components and installing them on KDE will simply give you small issues here and there, windows that don’t pick on your theme or simply create a frankenstein of a system composed by KDE + a bunch of GTK components.
Im curious about your WINE comment, because you can go into the dialog that selects which version of Windows it “emulates”. The drop down has what looks like every release of windows back to DOS.
As for can’t collaborate, that depends on the industry. Teamcenter PLM and Siemens NX CAD work on both RHEL and SUSE desktop. When W10 came out it made those programs less performant so I switched to OpenSUSE and installed the NX CAD to get performance back.
WINE comment, because you can go into the dialog that selects which version of Windows it “emulates”.
Until the emulation fails at some basic Window API feature like window tabs with multiple rows that any Windows version from 95 does just fine. Or… until you try to get MS Office 2016 working and it requires dozens of hacks to end up with something very slow to startup and have graphical glitches… or 2019 also not working, or not being able to install 2021. Or… until you find out that Wine is still unable to just tell applications the screen size fucking up everything that depends on it. Wine is far from perfect and it isn’t that good.
As for can’t collaborate, that depends on the industry
Yes, you are lucky you got NX CAD for Linux, because for most people that’s not the case. Adobe products are a no go, AutoCAD is a no go, same goes for Multisim / Ultiboard.
WINE doesn’t emulate it translates the code so that it can run natively, so any problem you have is because you haven’t installed the windows dependencies of the program you are trying to run which you can do trough winetricks. And wine comes with a configuration tool called winecfg, and on there you can edit the window scaling, wine can in fact tell apps to screensize up
linux
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.