What is controlling the SATA drivers? A lot of times the stuff that comes on motherboards isn’t the greatest and getting a dedicated storage controller allows you to saturate the drive much more thoroughly. Specially if they have big caches.
yes, the last 2 mentioned commands throw the error below and won’t continue the operation:
<span style="color:#323232;">Error:
</span><span style="color:#323232;"> Problem: The operation would result in removing the following protected packages: systemd, systemd-udev
</span><span style="color:#323232;">
</span>
I try different distros just out of curiosity. I’ve used several that look promising, but there always seems to be some little thing I end up not liking. I usually end up going back to Zorin, which to me feels a lot like Mint. If Mint works well for you, use it. While many Linux users tend to distro-hop quite a bit, if you just want a computer that works for what you need it to do, stick with what does that for you.
What are you running your containers on? I just put my VPN on the docker host so I could be sure I could use the firewall to block traffic from going out except over the VPN.
I guess maybe I don’t understand what workspaces are? Because I’ve been operating under the assumption that I’ve been using multiple workspaces with GNOME for a* long* time now.
Are you saying the GNOME update in April will each workspace to have it’s own unique desktop folder?
Nothing unsolvable, but it can be a pain when you want to run something not in nixpkgs. My solution is to have Ubuntu on a separate partition, and I was using docker to solve this problem for a while but have moved away from it.
unrelated but does Ableton work with Linux yet? I did a quick search and someone says it works “flawlessly” but the comments indicate this is not true.
Bitwig was created by some of the people that built Abelton Live. Bitwig is considered by many to be the best of them all and easier to pick up by beginners. I plan to try it on Linux before I decide if I make the jump from Abelton.
OP said they were not looking for Ubuntu or Arch derivatives, and that they were not afraid to get their hands dirty to figure things out. Slackware + Flatpaks can give a stable base while giving you up-to-date applications when SBo doesnt have the build files. This would give OP a system that just works OOTB. Tho it is KDE OOTB, one can put gnome or cinnamon on it.
As i see it, the term “firewall” was originally the neat name for an overall security concept for your systems privacy/integrity/security. Thus physical security is (or can be) as well part of a firewall concept as maybe training of users. The keys of your server rooms door could be part of that concept too.
In general you only “need” to secure something that actually is there, you won’t build a safe into the wall and hide it with an old painting without something to put in it or - could be part of the concept - an alarmsensor that triggers when that old painting is moved, thus creating sort of a honeypot.
if and what types of security you want is up to you (so don’t blame others if you made bad decisions).
but as a general rule out of practice i would say it is wise to always have two layers of defence. and always try to prepare for one “error” at a time and try to solve it quickly then.
example: if you want an rsync server on an internet facing machine to only be accessible for some subnets, i would suggest you add iptables rules as tight as possible and also configure the service to reject access from all other than the wanted addresses. also consider monitoring both, maybe using two different approaches: monitor the config to be as defined as well as setup an access-check from one of the unwanted, excluded addresses that fires an alarm when access becomes possible.
this would not only prevent those unwanted access from happening but also prevent accidental opening or breaking of config from happen unnoticed.
here the same, if you want monitoring is also up to you and your concept of security, as is with redundancy.
In general i would suggest to setup an ip filtering “firewall” if you have ip forwarding activated for some reason. a rather tight filtering would maybe only allow what you really need, while DROPping all other requests, but sometimes icmp comes in handy, so maybe you want ping or MTU discovery to actually work. always depends on what you have and how strong you want to protect it from what with what effort. a generic ip filter to only allow outgoing connections on a single workstation may be a good idea as second layer of “defence” in case your router has hidden vendor backdoors that either the vendor sold or someone else simply discovered. Disallowing all that might-be-usable-for-some-users-default-on-protocols like avahi & co in some distros would probably help a bit then.
so there is no generic fault-proof rule of thumb…
to number 5.: what sort of “not trusting” the software? might, has or “will” have: a. security flaws in code b. insecurity by design c. backdoors by gov, vendor or distributor d. spy functionality e. annoying ads as soon as it has internet connection f. all of the above (now guess the likely vendors for this one)
for c d and e one might also want to filter some outgoing connection…
one could also use an ip filtering firewall to keep logs small by disallowing those who obviously have intentions you dislike (fail2ban i.e.)
so maybe create a concept first and ask how to achieve the desired precautions then. or just start with your idea of the firewall and dig into some of the appearing rabbit holes afterwards ;-)
Arch Linux, rolling Linux distribution, would give you the newest stable software, with probably new application features, but you can use distrobox, podman-toolbox, VirtualBox, KVM (QEMU) or a live Linux cd image to play with Arch Linux every now and then, without having to install it :)
Any distro should do it, you just need to set your media centre software to run at startup. I’ve done it with Plex and Kodi, and I think Jellyfin does it too :)
I think it’s better to have one but you probably don’t need multiple layers. When I’m setting up servers nowadays, it’s typically in the cloud and AWS and the like typically have firewalls. So, I don’t really do much on those machines besides change ports to non-standard things. (Like the SSH port should be a random one instead of 22.)
But you should use one if you don’t have an ecosystem where ports can be blocked or forwarded. If nothing else, the constant login attempts from bots will fill up your logs. I disable password logins on web servers and if I don’t change the port, I get a zillion attempts to ssh using “admin” and some common password on port 22. No one gets in but it still requires more compute than just blocking port 22 and making your SSH port something else.
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.