For KDE specifically I think there’s a dbus interface that can be called to switch it. You can find it with QDBusViewer or D-Feet.
I’d imagine XWayland would follow the same since it’s essentially a Wayland client. But if you ran the xmodmap under xwayland, that may have inverted it in xwayland, and it’s already inverted in KWin which would double invert it aka put it back to default.
Otherwise doing it at the evdev level will definitely work. It’s a bit of a nuclear option but if it works…
Both Docker and Podman pretty much handle all of those so I think you’re good. The last aspect about networking can easily be fixed with a few iptables/nftables/firewalld rules. One final addition could be NGINX in front of web services or something dedicated to handling web requests on the open Internet to reduce potential exploits in the embedded web servers in your apps. But other than that, you’ve got it all covered yourself.
There’s all the options needed to limit CPU usage, memory usage or generally prevent using up all the system’s resources in docker/podman-compose files as well.
If you want an additional layer of security, you could also run it all in a VM, so a container escape leads to a VM that does nothing else but run containers. So another major layer to break.
Moderation does federate out, but only from the originating instance, the one that owns the post on question.
If someone post spam on lemmy.ca and lemmy.world deletes it, it only deletes on lemmy.world. If a mod or admin on lemmy.ca deletes it however, it federates and everyone deletes it as a result (unless modified to ignore deletions, but by default Lemmy will accept it).
There’s some interoperability problems with some software, notably Kbin where their deletions don’t federate to Lemmy correctly, so those do need to be moderated by every instance. But between Lemmy instances it does federate.
(a) Yes. Instance admins have the ultimate say in what’s on their server. They can delete posts, entire communities, ban remote users and delete remote users. At least they had the decency of notifying you!
Since lemmy.ca owns the post, lemmy.world can’t federate out the removal, so it’s only on lemmy.world.
(b) You have to go appeal to lemmy.world. Each instance have its own independent appeal process.
That’s the beauty of the fediverse: instances can all have their rules to tailor the experience to their users, and it doesn’t have to affect the entire fediverse. Other instances linked to lemmy.ca can still see and interact with your post just fine, just not lemmy.world.
But at the same time, they do offer increased security when they work correctly. It’s like saying we shouldn’t use virtualization anymore because historically some virtual devices have been exploitable in a way that you could escape the VM. Or lately, Spectre/Meltdown. Or a bit of an older one, Rowhammer.
Sometimes, security measures open a hole while closing many others. That’s how software works unfortunately, especially in something as complex as the Linux kernel.
Using namespaces and keeping your system up to date is the best you can do as a user. Or maybe add a layer of VM. But no solution is foolproof, if you really need that much security use multiple devices, ideally airgapped ones whenever possible.
Isn’t that kind of AppImage’s whole thing, to behave like Mac apps that you just double click on regardless of where they are, and not have a package manager?
I’d go for the Flatpak if you want it to be managed and updated.
We went from distro packages to Flatpak to bare files and circling back to reinventing the package manager…
Maybe you can set up a KWin window rule to force Latte to be where you want it to be?
Not that Plasma panels work that much better than Latte in that regard, they still sometimes shift monitors just because something is plugged in (not even enabled, just plugged in!)
I really wish we could pin things to the exact monitor via its physical port location or serial number or something from EDID.
I don’t know, it’s going to depend a lot on usage pattern and cache hit ratio. It will probably do a lot more writes than normal to the cache drive as it evicts older stuff and replaces it. Everything has tradeoffs in the end.
Another big tradeoff depending on the cache mode (ie. writeback mode) if the SSD dies, you can lose a fair bit of data. Not as catastrophic as a RAID0 would but pretty bad. And you probably want writeback for the fast writes.
Thus I had 2 SSDs and 2 HDDs in RAID1, with the SSDs caching the HDDs. But it turns out my SSDs are kinda crap (they’re about as fast as the HDDs for sequential read/writes) and I didn’t see as much benefit as I hoped so now they’re independent ZFS pools.
People have been running Ext4 systems for decades pretending that if Ext4 does not see the bitrot, the bitrot does not exist. (then BTRFS picks up a bad checksum and people scold it for being a bad filesystem)
ZFS made me discover that my onboard SATA controller sucks and returns bad data occasionally under heavy load. My computer cannot complete a ZFS scrub without finding errors, every single time.
Ext4, bcache and mdadm never complained about it, ever. There was never any sign that something was wrong at all.
100% worth it if you care about your data. I can definitely feel the hit on my NVMe but it’s also doing so much more.
You may disagree with it and may even be right, I didn’t bother watching all those videos. But the thing is, it’s always a potential liability for admins, and we’re at the mercy of what the law says and what a potential judge or jury would rule if brought to court.
And we all know how that goes when underage people are involved: everyone goes “but the children!”. Therefore, admins side with caution, because nobody wants to deal with legal trouble if they don’t have to. Just blur it and make everyone happy.
Plus, in the current AI landscape, the mere availability of nude children imagery even if it’s not sexually suggestive at all means someone can alter it to become so. People have already been arrested for that.
Nothing to do with people being too prude to see naked children. It’s about consent and what nasty people will inevitably do with it. Does that girl really want videos of her naked all over the porn sites even through heroic actions? Probably not.
I’m a minuscule instance. That’s fine. I like that I have control over it, how it’s maintained and updated. If I want to convert it to Mbin because I like it more, I can. I know for sure it’s going to live at least as long as I’m interested in the fediverse. Nobody can take it away from me.
Big instances are expensive to run, and in a way, they’re not exactly immune to shutting down and big instances shutting down have a much bigger impact than a small one with few communities when they go poof.
Kind of but not really? You’d have to federate out every vote individually. There’s no upvotes totals anywhere, there’s a vote table that contains who voted up/down on what, and it’s counted as needed. So if you want to send out 1000 votes, you need 1000 valid users and also send 1000 different activities to at least one instance.
You can make it display 100000 votes on your own instance if you want, but it’s not going to alter the rating on other instances because they run their own tally.
If you really want this to work long term, you need a credible looking instance with credible looking users that are ideally actually subscribed to the target community, and credible activity patterns too. Otherwise, the community can detect what you’re doing and defederate you and purge all the activities from your instance, and also revert all those votes as a side effect.
Remember, all votes are individual activities, and all votes are replicated individually to every instance. On Kbin, you can even see all the votes right from the UI, they don’t even hide it! You can count them yourself if you want. So anyone with the dataset can analyze it and sound the alarm. And each instance can potentially have its own algorithm for that, so instead of having just one target to game, like Reddit and a subreddit, you have hundreds of instances to fool. There’s so many signals I could use to fight spam: instance age, instance user growth, the frequency and timing of the votes, are the users seemingly active 24/7, what other communities those users post into, what are they voting for, do they all vote in agreement with each other, and on and on.
So, you technically can manipulate votes but it takes a lot of effort and care to make it as hard as possible to detect in practice. We play the same cat and mouse game as Reddit, but distributed and with many more eyes on it.
Because then you need to take care everywhere to decode it as needed and also make sure you never double-encode it.
For example, do other servers receive it pre-encoded? What if the remote instance doesn’t do that, how do you ensure what other instances send you is already encoded correctly? Do you just encode whatever you receive, at risk of double encoding it? And generally, what about use cases where you don’t need it, like mobile apps?
Data should be transformed where it needs it, otherwise you always add risks of messing it up, which is exactly what we’re seeing. That encoding is reversible, but then it’s hard to know how many times it may have been encoded. For example, if I type & which is already an entity, do you detect that and decode it even though I never intended to because I’m posting an HTML snippet?
Right now it’s so broken that if you edit a post, you get an editor… with escaped HTML entities. What happens if you save your post after that? It’s double encoded! Now everyone and every app has to make sure to decode HTML entities and it leads to more bugs.
There is exactly one place where it needs to encode, and that’s in web clients, more precisely, when it’s being displayed as HTML. That’s where it should be encoded. Mobile apps don’t care they don’t even render HTML to begin with. Bots and most things using the API don’t care. They shouldn’t have to care because it may be rendered as HTML somewhere. It just creates more bugs and more work for pretty much everyone involved. It sucks.
Now we have an even worse problem is that we don’t know what post is encoded which way, so once 0.19 rolls out and there’s version mismatches it’s going to be a shitshow and may very well lead to another XSS incident.
There will be loss in the process so you should go a little above. You also need to account for the efficiency curve of your power supply: is it best efficient at 80% load? 90% load? Can it handle 120% momentarily in case of a spike?
CV power supplies are the standard: constant voltage. It outputs say 12V, and trips when overcurrent. A CC supply would limit current to say, 20A. It does so by dynamically adjusting the voltage output to match that target. That’s a lot less common and usually used for battery charging or testing/troubleshooting. So, I guess, don’t plug it on a battery charger.
It should come with specs as to what input it can take. Follow the recommendations. If it says DC give it DC unless you’re absolutely sure of the circuit in there. The presence of a rectifier and caps doesn’t tell you much given it’s an amplifier, it could be part of the amp circuit for the MOSFETs and not its power supply.