Pika

I would describe windows Office as a combination Spyware Malware. It actively collects data on you using obscure means, in an attempt to prevent you from knowing how it’s collecting it. It will also actively change your settings without your knowledge. With recent updates I would even classify it as potentially adware as well, since they mentioned adding advertisements to the start menu and explorer. since they hard push their office products.

Honestly, with the fact that it also now force installs software against the users will on updates, the argument could be made that it’s slipping into trojan territory as well, it’s just lacking the backdoor access, but since they are hard pushing MS account authorization for login, I guess you don’t really need a backdoor when if you wanted to you could just force a password change and be able to login via the native login system.

edit: I thought this post was based off MAS as in to activate windows, I just now realized it was MAS for office activation. I still think that the same applies, just not the trojan aspect. I have edited it to reflect it.

I’ve never rebuilt a container, but I also don’t have any containers that are deprecated status either. I swap off to alternatives when a project hits deprecation or abandonware status.

My only deprecated container I currently have is filebrowser, I’m still seeking alternatives and have been for awhile now but strangely enough it doesn’t seem there are many web UI file management containers.

As such though ever since I learned that the project was abandoned on life support(the maintainer has said they are doing security patches only, and that while they are doing more on the project currently, that could change), the container remains off, only activating it when i need to use it.

oh for sure, it made sense that they wanted to make sure was fixed. Just was super alarming the speed it was advertised that the relay was there!

reminds me of my first mail server, accidentally set up an open relay and got a lot of abuse reports from mail providers saying they blocked my server due to it. Took forever to get fixed again.

fully agree, mine isnt accessible to the outside world either but, you never know if something gets missed or somehow a path gets made. would rather not open up that risk

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

yea it makes it so much easier since there’s only one user in the system anyway so makes no sense for everything to be installed system level

The majority of my development work is on chat bots or sites so I’ve always just used bot as the name

I always make a ~/.local/{bin,opt,share} if the distro lacks it. and a ~/bot that I use for my development stuff

I’m just chiming in to say that while the documentation gives you information on how to do external access, there are multiple issues open on the github about unauthenticated endpoints that if you know what is on the server already, you can confirm that it’s there

So I wouldn’t use a standard naming convention because using that knowledge, someone who cares could use common names that could be on the server, followed by common standards of formats they would be in, and be able to confirm it’s their via the end points.

yea but he wouldn’t need to handle that, I do all his setup, he just has to click the shortcut that opens the game just like he does currently.

We all have been there. First technical build I struggled for 45 minutes trying to figure out why I was getting a zero display whatsoever only to find out that I plugged that damn HDMI cable into the wrong port, and the board had disabled everything including post and splash from using the motherboards port

you arent the only one. I had suck a painful onboarding process with next cloud from the docker setup to the speed of it to the UI that I just gave up and decided to use a combination of immich and syncthing instead.

My grandfather’s reason for it. “It will be too different from my current system”

… the only thing he does is the web browser, and bookworm deluxe which i have confirmed does work via wine. I was recommending him install an OS called q4os, which I have on my laptop, I showed him the side by side comparison of q4os vs windows. For a point of reference this is what q4os looks like

I think he is too scared of change.

Fair, the first thing I teach anyone who gets a dualboot up and running, is how to install boot repair disk on a flash drive and how to run the system repair on it(easy enough since it autoruns). It fixes most basic BS that windows can do to a Linux install

I guess that really depends on the equipment though, some devices when you turn it on for the first time will automatically enter pairing mode, so all that had to be done is click it in the bluetooth menu, but it might not auto enter pairing mode when you turn it on after. So it’s unlikely the user ever knew they were pairing it, and just clicked through the prompts like many do

I somewhat agree with their mentality on post 2022 Debian since they had changed the default and made it harder to disable non-free from the start but, from what I understood by reading the FAQ page, even prior to bookworm it wasn’t endorsed due to having the toggle in the first place, which I find super weird.

It didn’t until 2022 or so, it’s had a toggle that can be turned on or off for non-free repo’s for as long as I can remember but, starting around 2022 they changed the default to allow for non-free (and also apparently made it a pain in the butt for the live install to disable it because its a boot param now instead of a toggle)