Fermi is just a custom client for discord/spacebar. It’s not federated.

It’s not federated, just easy to self host and point custom clients at.

Faster than my edits, I see.

Docker compose’s don’t really need to be maintained though. As long as the app doesn’t need new components old docker composes should work.

EDIT: Oops, it does look like spacebarchat’s docker images have last been updated over 2 years ago:

https://hub.docker.com/r/spacebarchat/server

EDIT2: Although this is outdated, I think their github repo has an action to autobuild docker images on pushes. Still investigating.

EDIT3: Okay, they don’t seem to be actually ran.

But using nix to build a docker image is pretty cool.

EDIT4: Oh shit, the docker image build workflows were added just 2 hours ago. Of course they haven’t been ran!

Docker support soon, probably.

EDIT5: the workflow ran, but it looks like it’s private for now.

https://github.com/spacebarchat/spacebarchat

Literally reverse engineered discord, made open source.

That’s not quite true. Virtualbox is free but the extension pack is not. It says on the website that it’s under a different license.

Just don’t get it from the website but from a distro’s repos instead and you’ll be fine. Distros usually patch out telemetry as well.

But yeah, Oracle and similar schemes are why software installation is so restricted on corporate devices. It’s basically ransomware, freeware that people are willing to sue over.

Edit: it should be noted that charging people for licensed software in a corporate environment is okay. I have heard stories of Oracle making people buy licences for EVERY computer even if only one person downloaded the software…

What about domain reputation?

Have you considered that the reason why your mail server is trusted is because it’s been around for 20 years?

Have you tried to set up mail from scratch on a new domain/ip recently?

these ones: https://www.etsy.com/shop/SoHexy ?

I think I’m in love. They have such great variety, and the artstyle is so neat. And I love stickers because they are such great conversation starters.

In the old days, university IT put essentially no access controls on their networks, so students’ dorm computers were completely exposed to the internet

Dorm ethernet works this way for me right now. It’s how I host some stuff. I only get 100 mb/s per port though. I’ve bonded two ports to get 200 total.

Because the extensions replaced wordpress’ sitebuilder/editor. If I were to get rid of the extensions I would basically have to recreate the site anyways so I might as well switch away from wordpress.

Also check out: https://github.com/makeplane/plane

Do you have a source or benchmarks for the last bullet point?

I am skeptical that optimizations like that wouldn’t already be implemented by postgres.

Edit: Btrfs has the worst performance for databases according to this benchmark.

https://www.dimoulis.net/posts/benchmark-of-postgresql-with-ext4-xfs-btrfs-zfs/

There does exist a tool that does it. The creator posted about it on the fediverse. It only supported ubuntu at the time but looked extremely promising.

I cannot remember it’s name. :/

Maybe it’s linixify? But I remember seeing a post on lemmy with a youtube demo?

unless the SSD stopped working but then it is reasonable to expect it would no accept partitioning

This happened to me. It still showed up in kde’s partition manager (when I plugged the ssd into another computer), with the drive named as an error code.

My recommendation is meetup and a website for advertising purposes. Meetup is frustrating, yes, but at the same time it’s where I have found almost all the linux and tech groups near me.

This may sound kind of weird, but do you really need a communication platform for a LUG?

Our local LUG uses meetup and a website for advertising and telling people when we meet (once every two weeks at the same spot). (Okay I guess the one time our spot was closed and we had to track down people’s phone numbers to inform them of the new spot wasn’t that fun).

Anyway, we have a mailing list, an irc, and a matrix chat bridged to the irc, but they are effectively dead and no one uses them. The lack of activity on them makes me wonder if you really need to have a chatroom to run a LUG. We seem to get by just fine, for the most part.

I’ve heard of thumbnails being used to deliver malware.

You’ve heard of critical vulnerabilities in media processing applications that mean that thumbnails can theoretically be used to be spread malware. That is not the same as “this issue was being actively exploited in the wild and used to spread malware before it was found and patched”.

These vulnerabilities, (again, cost money), and are fixed rapidly when found. Yes, disabling thumbnails is more secure. But I am of the belief that average users should not worry about any form of costly zero day in their threat model, because they don’t have sensitive information on their computers that makes them a target.

less distro-dependent like a privilege escalation attack

These also are valuable. Less valuable than browser escapes IMO though.

A keylogger is more likely, and it’s just as possible with sudo as it is with run0. They would replace sudo, run0, doas, etc with a fake command (since that only require access to the user), that either keylogs, or inserts a backdoor while it does the other sudo things.

I’ve heard a fair few times about thumbnailer attacks, but no real detail from KDE about what if any mitigations they have in place.

Please ignore the entire cybersecurity hype news cycle about images being used to spread malware. They often like to intentionally muddy the waters, and not clearly explain the difference between a malformed file being used as a vulnerability to exploit a code execution exploit, and an image file being used as a container for a payload (steganography). The former is a big deal, the latter is a non issue because the image is not the issue, whatever means the malware actually used to get onto the systems is.

Here’s a recent example of me calling this BS out. The clickbait title implies that users got pwned by viewing a malicious image, when in actually it was a malicious extension that did the bad things.

Unless you are using windows media player, the microsoft office suite, or adobe acrobat, code execution from loading a media file is a really big deal and fixed extremely quickly. Just stay updated to dodge these kind of issues.

As for zero days, unknown and unpatched vulnerabilities, again, that’s a different threat model because those exploits cost money to execute. Using an existing known (but fixed in updated versions of apps) is free.

If I uninstall sudo and switch to run0 (

Sudo and run0 are both problematic. Sudo is a setuid binary, which is problematic, but run0 is not much better. It works by making calls to systemd/polkit/dbus, services that constantly run as root, and they themselves expose a massive attack surface. Many privilege escalation CVE’s similar to sudo have been released that exploit that attack surface.

When it comes to actually being secure, systemd somewhat screws you over, due to having a massive attack surface, a way to run things as root, and the interesting decision to have polkit parse and run javascript in order to handle authorization logic (parsing is a nightmare to do securely).

The other thing, is that the browser sandbox is much, much stronger than the separation of privileges between users in Linux. Browser sandbox escapes (because they work the same on windows or Linux) are worth immense amounts of cash, and are the kinds of exploits that are used in targeted manners against people who have information on their computer worth that much. If you don’t have information worth millions of dollars on your computer, you shouldn’t worry about browser sandbox escape exploits.

The reality is that any attacker who is willing and able to pierce through a browser sandbox, will probably also have a Linux privilege escalation vulnerability on hand. In my opinion, trying to add more layers to security is pointless unless you are adding stronger layers. If your attacker has a stronger “spear”, it doesn’t matter how many weak “shields” you try to put in front to stop it.

If the million dollar industry of browser escapes is in your threat model, I recommend checking out the way that Openbsd’s sandboxing interacts with chromium. Or check out google’s gvisor sandbox and see if you can run a browser in there.