True. I run this on an android tablet, but firefox misses my usability needs. So i end up on safari more often than not

It about not beeimg sold as the product. Its about using the browser that dont rat you out

You dont need or want docker on your vm host. But a bare metal docker host can solve many peoples needs.

Dont listen to them! The main issue with containers vs vm is security as you lxc runs in the hosts, while a vm runs on the host.

Use what you are familiar with and remember that lxc are containers and docker are containers, but the use of them are vastly different.

Because a lot of people don’t learn docker, they install docker because some software they want to use is distributed that way.

But aside from buying a real truck instead of a typhoon, intels memory support might not be hard limit. It probaly is but it might not be.

More likely the mb’s memory controller can handle 256gb so if a new processor comes along with support for 256gb it will work.

If i was considering one server with 256gb ram i would go for server hardware and not try to use consumer stuff.

I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.

I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.

Yeah - the US was just unlucky. They lost these ones + the korean war. But anywhere else they would win. Maybe except in Russia. Or china. Or a few others. But except for that they would win

Nato isn’t an option for anyone anymore. Europe needs to re-group and handle their own security. This includes weapon production. US is not a stable partner, and it’s finally starting to dawn on the Europeans

Thats a nice dream. But out in reality there is presidential pardon

Nah - most lemmy posts are a link only. Its more like a lame version of rss

Troll or not, straight to the blocklist

To whitelist password logins in ssh you can match username and give them yes after you set no (for all). But i see no reason for password logons in ssh, console is safe enough (for me).

Right - so console/tty login is restricted by pam and its settings. So disabling ssh root logins means you can still log in as root there.

To lock root you can use passwd -l

If locking root I would keep root shell so i could sudo to root.

So my normal setup would be to create my admin user with sudo rights, set «PasswordAuthentication no» in sshd config and lock root with «sudo passwd -l root» Remember to add a pubkey to admin users authorizedkeys, and give it a secure but typable password

My root is now only available through sudo, and i can use password on console. Instead of locking root you can give it secure typable password. This way root can log in from console so you dont need sudo for root access from console.

It boils down to what you like and what risks you take compared to usable system. You can always recover a locked root account if you have access to single-user-mode or a live cd . Disk encryption makes livecd a difficult option.

Just turn off password logins from anything but console. For all users. No matter where it runs.

It becomes second to nature pretty fast, but you should have a system for storing / rotating keys.

But didnt they already have access? Its a bit hard to figure out whats happening from over the pond

Without a 3rd they can get confused if they loose contact but both nodes are up. Like both are in charge as one vote is enough

So 3+ hosts for clustering or 2 hosts and an qdevice to fake it

I can pay off about 1hrs per day. So any sleep over 9 hrs males no difference, but 9 helps me recover faster than the normal 8