Mostly this, but also, if you’re going to manage many scripts in a system for many users, revision control doesn’t help that. Either look at packaging them properly for your distro, or using something Ansible to distribute and manage their versioning on the system to make things easier on yourself.
HBA and IT are pretty much the same thing. They both present JBOD to the OS, which is what ZFS wants.
The only different between HBA and IT is the latter being solely driven by what’s on the card without coordination from a board handoff, for instance. It’s like the stock-stock version of the chip on the card with no custom drivers or firmware, kinda.
Either way, HBA is fine.
So you’re saying after a clean boot, the mouse takes time to register and start working again? Does it work in sddm before logging in, but then lags to reconnect once loaded into your DE?
The Desktop Environment doesn’t matter much. Whichever you like. Stock Fedora is Gnome, and there is a Spin of practically every desktop available. Try what you think you’ll like.
You are quite mistaken. TPM is used as a key pair, and not just generation.
Let give you a specific example: built a hardware platform for a company, and they wanted to make sure that the storage and device were secure on their own, as well as being separated to prevent somebody pulling it apart to try and channel attack all the different things.
On install, the encrypted disk generates a signature. TPm has its own clean keys set to verify that it’s paired at various levels with various pieces of onboard hardware. Then you pair a bootloader combination of those signatures to generate a three-part signature to make sure that what is in TPM matches both the onboard signatures of what is hardwired in, along with the key generated by the new encrypted volume on the drive.
Anyone takes that drive out, it’s mostly useless, because it can’t boot without the signatures verified by TPM, and they’ll never be able to match the combination of the other 15 keys stored there for the hardwired components.
That’s how it’s intended for use. Not just for signature generation and verification. It’s more of a key/value store than anything, like a physical hardware token device.
Vaultwarden is pretty much the standard if you’re talking about self-hosted.
I’ve honestly never had a single issue with the Android app, or mobile extensions for Firefox. What’s your setup, and have you tried completely evacuating local storage and redoing your login and sync from scratch? There are a lot more mobile updates that can cause locally stored versions of things to cause problems.
Fedora for beginners. Ubuntu-based lost the crown because of Snap bullshit.
The default gateway. If it’s not passing traffic, your machine doesn’t go looking elsewhere for routes that work. Read through both the links, and they’ll give you extra background.
Then the first setup does that.
It wouldn’t be able to communicate with the internet, but would still be able to talk to your local network.
If that’s not specifically what you’re trying to do, and you don’t care if traffic might go out over your regular Internet connection, then you can create a fail over type situation where it will try and use a “backup” route to communicate to the internet if needed, though you’ll need to spend some time really making it pretty smooth: https://www.baeldung.com/linux/multiple-default-gateways-outbound-connections
ufw is a firewall. Routing controls traffic flow. You want to set the default route of that machine to only use the tun0 interface. Random link explains
As a secondary step you can set your firewall to block any traffic trying to exit an interface I suppose, but it really shouldn’t be necessary.
For your other services on the local network for your subnet, just add a secondary route only for your subnet that uses your router as a gateway.
It’s…alright I guess? I don’t know that it’s really a good solution for most home users. What’s the use-case?
Remmina is probably the most popular and stable that’s more modern right now. Works fine with everything I’ve ever thrown at it.
Passthrough in this sense just means that the ISP cable modem only acts as a modem, handing off all traffic to your router to control. Essentially it just disabled NAT so you won’t have double-NAT’ing happening. It’s a standard setting on all cable modems, so I know that part is possible, but it’s more about getting your ISP to enable that if they have it locked.
That’s a bummer. Have you asked them about running it in passthrough mode?
The actual cable modem can run in passthrough mode though. Look up the model and find the docs. Should be a quick and easy change, or your ISP at least should able to change it. It would be absurd if not.
You’re going to get double NAT’d if you don’t have a proper passthrough. Is there a specific reason you have two routers setup like this?
The default for the stock distro will be Wayland, not X11. Is there a reason you want to use x2go and not a more modern remote desktop implementation?
No idea where you got this understanding from, but it’s not accurate. In your example, if a distro has signed binaries, then it will work to verify code loaded during the boot process to help to verify system integrity. As OP asked about Mint, yes it technically does have signed pre boot and boot signed modules.
No, this will not prevent all code/processes that aren’t signed from running. That’s a ludicrous statement. It will prevent unsigned kernel modules from being loaded (see Nvidia’s MOK process), and it will prevent a disk from being hit with sideload attacks perhaps (it should be encrypted anyway), but it absolutely does not prevent a user from running unsigned code, or even using root privs to run harmful code (like running random scripts from GitHub).
So at the end of the day does it help a standard user with security? I would argue no. As I said elsewhere, if this question were about HOW to improve security with SB, I’d have a different answer, but that’s not the question OP asked.
Another waste of our time and money. It’s a bill to try and force companies to remove content they don’t like…or else.
This will be shot down in court (again), and since the platforms themselves will be respontfir removing content, will not be forced to comply. It’s unconstitutional and unenforceable, so just a big ass waste of everyone’s fucking time. So dumb.