Try installing the packages mentioned here: https://docs.ankiweb.net/platform/linux/installing.html#requirements
sudo apt install libxcb-xinerama0 libxcb-cursor0 libnss3 libxcb-icccm4 libxcb-keysyms1
Try installing the packages mentioned here: https://docs.ankiweb.net/platform/linux/installing.html#requirements
sudo apt install libxcb-xinerama0 libxcb-cursor0 libnss3 libxcb-icccm4 libxcb-keysyms1
It looks like criticisms similar to mine were offered in the comments of the youtube video you linked at first, and now the youtuber has released a second video, a correction. In this video he uses nginx proxy manager and DNS-01 challenges:
https://www.youtube.com/watch?v=XEltHEZU6aE
Big respect for doing that.
I check if it's open source. If I can't find the source code, it's automatically a no go.
Of course, even if it is open source, that's not enough. Sometimes I delegate less trustworthy browser extensions to separate browser profiles, which are isolated and can't read eachothers data.
Talos Linux is an interesting Kuberntes focused Linux distro that has an extremely minimal init system, with only the components needed to launch Kubernetes.
https://docs.siderolabs.com/talos/v1.13/learn-more/components#machined
The idea is that, since Kubernetes can manage services and do basically everything Systemd often does on modern systems, you just have Kubernetes do it instead.
if they do have an init system at all, it’s usually not systemd but something much simpler, because the environment/task doesn’t need it and there’s a memory and storage benefit to not shipping the extra bulk
Systemd often just straight up doesn't work in containers due to containers having security restrictions that prevent processes in them from accessing certain parts of the Linux kernel. Systemd tries very hard to be a container manager (nspawn, portable services, cgroups controls, and so on), whereas other init systems don't do this, making them work inside containers
Is there a cert you are going for specifically?
I've never tried it but it looks reasonable. It is paid, but it offers courses focused towards certifiacates and hands on labs, with fairly reasonable pricing. There is a a weeklong free trial, so you can just use that to test.
Also check out these:
https://training.play-with-kubernetes.com/
They are truly free, but have a lot less content. I like to use them to teach stuff sometimes.
You can also set up a homelab with Kubernetes for hosting stuff. I actually really like Kubernetes for that usecase.
There are probably other private parts of the crates website, like the pages for developers who are uploading crates. It makes sense to just give the same error for everything, from the same logic all in one easily auditable spot.
And of course, just because all crates on the site are public now, doesn't preclude the possibility of private crates im the future.
We have client isolation, but that would not stop the son from “stealing” the IP address his mom uses by spoofing their Mac address. I dont see how client isolation would help here, but I would need some kind of auth approach.
You can have more than one SSID/Wifi Network, each with their own auth, VLAN, and ofc, access to the network.
Although, the approach I would prefer is to just auth the media server itself.
Sure putting them on different subnets would be an elegant solution, but I can only host 4 wifis from my ap and have more than 4 “permission groups”
Ah. Yeah. Then you have to auth the media server itself.
Although, another approach you can do is have people VPN in (even if already local) and the VPN puts them on different subnets.
Or another approach is to use WPA enterprise, where clients have to use a username and a password to connect to the wifi. With each client having a unique identity, you can then control access or assign them to subnets. But your hardware/software has to support that, and you would also need an LDAP/Radius setup probably, it's the most complicated bundle.
So I guess the above 3 options are listed in order of simple to complex.
Only possible to authenticate with Github
They seem to be working on it
If you go to a page which doesn't exist, one would expect to get the 404 HTTP code (not found). So let's try when we query a crate which doesn't exist:
This is the only one I somewhat disagree with. If you give a 403 error whenever you don't have permissions to access a page, and a 404 whenever you access a page, it becomes possible to discover parts of the website that exist but you can't access.
It's because of this, that both Github and Forgejo just return 404 errors when you access a repo that doens't exist OR it's a private repo. A quick test with Codeberg against a repo that probably doesn't exist gives me an error 404 and the message:
The page you are trying to reach either does not exist, has been removed or you are not authorized to view it.
(emphasis mine)
Now, I would rather see 404 errors everywhere instead of 403's. It's way more likely that you are encountering a repo or website path that doesn't exist, than you lacking privileges/auth. But, 403's everywhere is an approach I've seen done before and it makes sense when you understand why.
Performance, it's slightly slower compared to Bun, but it is faster than Node. But it has sandboxing, which is neat.
Deno is pretty interesting because it has built in sandboxing. By default, no code can even access the network. Everything must be explicitly allowed, including network access and environment variables: https://docs.deno.com/runtime/fundamentals/security/
Access can be scoped pretty granularly as well, only allowing access to specific websites or env variables.
I really like this model since it offers a strong protection against secrets stealers, which have hit NPM extremely frequently. No more of malicious NPM packages scraping the whole system to find secrets.
It does have a performance tradeoff compared to Bun. Bun is (was?) the fastest, Node was the slowest, Deno was in the middle.
Duckduckgo maps, which seems to scrape yelp?