Of course, but I assume elderly people getting familiar with a completely new technology need anyway some kind of personal support and introduction from someone close. I don’t think anybody would plan to throw a Mac at some elderly person and say “if any issue call Apple support”, right?

I get your point though, and I am just saying that there are situations where Linux might work totally fine.

Also, the used market for apple product is not that big where I lived. Nobody in the family had a Mac also, which means she wouldn’t have had anybody to ask for support at all. It’s a specific situation, but my point is that having an official support is not going to help that much in some cases.

I find Mac to be extremely unintuitive in how things are organized tbh, but that’s just me.

Anyway, you are right, but she wanted to spend just 3-400 euros for a laptop, which is incompatible with Apple prices. Obviously this means being there to support if something goes wrong, but with a minimal install and Linux being stable, it doesn’t happen often (I also have my mom’s laptop running mint). I do have a reverse tunnel script configured that allows me to SSH in their machines using a “panic” icon on their desktop.

My great-aunt asked for a PC when she was 85 and her grandchild moved abroad. I installed Linux mint with a few scripts and shortcuts to ease her life, and she picked that up (check email, Skype, nothing super sophisticated ofc). I guess if it’s a new thing, windows does not the advantage of being already familiar, and Linux is more stable in my experience, which leads to less random errors.

Yes, it is a metasearch engine. It’s basically like proxy+aggregator or multiple engines.

This statement makes no sense. Federated search means nothing. Ultimately someone needs to scrape, index, store and retrieve data. At the moment, a handful can do it efficiently, and to have a wide coverage, engines use also other APIs. Kagi does this, for example, by combining Google and others (e.g. brave) with their own indexer.

How do you imagine a “federated” search would be any different? Using multiple APIs is effectively “federating”.

As I said in another comment, to be fully ethical you should not run on any major cloud (owned by Amazon, Google, Microsoft, Oracle and IBM), not run on anything on fossil fuels (few DCs), not use any API of major companies (google, apple, etc.) and so on. So basically if we ever want a new, better, solution (tech) we just need to materialize a few billions of dollars to allow this fully ethical solution with no dependency on immoral parties. Alternatively, the whole market dynamic should be disrupted, because that’s the problem.

They are using brave search results, like they do with others. Frankly, you could build totally identical arguments (and to be honest, much more serious) for “partnering” with Google and Microsoft, but then the product wouldn’t exist and wouldn’t be as good.

The relationship with the Brave founder is so indirect, that this - to me - feels like an argument from someone who is looking for reasons to get angry. Kagi probably uses AWS (or other clouds), which funds Amazon (known for terrible worker rights), funds Google, fossil fuel industry, etc. It’s a sad reality, but you simply can’t exist nowadays in the moral and ethical way many people would like. You can, only if you are a privileged one. Technologically speaking, Google can probably do it, for example (own hardware, DCs, tech etc.). We can choose to fight those that directly support political agendas we disagree with, or we can damage the smallest players by demanding they will be 100% pure and ethical by not having any relationship with those with those agendas.

In my personal opinion, such unrealistic ethical requirements end up being a reactionary choice as they will ultimately impede new - better - players to emerge and will leave the existing - worse - dominating.

I don’t know what is going to happen, and as I said, I don’t even care that much to be honest.

Blast radius of what? How does that affect existing Mastodon instances?

It does if this happens gradually, when instances bleed users to Threads because it has “more features”/works better/etc.

I’m optimistic because I think open alternatives are generally better and will win long term.

Good for you, I am not sure what this optimism is grounded on, but I lost it completely. I think the battle is already lost, and open solution can -at best- represent a niche corner of the internet. People are used to things that are addictive and create expectations that are unrealistic for services run with budget at 4 digits top. There is no going back, in my opinion. Either way, this is very much besides the point of my argument, which was that email is exactly an example of how big companies can take over “open” protocols with them being left “open” but effectively having 99% of users on 2/3 providers, and a very high entry barrier which renders the “open” nature of the protocol just a formality.

No really relevant for my point, but I assume that preventing them to be effectively part of the fediverse, can reduce the blast radius of their changes, since they will be (more) isolated.

If they are on the other hand fully part of the fediverse (I.e. nobody defederates them) many people may be incentivised to move to “that instance” because it will realistically have better availability and in the future might have more “features”, which is exactly the kind of extensions to the protocol that other won’t be able to keep up with.

I personally used to care more in the past, I don’t now that much, but I can definitely see the potential danger.

To be honest, not a great argument, considering that the hidden magic that Google and a handful of big players do, specifically in relation to spam, is what made emails substantially an oligopoly. Today if you want to run an email server, you need to jump 20 hoops to hope your email will ever reach the mailbox of someone on Gmail. Emails were supposed to be a distributed protocol too…

I use https://www.chezmoi.io/ for the same purpose of managing dotfiles. There are a bunch of tools to do this that you can pick your poison :)

I think lazylibrarian is user to search and download books automatically. Are you using calibre as in the native tool, or calibre-web?

Ansible is definitely one way to do this. If your machines are VMs, then also building VM images with packer can be the way.

For tmux, vim, etc. You can still use ansible or some specific tool for dotfiles, like chezmoi (there are a bunch). You can even use ansible to run chezmoi!

Oh no, I get it, I was quite scared the first time I messed with it, and I cursed LG plenty for not letting me install safely what I want on my own TV. I found this technique to be quite safe though. You basically uninstall the official YouTube app, then do the loading and you can always remove the app and reinstall the official one.

I hope I didn’t sound condescending, I just realized that I had been a bit too quick labeling something easy, while I understand that for some other person reading, using a CLI tool is in itself a new thing. Good luck :)

The procedure to install is very easy, you can also always uninstall it and reinstall the official one, I don’t think it’s irreversible in any way. Note that I am talking about side loading using developer mode. Rooting the TV via an exploit can brick your TV instead.

Edit: The procedure is basically described in https://webostv.developer.lge.com/develop/getting-started/developer-mode-app.

I realize I said very simple, but I guess it depends on your familiarity with tech and command line tools.

I think the answer is fairly simpler, from my point of view: because NATO is not a military alliance among peers. It is the military arm of the American empire. This allows US to essentially manage the foreign policies of most of NATO members, but it also comes with the cost of being the one paying the bills. Empires are expensive.

I will skip commenting the rest because, well, you are entitled to your own opinion and you can loathe who you want. I would perhaps simply suggest to look at your own country with an outside perspective and realize that if everyone used your same logic, the world will be a more hateful place than already is.

I use https://github.com/webosbrew/youtube-webos on my LG TV, to watch without ads. I have to sideload it via the CLI tools, but it works. Sometimes I have to reinstall it (I suppose some TV update screws up), but for my partner watching without ads is worth the random sporadic breakage.

Thanks for sharing, I was not aware of it, and it worked like a charm.

Some additional benefits also are the management of secrets. In compose you will shove them inside a .ENV file if not directly inside the compose file, while in Kubernetes you can use the secrets resource or even plug in Vault relatively easily. Stateful storage is also better handled. Named volumes are nasty to keep track of, backup and it’s not possible to spread them across multiple devices (as in disks) while bind mounts are insecure in general. Kubernetes provides a storage abstraction which is easier to manage.

Obviously the big advantage comes when you want to run stuff on multiple devices to spread the load (or because the one box is saturated), since with compose you would need completely custom and independent setups.

Finally, I would say that running compose makes it much harder to have a monitoring stack supporting your services, since you will need to do all the plumbing for metrics endpoints yourself. And - very last - you can have admission controllers in Kubernetes that prevent certain configuration (e.g. Kyverno with a bunch of default policies), while with compose you need to manually vet every compose file and image (for example, to ensure it doesn’t run as root).

That said, compose is perfect to get started and to run stuff on one machine.

If you containerize, the application (malware) will run under the user configured in the image, unless you override it, and in a separate mount namespace, unless you change that, which makes the “alias sudo” trick extremely unlikely.

Even running under a separate user anyway prevents almost fully the attack you mention, unless the separate user has root privileges or the DAC_OVERRIDE capability is assigned to the binary (assigning it requires CAP_SYS_ADMIN).

In short, the attack you mention is a common persistence and privilege escalation vector, which is relatively easy to detect (watch for changes to shell profiles), although preventing it requires some care. I just want to point out that in single-user machines (e.g. personal computers) escalating to root is anyway fairly unnecessary, given that all the juicy stuff (ssh keys, data, etc.) is anyway probably running under/owned by that user.

Vulnerabilities can and are usually found without code inspection. Fuzzing, reverse engineering, etc. At the same time, it is easier to find vulnerabilities having the code to check, but it is easier also for those who want to have them patched. That’s why we have tons of CVEs in Windows, iOS etc., and they don’t all come from the vendor… Depending on the ratio of eyeballs looking at something to fix and the ones looking at something to exploit, open source can be more secure compared to closed source.