0·
1 day agoIt has exclusives iirc, steam deck “just” has the rest.
The switch also has coop multiplayer and a few other things going for it as well.
- 0 Posts
- 95 Comments
Joined 2 years ago
Cake day: June 30th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I feel like the line break and system text has meme potential, I just don’t know how to implement it
0·1 day agoJust waiting for someone to “leak” a phone and it turns out to be last years phone, just to see how long it takes people to notice.
3·3 days agoblinks left
blinks right
accelerates backwards
Create a tar, push it, then untar using adb shell?
0·11 days agoThat just moves the problem, what happens if I put a piece of paper between them? Unless they don’t interact with anything they still face the same problem.
You can
nixos-rebuildher, you have the technology.
Tldr:
Rootful podman with
podman run --userns=autois more secure than one rootless host user running many pods, because those pods could (theoretically) attack each other.
though you still have the possibility of an exploit in the image pullRootless podman running one pod (as in service including database and so on) per host user with different subuid Ranges is the most secure, but you have to actually set that up which can be a lot of work depending on distribution.
0·11 days agoAll devices launching with Android 10 and higher are required to use file-based encryption.
To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:
- Kernel Support for Ext4 encryption or F2FS encryption.
-
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys. -
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys. - Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
https://source.android.com/docs/security/features/encryption/file-based?hl=en
Lose access to your MS account = lose your data forever. No warnings, no second chances. Many people learn about BitLocker the first time it locks them out.
It seems like they just got locked out of their Microsoft account (which stores the bitlocker key). Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?
Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.
0·15 days agoBut my streak is at 419, I can’t stop now!
0·15 days agoNo Problem!
If you want to fix the issue: That seems like the hostname for one of the databases is wrongly set in the environment file, the hostname of containers is the same as the container name which can be read using
podman ps.
0·18 days agoSounds like a problem fixing itself, at some point MacOS is going to have problems if it can’t edit a config is my guess.
I thought this was an entry level publishing
Sure, I set it up in nixos though this is the short form of that:
spoiler
- Install Podman and passt + slirp4netns for networking
- Setup subuid and subgid
usermod --add-subuids 100000-165535 --add-subgids 100000-165535 johndoe - I’m using quadlet’s so we need to create those: $HOME/.config/containers/systemd/immich-database.container
[Unit] Description=Immich Database Requires=immich-redis.service immich-network.service [Container] AutoUpdate=registry EnvironmentFile=${immich-config} # add your environment variables file here Image=registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 # hash from the official docker-compose, has to be updated from time to time Label=registry Pull=newer # update to newest image, though this image is specified by hash and will never update to another version unless the hash is changed Network=immich.network # attach to the podman network UserNS=keep-id:uid=999,gid=999 # This makes uid 999 and gid 999 map to the user running the service, this is so that you can access the files in the volume without any special handling otherwise root would map to your uid and the uid 999 would map to some very high uid that you can't access without podman - This modifies the image at runtime and may make the systemd service timeout, maybe increase the timeout on low-powered machines Volume=/srv/services/immich/database:/var/lib/postgresql/data # Database persistance Volume=/etc/localtime:/etc/localtime:ro # timezone info Exec=postgres -c shared_preload_libraries=vectors.so -c 'search_path="$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on # also part of official docker-compose.....last time i checked anyways [Service] Restart=always$HOME/.config/containers/systemd/immich-ml.container
[Unit] Description=Immich Machine Learning Requires=immich-redis.service immich-database.service immich-network.service [Container] AutoUpdate=registry EnvironmentFile=${immich-config} #same config as above Image=ghcr.io/immich-app/immich-machine-learning:release Label=registry Pull=newer # auto update on startup Network=immich.network Volume=/srv/services/immich/ml-cache:/cache # machine learning cache Volume=/etc/localtime:/etc/localtime:ro [Service] Restart=always$HOME/.config/containers/systemd/immich.network
[Unit] Description=Immich network [Network] DNS=8.8.8.8 Label=app=immich $HOME/.config/containers/systemd/immich-redis.container [Unit] Description=Immich Redis Requires=immich-network.service [Container] AutoUpdate=registry Image=registry.hub.docker.com/library/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8 # should probably change this to valkey.... Label=registry Pull=newer # auto update on startup Network=immich.network Timezone=Europe/Berlin [Service] Restart=always$HOME/.config/containers/systemd/immich-server.container
[Unit] Description=Immich Server Requires=immich-redis.service immich-database.service immich-network.service immich-ml.service [Container] AutoUpdate=registry EnvironmentFile=${immich-config} #same config as above Image=ghcr.io/immich-app/immich-server:release Label=registry Pull=newer # auto update on startup Network=immich.network PublishPort=127.0.0.1:2283:2283 Volume=/srv/services/immich/upload:/usr/src/app/upload # i think you can put images here to import, though i never used it Volume=/etc/localtime:/etc/localtime:ro # timezone info Volume=/srv/services/immich/library:/imageLibrary # here the images are stored once imported [Service] Restart=always [Install] WantedBy=multi-user.target default.target- systemctl --user daemon-reload
- systemctl --user enable --now immich-server.service
- enable linger so systemd user services run even if the user is logged of
loginctl enable-linger $USER - Setup a reverse proxy like caddy so you can make access to it simple like immich.mini-pc.localnet
Can confirm, works without problems in rootless podman.
Most backdoors are dangerous and dumb.
Why do you need EV certs?
Absolutely bamboozled
Shriveled up in fear