Atomic images are awesome if your SLSA score is just too high.

Cinnamon here too. It seems small and fast.

emails

Not a noun, my dude.

I use seamonkey, but only for convenience. It grabs all my email and caches it locally for me.

Your comment isn’t popular, but we all know the rule: “the best thing needs to be the easy thing”, since people will often choose what’s easy and fast vs what’s ultimately better. We see this in security all the time (hello-oo NPM).

Check if you’re using cloud-init

Nice. I’m struggling hard to keep cloud-init out of my pve setup.

Absolutely this.

33 years in Linux, 30+ professionally, Unix+Linux security background in a past life at a fucking distro.

When I first install a new distro version, I do something very simple; maybe I configure a simple web page, for instance.

Usually the web server refuses to start, or something equally “so dumb it should have been seen in early testing and doesn’t even get to the challenge I set before it” stupid. If the distro can’t test something so basic, then I know they’re not prepared to consider selinux implications while maintaining or debugging the distro. I don’t need to blaze a trail the distro can’t be arsed to.

Then I mod away the config in my template and hope the distro can pull out their proverbial head in 5 years.

The easiest path needs to be the safest path

seems unfinished

Define ‘good’. Everyone wants something different.

Anything container-free? We like iso27002, here.

setup

set up. “Setup” is a noun that lost its hyphen.

everytime

every time. Otherwise it’s not a word at all.

Ooh, good deal.

Not if I can help it.

It’s funny that we’ve had SLSA4-compliant package managers for 25 years, but we leave juniors un-mentored and this is what they build as they self-teach … over and over and over.

Linux’s license not count as about Linux?

Philosophically, no.

In set theory, also no.

Legally, still no.

Does it contain similar letters? Like Laughter and Slaughter do, yes.

Man. I hope they don’t suck like in win 10/11. They’re kinda crunchy in windows.

Still hosting gitlab.

The CI on forgejo is, unfortunately, nowhere near as good.

Given how long gitlab has been struggling to fix basic bugs and instead creeping into features - hello-oo bloated and slow vscode-like web editor and non-ephemeral runner management - I’m not sure they have any staff left to let go. But it’s nice they found an excuse to shed their remaining talent and avoid complete stock devaluation.

The planning is happening openly, including a voluntary separation window.

“We don’t understand how the Dead Sea Effect works, and we want to super-size the damage.”. Okay, Bill.

Supply chain attacks are what scare me.

As a former OS security pro, this is the right answer. Not because of the exploit itself, but because young (unmentored) coders readily trust some really bad patterns of pulling in random junk from the web and running it. THIS is how the LPE becomes essentially an RCE-level problem.

OEM’s

Or just OEMs, even.

I’m totally okay with them receiving money from bad companies. It’s like vandals ordered to pick up highway trash - yo momma - as punishment.

Receiving Merge Requests from sloppers, though? That’s not cool.

I shudder to imagine what they’d think of a car with a clutch and a left-toe switch for the high-beams.