The eye develop from brain tissue, so I wouldn’t be so sure …

deleted by creator

Dissociative Amnesia maybe?

I would probably go with Artix because it is arch based and therefore you will get updated packages instead of perpetually outdated Debian packages. Then maybe switch out the kernel for the CachyOS kernel and you should be good.

Licenses don’t matter when corpos don’t care anyways. Especially for training LLMs. They don’t care about copyright. I choose to use tools based on there merits over simply going “it has my favorite license.” Even though I say that, I still prefer AGPL even though I understand that of the corpos want to steal, they’ll steal it.

@Uair@autistics.life

Linux Mint is based on Ubuntu Linux. Make sure you are using a .deb which is meant for Ubuntu (or Debian). Laptop is Desktop, as in they are the same OS.

Either double-click the .deb file and click the install button.

Alternatively you might be able to right-click to get a context menu and click install from there.

Last option, you could install the .deb from the terminal app. Open the terminal, type cd ~/Downloads (if the file is in your Downloads folder), then type sudo dpkg -i ./EXPRESSVPN.deb (replace EXPRESSVPN with the exact file name), press enter and type your password.

All these install options do the same thing.

Don’t worry about CPU architectures. If you dont know what that is, then ypu dont need to worry. If the .deb has x86, x64, or amd64, that is tbe right file. If it doesnt say anything then just choose the normal .deb.

Most include micro iirc

Maybe? But in reality the stat changes are to do with an influx of Chinese players that happens every year around this time. The vast majority of Chinese players use Windows.

Also I had a friend try Linux, and while it isnt all sunshine and rainbows (and he is about the furthest from an IT guy i can think it), he gets a solid 40+ FPS more than Windows 10. I am not forcing him to use, he just defaults to it now because shit is way smoother, and the alternative is using W11 which can legit brick your SSD (not worth it in this economy).

Also, I really don’t understand being attached to software or developing a personality around it. If Linux doesnt serve my needs I’ll simple use FreeBSD (or HardenedBSD). If that doesn’t work, I hope by that point RedoxOS is mature. Etc for any software.

Because of federation they are probably un-deletable. Most likely federated to multiple servers.

Screensharing is the only thing i dont think it does. Voice and video good. See snikket or conversations.im

Also the repo image

Yes, I understand what GVisor does. Cgroups2 are for isolation of system resources, bit arent even the main sandbox feature used for isolation by Docker. I am pretty sure namespaces significantly more important for these containers’ security.

GVisor helps with one of the main risks in a container setup which is the shared kernel by hosts and guests. I understand it comes with a performance penalty (and I didnt know it was incompatible with SELinux), but that does change my original point that GVisor is a security improvement to default Docker. I understand there is more nuance, even when I wrote my original comment I understood (just like any other security feature) it cant be used in every scenario. I was being intentionally general, and in my second comment I was pretty specific about what it protects against: Kernel vulnerabilities and privilege escalation.

I researched cgroups2 more and I still dont understand why you brought it up in the first place. Cgroups2 and gvisor provide very different security benefits. Cgroups help to keep a system available (lessening the risk DoS attacks) by controlling access to some system resources (io, devices, cpu, memory) and grouping processes of a similar type. It seems rather optimized to solve resource control on a container host. I mentioned gvisor because it is mostly just a drop-in replacement container runtime which doesnt need setup to be used.s

Now for a different container runtime which provides significantly more features (than gvisor) with less downsides (if configured correctly for a specific workload), Sydbox provides syd-oci which id an application kernel runtime which uses a permission config file to create a sandbox, isolating using namespaces, seccomp, landlock, and more. It can sandbox in many different categories (often times leveraging multiple features to provide a multilayer sandbox), you can see the categories at the syd manpage. The biggest downside is that you must really understand what your container application needs otherwise it will prevent it from running. It is a “secure by-default” sandbox which can be softened through config.

I dont really understand what you mean in your last sentence.

My reason for saying GVisor is safer is because it is an application kernel which provides traps and emulates most Linux syscalls in the guest with a far smaller set of syscalls to the host kernel, helping to prevent container escapes and privilege escalation. GVisor also fully drops privileges early into start up (before running any significant logic), helping to prevent privilege escalation.

Cgroups is not a really a security feature (from what I understand). It is about controlling process priority, hierarchy, and resources limiting (among other things). You can not use GVisor with LXC.

Here are some, though they def spammed more communities:

!foss@beehaw.org !privacy@lemmy.dbzer0.com !linux@lemmy.world !linux@lemmy.ml

It was posted in like 5 different communities, some not even close to related (for example 3 Linux communities), some posted twice (eg. the Linux previously mentioned communities). They could have just crossposted it using the feature. Either way it is still a lot of spam. It isnt even that important of news because anyone who cares about this (anti or pro LLM) has already made up their mind and would already have formed an opinion on this feature without a random article.

In order of most to least secure

VM > Docker+GVisor > Docker/LXC

Docker+GVisor is good middle ground because it provides the guest container with an application kernel in a memory safe language and reduced syscall attack surface to avoid kernel container escapes. Docker/LXC share the kernel with the host.

One of my gotos is that they may have nothing to hide, but their friends and family (or people who they know who are at risk) might like having privacy. People don’t (unusually) live in isolation and others are affected by their actions/choices.

They disregard the risk from the vendor because you are already using their hardware. The hardware has firmware already included which is proprietary, the hardware itself is proprietary, and hardware effectively runs as root anyways. You should already trust your hardware or you shouldn’t be using it. Linux-libre is a purity test, that is it. It is security theater which actually, definitely, really makes you vulnerable without doing anything meaningful. The only time it makes any sense is if you only use open source hardware.

Windows has plenty of things to complain about. This type of feature is not one of them.

Example: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet

Also, in this article some explanation of why nothing should be in pid1 other than what is truly necessary, and any example pid1 program written in C under the heading “So how should init be done right?”