People in Germany have very high standards. If a train that comes once an hour is 20 min late it’s considered unreliable. To be fair we can expect better though.

But As someone who has lived in the USA in the past but now lives in Germany, Germany feels so much better transport wise.

Based on perspective everywhere or nowhere.

Compared to Dutch trains nowhere. Compared to the nothingness in the USA everywhere.

You do you. But I challenge you to go and look at gun prices at your local Walmart in the USA. Not every guy you buy has to be an FN-Scar 17 in pricing.

Turn around a look at how much it costs to defend yourself criminally in the USA.

Guns are about $200 at Walmart.

Robust criminal defense is about 30-40 hours.

Also good luck selling a gun you don’t have in your possession. Try going to a gun shop and saying “give me the cash now, I promise to give you the gun when the police give it back to me”

You might legally have that right but practically… good luck.

We do agree that you should be responsible for your actions. But looking at the meme here nothing wrong was done.

I mean they already own the guns. They can’t even sell them to hire a lawyer because they were taken.

If you can’t see the difference between buying one gun every x months and paying a lawyer 4 to 5 figures all in one go that’s on you.

Time is linear and you can’t sell what was taken from you. 🤷‍♀️

I mean you can buy a gun for 200 USD at Walmart. Lawyers cost 200 USD per hour.

Exactly this. The people who designed secure boot and TPMs were not idiots. You can’t trick a properly set up TPM configured with secure boot in any realistic setup.

It won’t refuse to boot. It’s just that any automatic metric based decryption won’t work.

If you are using a TPM to automatically unlock luks and also manually removed the password backup before hand you could lose your data forever. That is true.

But if you kept the password based decryption stuff you could still manually unlock stuff. Just like secure boot was never there.

The difference would be that there could be no secure attestation that the kernel count trust/use without secure boot.

Like secure boot is really cool on Linux if you learn about it. Like sbctl alone is great for verifying backups and stuff.

I recommend reading through the arch wiki if you want to learn more. It covers a lot of stuff. https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

It won’t brick your system forever??? You just turn it off in your bios. Then you have no secure boot. Just like it was never there.

If you don’t care about boot chain attacks it isn’t bad at all.

If you do care about boot chain attacks it’s bad because it allows someone to replace things like the efi binaries, grub, or your kernel with backdoor-ed versions and there would be no way to detect this from the running system.

Secure boot checks for this stuff. You can read more here:

https://access.redhat.com/articles/5254641

You can but then you don’t have secure boot.

Not really. Imagine they replace the ssh binary with a back doored version. Home directory encryption protects your data but not your system.

This bot is pathetic.

But looms at his little puppy dog face. :3

You can if you want to. But I don’t think that is best practice. The idea of quadlets is the bring Linux norms to containers. You contain and manage all permissions for that container in that user.

I personally have completely separated users and selinux mls contexts for each container group (formerly docker compose file) and I manage them thusly. It’s more annoying but it substantially more secure.

This being said I think you can do it as root. I think this might work but I am not certain sudo systemctl --user -M theuser@ status myunit.service

Are you placing your service files in ~/.config/containers/systemd of the home dir of the user you want them to run as?

Here is a link: https://linuxconfig.org/how-to-run-podman-containers-under-systemd-with-quadlet

Not true. I run them rootless on my server as we speak. :)

Spoken like someone with nothing to lose.

I mean it could be Mutex, or Rwlock or anything atomic. It’s just when I have to put stuff into an Arc<> to pass around I know trouble is coming.

You’ll be fine. You will learn the lifetime stuff and all will work out. It’s not that bad to be honest.

I mean yah. That’s what it takes. But like when I try to write code around Arc<_> the performance just tanks in highly concurrent work. Maybe it’s an OOP rust skill issue on my end. Lol.

Avoiding this leads, for me at least, to happiness and fearless, performant, concurrent work.

I’m not a huge fan of go-lang but I think they got it right with the don’t communicate by sharing memory thing.