SomeLemmyUser

Well, i never argued against the clearly powerfull capabilities, those are obviously huge, my point was that as a hobbyist you should consider having the important stuff (finances, official documents, biometrics) in cold storage or on a separate machine as well as stuff like security cameras or doorlocks if you do stuff like this out of it until you fully understand the risks, which are not that easy to grasp for people without experience.

Ofc proxmox and qubes are incredible useful tools of technology, but their high versatility and customizability gives you a lot of tools you need understand and use properly on top of what you are already doing. (More so with proxmox as with qubes, qubes is a little less industry focused IMHO)

Valuable insight, thanks :)

Why is a hypervisor the best we got? Why would better than a dedicated bare metal server? Why would the attack surface if a hypervisor be smaller than the attack surface without one?

Honest question

Thanks for evaluating! The exploit was explained to me that an unpriviliged user/Programm could use it to get root access on the whole system, which I my mind included the hypervisor. Further reading seems to proof you right, while containers were broken VMs were not.

My point still remains, although weaker: If you know exactly what you are doing you can get a system quite secure, if you are a hobby server owner like me, its not that easy. I would have not know that the use of VMs instead of containers has sooo major security implications, that something so fundamental as ssh could be exploited in such large scales, and clustering would have been needed to avoid being unsafe.

Sure, noone would use an zero day on me targeted, the thing is: I am not working in the field, from publishing of the exploit till learned about it and had the time to patch, there were a few weeks. If in those few weeks someone deploys a tool going for mass and not for single targets, I would probably be infected and added to some botnet, cryptominer or whatever.

If I have a bare metal dedicated server, which has only access to IPs contained in my whitelist on a dedicated opnsense, I have less to wory about. Sure, someone could still find a openbsd/opnsense exploit and get me, but my point is: complex systems break in complex ways, the more complex systems you use, the more attack surface u have, need to know and understand to control and mitigate it.

Not that its impossible, but for a hobbyist who tries to self teach with man pages, tutorials and forums, you can get pwnd in unexpected ways (like because you used a container for dodgy Chinese smart home devices and expected that your production environment would be safe even if one of them was malicious, but in fact you were not, because that would have needed to be a VM. AND: before copy fail was published, users would have probably also told you that containers are safe.

I was going to build my system like that, but recently learned that host client isolation is not as strong as people make you believe.

just a few weeks ago we learned that copy fail (security vulnerability) was on major distros for years until it was fixed, it would allow containers and VMS to infect the host system. Xz utils could also lead to a broken host client separation, as proxmox uses ssh for clustering and the like.

So for really important stuff I am going to have a dedicated physical server or put it in cold storage altogether.

That said, I am by no means an expert so feel free to correct me if I got something wrong.

Hate to be that guy, but brave is spyware packaged as browser, it not running is for the best…

Dude there is someone asking for a “lighting fast browser experience” on specs which will not deliver that for most websites most people use.

An honest reply IMHO is to state what will work and what will not.

You set false expectations when basically telling him “yeah no problem”.

I try to differentiate this picture by showing what caviots there are.

The reality is: if you are a tech savy person, only use a subset of websites, to which most of the popular websites (youtube, Netflix, prime, insta, etc.pp.) don’t belong, you can get something to work. Do I use silicon-valley websites or think they are good? No! But someone who asks such questions is probably not someone who only thinks of HTML only websites and the like when wanting a fast browser.

I try to give honest advise and show that a lighting fast browsing experience is not the same as “you can visit some websites with very light loads and need to close the browser, open terminal and yt dlp, download the video and watch it in a lightweight video player”.

Its not about competition it’s about actually helping the person looking for advice.

He didnt explicitly, but watching media is one of the main things people do in browsers no?

When someone asks about a lighting fast browser experience for his specs, and you say “no problem” one would expect one can use websites, including ones that serve videos no?

Saying yeah, fast browser? no problem! But then referring to yt-dlp for videos is a little misleading no?

I’d don’t think you find most videos on peertube at this point of time, and I’m hesitant if it will run fast with those specs, even considering peertube is less bloated than YouTube.

Where to cache to? The HDD? The two gig ram?

So what site do you use with this Setup to watch HD Videos fast, responsive and without Stutter, lag oder tearing? Cant be youtube

Well thats what op asked for.

And it is “lighting fast” when using modern bloated java script websites? I doubt it

To be real, this Maschine with HDD and 2gig RAM isnt going to be lightning fast at all

Thanks

Can someone explain for us people at work who cant watch a video?

You could use yakuake, its a drop down terminal you can activate and hide with a hotkey, I’m quite fond of it.

Yeah, maybe an Option for developers to selfregister their dependencies/forks? Like a community driven gentlemans agreement

Like if the freetube developers gives an honest review on what other work they build on, and the percentage of money that should go to them vs the projects they build on, the yt-dlp (which is hypothetically used in freetube) author can accept the offered split % (in which case the split is done automatically without user interaction) or ask for an alternative split %, in which case the user needs to choose which percentage of their donations goes to whom.

I know handeling user data and accounts is probably out of the scope of this project, but wanted to put this out there anyway

I would love an APP like this, actually thought about needing something like this a few months back.

I would use it, but I see the problems mentioned by others with giving hugely wrong incentives to devs, if the app gains traction (running in background, making slower software, hiding dependencies, etc.)

Also I dont really know if use time really is the best metric (dont know anything better though.)

Also also there would need to be a smart way to detect dependencies, forks and the like, as the frontend is often not the part which is the most work to maintain

Good ol Thunderbird

Yeah well, no problem with steam proton games.

Now get the ones with kernel level anti cheat running (league for example)