cyclohexane

Context

I want to host public-facing applications on a server in my home, without compromising security. I realize containers might be one way to do this, and want to explore that route further.

Requirements

I want to run applications within containers such that they

• Must not be able to interfere with applications running on host
• Must not be able to interfere with other containers or applications inside them
• Must have no access or influence on other devices in the local network, or otherwise compromise the security of the network, but still accessible by devices via ssh.

Note: all of this within reason. I understand that sometimes there may be occasional vulnerabilities, like in kernel for example, that would eventually get fixed. Risks like this within reason I am willing to accept.

What I found so far

• Running containers in rootless mode: in other words, running the container daemon with an unprivileged host user
• Running applications in container under unprivileged users: the container user under which the container is ran should be unprivileged
• Networking: The container's networking must be restricted. I am still not sure how to do this and shall explore it more, but would appreciate any resources.

Alternative solution

I have seen bubblewrap presented as an alternative, but it seems like it is not intended to be used directly in this manner, and information about using it for this is scarce.

Image Alt Text: "After downloading a 2.5GB movie

Me: Presses play Movie unsupported file" A person is shown with eyes on her laptop punching the wall beside her, causing it to crack.

This is a major escalation that could greatly expand the war and drag hezbollah deeper into the war, which was already involved in skirmishes with Israel in Lebanese regions that Israel occupies.

Note: the verbiage of the article is minimizing the focus on Israel, and they spend half the article justifying the attack as "not an attack on Israel" an effort to minimize how much of an escalation this is.

EDIT: I enabled CONFIG_MSDOS_PARTITION and that caused it to work. It had nothing to do with the device itself but the partition type on the sd card.

Thank you do much rattking for the help!

Original post:

Hi all, I am using a custom configured linux kernel (Gentoo), with very few things enabled. It has done me very well so far and taught me a bunch, but there's one small issue I have been having lately that is annoying. My SD-card reader (a USB device) is not working, but it works perfectly fine on my arch linux laptop without any kernel configurations.

Is it possible to tell which drivers or kernel configurations I need by looking at the laptop that is working?

More context about the issue

On the machine where it is not working, after plugging the device in, I see this in lsblk output:

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda           8:0    1  59.5G  0 disk 
nvme0n1     259:0    0 400G  0 disk 
├─nvme0n1p1 259:1    0     1G  0 part /boot
└─nvme0n1p2 259:2    0 400G  0 part /

The device does show sda but no sda/sda1. This is opposite to the laptop, where I do see a sda1 below the sda device, which I can mount using mount /dev/sda1 /mnt/point

What I tried

I tried enabling the following kernel configurations: MMC MMC_BLOCK MMC_SDHCI MMC_SDHCI_PCI MMC_RICOH_MMC MMC_SDHCI_ACPI

Still, this did not change the result.

I tried looking into the logs, but could not find anything interesting. I am using the sysklogd system logger instead of systemd's journalctl

The reader I bought

I bought this a long time ago from amazon: https://algopix.com/products/B08N4N7Q7J-zhoubin-usb-30-sd-card-reader-for-sdxc-sdhc-sd-mmc-rsmmc-micro-sdxc-micro-sd

Yes I know I cheaped out. But it worked for me until I tried it on this one computer, so I wish to make it work.

Final Question

How can I make this work?

there are more options that I thought. Any reason to go with Tridactyl's competitors?

it seems ridiculous that we have to embed an entire browser, meant for internet web browsing, just to create a cross-platform UI with moderate ease.

Why are native or semi-native UI frameworks lagging so far behind? am I wrong in thinking this? are there easier, declarative frameworks for creating semi-native UIs on desktop that don't look like windows 1998?

I am wanting to self host a fediverse instance. I don't hope to make it big. Hoping for 200 users at most, and I won't advertise it heavily so it'll probably be a while before it gets there.

Is it a bad idea to host something like this on local hardware at home? I have a lot of local-only self hosted services, and I wouldn't want those to be compromised.

But my biggest fear is overloading my network. I already don't get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.

What are your thoughts on hosting local? Should I just avoid the headache and host on public instance?

Something small and 2 or 4 GB RAM. Raspberry pi's compute power is good enough for me, I'm not doing anything too intensive.

Is raspberry pi 4 still the best answer?

I am a tinkerer and don't mind tinkering. I typically use Gentoo Linux as main OS. I also don't mind ARM or other architectures. I've been eyeing the RockPro64 as well.

Rasbperry Pi is a popular choice as a SoC / SBC Linux board. But you have to use their custom linux kernel. Are there Linux boards with decent mainline Linux kernel support?

Hi all,

I have a really weird issue. I've been playing "Horizon Zero Dawn" on Bottles with wine-GE. It was working fine. At one point, it stopped working and started crashing after initial loading screen, without any detail in the pop up message. I tried to reset everything but the problem kept occurring.

I reinstalled steam and then the game immediately starts working again, even though it uses Bottles, not steam. Then I remembered that I uninstalled steam shortly before the game stopped working.

Why would this be happening? Anyway to make it work without having steam installed?

I use gentoo Linux with bspwm. I also have Hyprland installed but don't use it for gaming. I have an nvidia 3060 Ti and the nvidia drivers installed. I have bottles installed through flatpak.

Hello all,

I have speakers of decent quality connected to my Linux pc which I use for gaming.

I want to be able to use the same speakers when I watch TV. I currently have a Chromecast with Jellyfin client running. Jellyfin is actually running on the Linux pc I mentioned earlier.

What would be the best way to play the audio from the tv content I'm watching from those speakers?

I was considering if it's possible if pulseaudio could be used in a client server model, and somehow have something like Kodi use it?

I am willing to replace my Chromecast with a raspberry pi or a similar device if it solves this issue.