But the problem is that most self-hosted apps don’t integrate well with these. For example qBittorrent, Jellyfin, Metabase and many other common self-hosted apps.

NixOS makes it very easy to declaratively configure servers. For example the users config to manage UNIX users: https://nixos.org/manual/nixos/stable/options#opt-users.users

Yet another service to maintain. If the server is crashing you can’t log in, so you need backup UNIX users anyways.

I use NixOS.

Yeah, I can’t believe how hard targeting other consoles is for basically no reason. I love this Godot page that accurately showcases the difference:

https://docs.godotengine.org/en/stable/tutorials/platform/consoles.html

Currently, the only console Godot officially supports is Steam Deck (through the official Linux export templates).

The reason other consoles are not officially supported are:

• To develop for consoles, one must be licensed as a company. As an open source project, Godot has no legal structure to provide console ports.
• Console SDKs are secret and covered by non-disclosure agreements. Even if we could get access to them, we could not publish the platform-specific code under an open source license.

Who at these console companies think that making it hard to develop software for them is beneficial? It’s not like the SDK APIs are actually technologically interesting in any way (maybe some early consoles were, the last “interesting” hardware is probably the PS2). Even if the APIs were open source (the signatures, not the implementation) every console has DRM to prevent running unsigned games, so it wouldn’t allow people to distribute games outside of the console marker’s control (other than modded systems).

So to develop for the Steam Deck:

1. Click export.
2. Test a bit.

To develop for Switch (or any other locked-down console):

1. Select a third-party who maintains a Godot port.
2. Negotiate a contract.
   • If this falls through go back to step 1.
3. Integrate your code to their port.
4. Click export.
5. Test a bit.

What it could be (after you register with Nintendo to get access to the SDK download):

1. Download the SDK to whatever location Godot expects it.
2. Click export.
3. Test a bit.

All they need to do is grant an open source license on the API headers. All the rest is done for them and magically they have more games on their platform.

Vista sucked so bad. I got a nice new laptop and it was constant pain. One of the real breaking points was that it would refuse to let me modify or delete some files even as superuser. If I recall correctly they weren’t even system files, maybe a separate partition or something.

I tried installing XP but there was some sort of driver issue with my CD drive. It would start installing fine, but then once it tried to reboot off of the HDD to finish the installation it couldn’t find the installation CD to finish copying things, so the install just crashed half-way done.

I installed Ubuntu on a partition, dual booted for a while. After a few months I realized that I never even used the Windows partition anymore so I wiped it.

Likely what is happening is that the game is probing audio devices and triggering the mic on your headphones to get picked up. This switches them into the “headset” profile which has awful audio quality. I don’t know why the UI isn’t showing that, make sure you are checking while the game is running and the audio sounds bad.

If you want your headphone mic to work there is not much choice. There isn’t a standard bluetooth profile with good audio and mic. If you never want to use your headphone mic you can probably configure some advanced settings in your audio manager (probably PulseAudio or PipeWire).

This is my dream. However I think my target market is smaller and less willing to pay (personal rather than business). However maintenance is low effort and I want the product for myself. So even if it doesn’t make much or anything I think I will be happy to run it forever.

The ultimate dream would be to make enough to be able to employ someone else part time, so that there could be business continuity if I wasn’t able to run it anymore.

There is definitely isolation. In theory (if containers worked perfectly as intended) a container can’t see any processes from the host, sees different filesystems, possibly a different network interface and basically everything else. There are some things that are shared like CPU, Memory and disk space but these can also be limited by the host.

But yes, in practice the Linux kernel is wildly complex and these interfaces don’t work quite as well as intended. You get bugs in permission checks and even memory corruption and code execution vulnerabilities. This results in unintended ways for code to break out of containers.

So in theory the isolation is quite strong, but in practice you shouldn’t rely on it for security critical isolation.

where you have decent trust in the software you’re running.

I generally say that containers and traditional UNIX users are good enough isolation for “mostly trusted” software. Basically I know that they aren’t going to actively try to escalate their privilege but may contain bugs that would cause problems without any isolation.

Of course it always depends on your risk. If you are handing sensitive user data and run lots of different services on the same host you may start to worry about remote code execution vulnerabilities and will be interested in stronger isolation so that a RCE in any one service doesn’t allow escalation to access all data being processed by other services on the host.

IMHO it doesn’t majorly change the equation. Plus in general a single-word comment is not adding much to the discussion. I like Podman and use it over Docker, but in terms of the original question I think my answer would be the same if OP was using Podman.

The Linux kernel is less secure for running untrusted software than a VM because most hypervisors have a far smaller attack surface.

how many serious organization destroying vulnerabilities have there been? It is pretty solid.

The CVEs differ? The reasons that most organizations don’t get destroyed is that they don’t run untrusted software on the same kernels that process their sensitive information.

whatever proprietary software thing you think is best

This is a ridiculous attack. I never suggested anything about proprietary software. Linux’s KVM is pretty great.

I think assuming that you are safe because you aren’t aware of any vulnerabilities is bad security practice.

Minimizing your attack surface is critical. Defense in depth is just one way to minimize your attack surface (but a very effective one). Putting your container inside a VM is excellent defense in depth. Putting your container inside a non-root user barely is because you still have one Linux kernel sized hole in your swiss-cheese defence model.

I never said it was trivial to escape, I just said it wasn’t a strong security boundary. Nothing is black and white. Docker isn’t going to stop a resourceful attacker but you may not need to worry about attackers who are going to spend >$100k on a 0-day vulnerability.

The Linux kernel isn’t easy to exploit as if it was it wouldn’t be used so heavily in security sensitive environments

If any “security sensitive” environment is relying on Linux kernel isolation I don’t think they are taking their sensitivity very seriously. The most security sensitive environments I am aware of doing this are shared hosting providers. Personally I wouldn’t rely on them to host anything particularly sensitive. But everyone’s risk tolerance is different.

use podman with a dedicated user for sandboxing

This is only every so slightly better. Users have existed in the kernel for a very long time so may be harder to find bugs in but at the end of the day the Linux kernel is just too complex to provide strong isolation.

There isn’t any way to break out of a properly configured docker container right now but if there were it would mean that an attacker has root

I would bet $1k that within 5 years we find out that this is false. Obviously all of the publicly known vulnerabilities have been patched. But more are found all of the time. For hobbyist use this is probably fine, but you should acknowledge the risk. There are almost certainly full kernel-privilege code execution vulnerabilities in the current Linux kernel, and it is very likely that at least one of these is privately known.

It is. Privilege escalation vulnerabilities are common. There is basically a 100% chance of unpatched container escapes in the Linux kernel. Some of these are very likely privately known and available for sale. So even if you are fully patched a resourceful attacker will escape the container.

That being said if you are a low-value regular-joe patching regularly, the risk is relatively low.

Docker (and Linux containers in general) are not a strong security boundary.

The reason is simply that the Linux kernel is far too large and complex of an interface to be vulnerability free. There are regular privilege escalation and container escapes found. There are also frequent Docker-specific container escape vulnerabilities.

If you want strong security boundaries you should use a VM, or even better separate hardware. This is why cloud container services run containers from different clients in different VMs, containers are not good enough to isolate untrusted workloads.

if Gossa were to be a virus, would I have been infected?

I would assume yes. This would require the virus to know an unpatched exploit for Linux or Docker, but these frequently appear. There are likely many for sale right now. If you aren’t a high value target and your OS is fully patched then someone probably won’t burn an exploit on you, but it is entirely possible.

I don’t agree. As a single counter example of many YouTube has a huge wealth of information and content.

Maybe that value isn’t worth the ads, that is much harder to say for certain. But it is clear that there is some valuable information on some sites that are supported by ads.

Most credit card issuers don’t issue credit cards to random apps by solo developers.

I would pay a lot of money to see Nintendo’s conniption over having to allow home brew and non-approved software on their game consoles. I would love to release emulators for older Nintendo consoles for the Switch so that they don’t get to keep charging people again to play old games on newer consoles.

1. I can usually pull out my phone faster than taking a card out of my wallet.
2. Phone-based cards typically have significantly higher limits than physical cards. (I can tap hundreds of dollars with my phone, only about $100 on my card.)
3. The phone needs to be unlocked which is safer than the card which just needs to be tapped with no other authentication.
4. One less thing to carry around.