You configure the VPN in the router the roku connects through.

At birth my fingerprints were the same as his. Mom did that thing where she mixed us up and had to take us back to the GP for ID.

I can still unlock his phone 50-50 with my melon but not as often with the fingers.

Short answer: yes.

One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that’s been intricately planned by the distro.

If you subvert it you could be writing files as root that www-data now can’t read or write. This kind of error is sometimes obvious and sometimes very subtle.

Especially if you’re new to this different access model, tread carefully.

Great news! If you need it up, many distros are really great at allowing you cm to compare permissions and reset them. The bad news is that maybe you’re not on one of those. But you could be okay.

Why should it? Apt is the best RPM manager out there. Conectiva was awesome with it.

simple and just works.

I’ve been updating enterprise linux hosts via cron for 25 years. I used to watch them. Now, given the quasi-rollback options and validation, I use repos I can trust and I review the payload after. It’s less resilient since EL7 (ohai Lennart) but still so very simple. I’ll thunderdome your OS Security chief on that as well.

adding some obscure repositories with commands I don’t even understand.

You may want to learn the commands and review the repos.

this isn’t healthy:

True, but not in a way that SnapPakImage is going to fix.

share the same dependencies with everything else which makes them insecure.

Absolutely unfounded.

# rpm -Vp https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/n/net-tools-2.0-0.64.20160912git.el9.x86_64.rpm

Oh. Glad to know every part of that package is absolutely as delivered, and signatures are clean in a chain from the distro’s published keys down to the checksums on every file deployed.

Yes, this has saved my bacon. Yes, this has absolutely shut some distros out of consideration.

showerhead

Whyis itso hardto puta spacewhere itbelongs?

Fixed

Worked-around, you mean. And that hack seems temporary.

“must run as root” App.deb

Yeah. That’s how you install ad-hoc packages where the author didn’t put them properly in a repo with signatures.

But, as Debian has impaired validation anyway - it’s a package format thing - it’s not AS big a deal.

OH YEAH !

Is there a docker-free version due?

There’s a story. If you search you’ll find it readily.

I certainly hope so! I have too much to do for just one life!

After 15 years? I applaud your gadgetry care and preservation.

The hinge lasts longer than a foldy screen.

Just

Red flag.

serve your website with Caddy

There is no security risk so bad that it can’t be made worse by layering on new tech with its own issues and pitfalls. (Paraphrasing Bruce Jackson)

Also my workplace hosts their own dns

The best way to control the data.

and I think it will be a cold day in hell before they let me do automated updates.

This is of waning value, but don’t jump into half-assed automation early or you end up with problems like route53 hijacking.

If you’re truly unaware of why TLS is necessary or how to automate the process then you should probably retire.

Oof. You’re gonna hit the bottom of the table with your knee like that.

What part of your security training skipped over understanding the customer’s setup before making recommendations?