No, I think if you’re using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.
https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers
I read through the docs. I’m not sure how this enables trusted computing.
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data
https://en.m.wikipedia.org/wiki/Trusted_Computing
Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).
We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.
Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.
Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.
I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.
There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.
Cal state northridge?
Because forgejo’s ssh isn’t for a normal ssh service, but rather so that users can access git over ssh.
Now technically, a bastion should work, but it’s not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn’t it be configured within the other tools used for exposes services? (Reverse proxy/caddy).
And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn’t do.
So based on what you’ve said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?
Yeah, I don’t even know sharing Unix users is possible. EDIT: It seems to be based on comments below.
But what I do know is possible, is for Unix/Linux to get it’s users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.
Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo
After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server
Or you could have a config file for the openldap server
RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I’ve seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.
I just realized… a previous lemmy post I saw appears to be this sign.
Addictive arcade game about archery. Reminds me of flappy bird, not in the raw mechanics, but in the way they are both addicting in the same manner.
Simple bike racing game, although the player is very fragile, which adds some difficulty. Playable in browser.
All the maps are user created content.
This site has a few high quality browser games. The one I come back to is X Type, a bullet hell shoot-em up that has ever expanding enemy ship sizes, and never ends. It gets hard fast.
I also like Xibalba, which is a Doom/Wolfenstein style game playable in the browser.
The creator also did a rewrite of quake in 13 kb of javascript
A webgl/browser based 3d dungeon crawler with proceduraly generated levels.
A short questionaire game that demonstrates the difficulties of poverty.
Gameboy roguelike that is simple, but very elegant.
Sadly, since romhacking went down, I don’t think it’s possible to find the translation patch for it, unless they uploaded it to the internet archive.
Gameboy puzzle game. Very high quality.
A simple but elegant io game. You are a ball, and you want to knock other balls to the ground.
One thing I like is that rounds in small, 4 person lobbies, rather than the massive worlds of other io games. Although you can’t really make friends, you can know personas, and it’s more personable.
Fork of the older warsow, open source movement shooter. Think quake.
Sadly, it seems to be dead on steam.
A wonderful and life changing experience.
I like to link it without the ending title, like https://store.steampowered.com/app/1944240/ because it’s funnier when people can’t see the game title in the link.
Learn the pleasures of loving another human, and the pain of being a programmer — at the same time!
I cannot find anything related to that in their documentation, their about page, or their whitepaper.
They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.
Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.