• 0 Posts
  • 137 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle





  • Dran@lemmy.worldtoLinux@lemmy.mlWhich distro?
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    2 months ago

    I run ubuntu’s server base headless install with a self-curated minimal set of gui packages on top of that (X11, awesome, pulse, thunar) but there’s no reason you couldn’t install kde with wayland. Building the system yourself gets you really far in the anti-bloatware dept, and the breadth of wiki/google/gpt based around Debian/Ubuntu means you can figure just about any issues out. I do this on a ~$200 eBay random old Dell + a 3050 6gb (slot power only).

    For lighter gaming I’ll use the Ubuntu PC directly, but for anything heavier I have a win11 PC in the basement that has no other task than to pipe steam over sunshine/moonlight

    It is the best of both worlds.






  • I’m actually working on a vector DB RAG system for my own documentation. Even in its rudimentary stages, it’s been very helpful for finding functions in my own code that I don’t remember exactly what project I implemented it in, but have a vague idea what it did.

    E.g

    Have I ever written a bash function that orders non-symver GitHub branches?

    Yes! In your ‘webwork automation’ project, starting on line 234, you wrote a function that sorts Git branches based on WebWork’s versioning conventions.







  • Dran@lemmy.worldtoTechnology@lemmy.worldCrowdStrike Isn't the Real Problem
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    4 months ago

    With enough autism in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.


  • We do this in a lot of areas with fslogix where there is heavy persistent data, it just never felt necessary to do that for endpoints where the persistent data partition is not much more than user settings and caches of convenience. Anything that is important is never stored solely on the endpoints, but it is nice to be able to reboot those servers without affecting downstream endpoints. If we had everything locally dependant on fslogix, I’d have to schedule building-wide outages for patching.


  • Dran@lemmy.worldtoTechnology@lemmy.worldCrowdStrike Isn't the Real Problem
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    2
    ·
    edit-2
    4 months ago

    Separate persistent data and operating system partitions, ensure that every local network has small pxe servers, vpned (wireguard, etc) to a cdn with your base OS deployment images, that validate images based on CA and checksum before delivering, and give every user the ability to pxe boot and redeploy the non-data partition.

    Bitlocker keys for the OS partition are irrelevant because nothing of value is stored on the OS partition, and keys for the data partition can be stored and passed via AD after the redeploy. If someone somehow deploys an image that isn’t ours, it won’t have keys to the data partition because it won’t have a trust relationship with AD.

    (This is actually what I do at work)