Reading up on RDP as it’s something I do not utilize, I wondered just how encumbered RDP is compared to Spice and VNC. Wonder how third-party server and clients are handling the patent-encumbered protocol.
Do third parties implement an older standard of the RDP protocol that isn’t as encumbered?
Wine client error:0: version mismatch 787/856.
Check for and kill all wine-related processes and then swap Proton versions for the game again.
Seeing prefix breakage messages with a wine version mismatch is often because of remnants of WINE processes that didn’t stop correctly. Steam prevents game launches for games that still have child processes present from previous launches.
Scrolling through their Discord, that particular mod doesn’t work on the latest version of the game as it’s long out of date. You aren’t likely to find another client or server that is hosting it with it actually working. Checking the mod listing page, it just claims untested on latest version.
Unfortunately a lot of the more useful information for the RaftModding ecosystem is all gated behind Discord.
I had written about this in their Discord in a thread:
using this shim script I made, do the following:
WINEDLLOVERRIDES="winhttp.dll=n,b" ./shim %command%(Instructions adapted from both mine and user YumiChi’s)
This method doesnt require custom installations, messing with bottles, nor wine runtimes other than Proton.
If you’re running an email server for more than a handful of persistent users, I’d probably agree. However, there are self-host solutions that do a decent job of being ‘all-in-one’ (MailU, Mailcow, Docker-Mailserver) that can help perform a lot of input filtering.
If your small org just needs automation emails (summaries, password resets), it’s definitely feasible to do actually, as long as you have port 25 available in addition to 465, 587 and you can assign PTR records on reverse DNS. Optionally you should use a common TLD for your domain as it will be less likely to be flagged via SpamAssassin. MXToolbox and Mail-Tester together offer free services to help test the reliability of your email functionality.
I’m currently going through a similar situation at the moment (OPNSense firewall, Traefik reverse proxy). For my solution, I’m going to be trial running the Crowdsec bouncer as a Traefik middleware, but that shouldn’t discourage you from using Fail2Ban.
Fail2Ban: you set policies (or use presets) to tempban IPs that match certain heuristic or basic checks.
Crowdsec Bouncer: does fail2ban checks if allowed. Sends anonymous bad behavior reports to their servers and will also ban/captcha check IPs that are found in the aggregate list of current bad actors. Claims to be able to perform more advanced behavior checks and blacklists locally.
If you can help it, I don’t necessarily recommend having OPNSense apply the firewall rules via API access from your server. It is technically a vulnerability vector unless you can only allow for creating a certain subset of deny rules. The solution you choose probably shouldn’t be allowed to create allow rules on WAN for instance. In most cases, let the reverse proxy perform the traffic filtering if possible.
It doesn’t.
The game was under exclusivity contract for Epic Games, but they were still allowed to sell copies of the game on their own website. Now that the contract is up, the game can be sold on Steam. Granting players who bought the game from the website free Steam keys is a nice touch.
For desktop/workstation users: the simple answer is just use the flatpak from Flathub or from some other source if you need a user package that doesn’t align to the ethos of your chosen distro. In most cases desktop Linux users have gone beyond self-packaging for specific library versions and just use a separate set of common libraries to power application needs beyond the out of box experience of any given distro. It’s part of why immutable distros are starting to take off and make more sense for desktop/workstation use-cases.
For servers, it’s in the nature to become part of the technical debt you are expected to maintain, and isn’t unique among RHEL, OpenSUSE Leap, Debian, Ubuntu, or any other flavor of distro being utilized.
If you’re not on RHEL-likes manually installing piles of out-of-tree software or randomly dumping RPMs into your system blindly hoping that things will “just work”, all is good on most rpm-based distros (RHEL, Fedora, AlmaLinux, OpenSUSE Leap, etc.). Updates don’t have issues and system upgrades (where possible) have had minimal problems within the past few years on all of my systems.
Ocis/OpenCloud can integrate with Collabora, OnlyOffice but don’t currently have things like CalDAV, CardDAV, E2EE, Forms, Kanban boards, or other extensible features installable as plugins in Nextcloud.
If you desire a snappy and responsive cloud storage experience and don’t particularly need those things integrated into your cloud storage service, then Ocis or OpenCloud might be something to look into.
This is the same for Intel variant Framework boards.
Authentik has blueprints, which while not as simple as Authelia’s config, do provide a functional way to have version-controlled configuration.
Ah yes, did mess up looking at the specs table for bitrate modes. Correcting root comment for anyone else who views this thread.
You will need either an Intel discrete GPU or NVidia GPU if you want to use HDMI 2.1 to render at 8k@60. The Intel discrete GPUs have physical hardware that convert to HDMI and Nvidia uses proprietary drivers. If you can use displayport, any GPU (AMD, Intel, Nvidia) supporting displayport 1.4 is suitable for up to 8k@31 (limited to 8bpc). A displayport 2.0-capable card with a cable suitable for UHBR 13.5 should be able to handle 60 hz (8bpc) or a UHBR 20-rated cable capable of 60 hz at 10bpc.
It depends a bit on perspective and use-case, really. A flatpak’d application can be a fully-featured (all dependencies bundled) package in order to be portable. However, most flatpaks you might commonly encounter don’t quite do this. A good portion of the libraries may be distributed in common runtime packages. This will be the case if you use flatpaks from Flathub or Fedora. There still can be bundled libraries with vulnerabilities, but in many cases, there are basic dependencies from external, common library sets.
As far as varying dependency versions, a developer may be on a host with either newer or older dependencies than expected by the user, but as long as the developer’s application (and any unique libraries) are compiled against a common runtime as previously mentioned, it does make distribution to a wide variety of distros (LTS, 6-month, and rolling alike) relatively easy.
In comparison to OCI images (the kind of images that make up Docker, Podman, and a good portion of Kubernetes container images), flatpaks are a bit less extreme. Flatpaks contain much the same kind of files and structure that a standard distro package would, but simply get sandboxed into their own environment (via bubblewrap). Additionally, flatpaks don’t necessarily need system-level access for installation and usage (full userland confinement). It heavily depends on host environment and configuration, but typically OCI containers are a full, minimal, immutable filesystem structure run in a virtual environment. Not quite a virtual machine, as (in Linux anyway) they are run on the host (almost always in a sandbox) without extensive virtualization capabilities being needed. The general difference in security capabilities depends on the differences in sandboxing between a flatpak behind bubblewrap and an OCI container’s runtime sandboxing. There is also the notion with OCI containers being able to run as virtualized users, including root. With OCI containers that can obtain root access and a flaw in the sandboxing of say Docker in its standard rootful mode could allow for root level processes in the sandbox to act upon the host.
From what I can think of in comparison, there is the big problem with Flatpak in that it really isn’t suitable for packaging command-line applications: only GUI applications and libraries. OCI container images are often tailored for running web apps and other persistent CLI applications
KDE has had ICC support implemented for a while now in Wayland. The necessary protocol for ICC support/color management in Wayland recently got merged, so the next release of many popular compositors (plasma 6.3 for KDE) will be protocol-compliant.
A general checklist for flags that software will enshittify:
On their own, not all of these flags are excellent indicators. Some are better than others in a vacuum. If you see a product start to check several of these flags, it might be time to jump ship early (to a fork or other competing project).
How locked down are the Chromebooks?
Remote VM seems overkill if you can just enable “Linux for Chromebook”, which gives a sandboxed terminal at which point you can setup and install software like Blender, PrusaSlicer, etc.
It won’t be the fastest because they are thin clients, but even modern thin clients do decently for ‘light’ work.