It provides a safety net by pooling the resources of the community to support the less fortunate. This prevents people from having to sacrifice their long term goals because their short term needs may not be otherwise met.

Also in contrast to capitalism that treats society as a zero sum game (“I can’t get ahead unless I take something from someone else”) socialism is a benefit multiplier (“I’m part of the community. By making the life of everyone in the community better I’m also improving my own life”).

They are really good at providing examples for why civilized society needs socialism.

Consistency with their previous default desktop environment, Unity.

Or companies do hire security, but the security team is incompetent and unable/unwilling to adapt to new challenges. Then it devolves into security theater, until either someone new comes who cleans house or a breach happens.

Arch: I need reproducible setups. Also bleeding edge is not for me.

I have to give credit to their documentation though!

What put me off selinux is that the officially documented way of generating a new policy is to run a service unconfined, and then generating the policy from its behaviour. This is backwards on so many levels… In contrast policy-based admission control in kubernetes is a delight to use, and creating new policies is actually doable outside of a lab.

Mine has a precondition option that can both heat the cabin and warm up the battery while still plugged in (a warm battery will give you better range). The heaters keep up, and in fact can warm the cabin faster than on ICE: The latter uses waste heat from the engine, the EV just uses a heating element like a space heater for home would.

Confucius says: man who runs in front of car gets tired; man who runs behind car gets exhausted.

Warm Blooded Hugger.

so what are the reasons why it’s a bad daily driver?

Don’t need to go any further than “default user is root.”

WASD = Path of Vampire Survivors?

The pun is so bad it made me sigh. Top quality dad joke!

It was Arkanoid for me.

Alley Cat, Dukem Nukem 3D, Ultima (4, 5, and 7), Daytona, Day of the Tentacle, Zack McCracken…

Using containers from public registries is no worse than using third party software. In both cases there’s a risk of malicious code. The big difference is that for containers you can scan the image before running it, SBOMs are becoming ubiquitous so dependency vulnerabilities are easier to detect, and runtime protection software is more effective on containers because each container has a deterministic expected behaviour, making it easier to find deviations. I’d much rather manage runtime controls for containers than craft selinux policies.

The bottom line (which the OP article misses) is that while individual container configurations require more effort to set up the additional work to manage them at scale is low, whereas compliance for host based installs is requiring more and more effort. In fact given how popular curl | sh ... is becoming for host based installs I’d argue that they are regressing in terms of safety and reproducibility.

I don’t recall Reddit having unique content - what I do remember however was that it had aggregated content. It filled the role of Slashdot, Fark, and other sites, and it had a comment threading system that was far more usable. The memes came after.

“Don’t you think he looks tired?”

Take a machine with Linux preinstalled. Will it run Linux without problems? Yeah, of course.

Take a machine with Windows preinstalled. Will it run Linux without problems? Check the list.

The CIS benchmarks for Linux are a good start. There are some off the shelf tools that let you run those, notably linux-bench. Another tool in a similar fashion is lynis. You can also use eBPF tools like callander to examine your workload behaviour and help tighten your seccomp policies.

Once you’ve established a baseline for your system, you’ll next want to harden your environment. This means network scans, OWASP, etc. As far as off the shelf tools go, OpenVAS is quite popular even in Enterprise environments.

Finally there’s the continuous security tasks. Continuous package updates, runtime security, log analysis, etc. There are some free tools that cover part of this like Security Onion, but if the price is right a SaaS tool can save you a lot of time.

Many much housen.