You configure the VPN in the router the roku connects through.

Short answer: yes.

One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that’s been intricately planned by the distro.

If you subvert it you could be writing files as root that www-data now can’t read or write. This kind of error is sometimes obvious and sometimes very subtle.

Especially if you’re new to this different access model, tread carefully.

Great news! If you need it up, many distros are really great at allowing you cm to compare permissions and reset them. The bad news is that maybe you’re not on one of those. But you could be okay.

Hey. Thanks for the update! As someone whose experience was heavily windows apart from some failed Linux attempts, your experience switching now is an excellent comparison.

Glad the story got better in the second act.

Keep the story going. Please update.

Thanks for persevering also.

Still requires docker?

Why should it? Apt is the best RPM manager out there. Conectiva was awesome with it.

simple and just works.

I’ve been updating enterprise linux hosts via cron for 25 years. I used to watch them. Now, given the quasi-rollback options and validation, I use repos I can trust and I review the payload after. It’s less resilient since EL7 (ohai Lennart) but still so very simple. I’ll thunderdome your OS Security chief on that as well.

adding some obscure repositories with commands I don’t even understand.

You may want to learn the commands and review the repos.

this isn’t healthy:

True, but not in a way that SnapPakImage is going to fix.

share the same dependencies with everything else which makes them insecure.

Absolutely unfounded.

# rpm -Vp https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/n/net-tools-2.0-0.64.20160912git.el9.x86_64.rpm

Oh. Glad to know every part of that package is absolutely as delivered, and signatures are clean in a chain from the distro’s published keys down to the checksums on every file deployed.

Yes, this has saved my bacon. Yes, this has absolutely shut some distros out of consideration.

showerhead

Whyis itso hardto puta spacewhere itbelongs?

Once set, you cannot resize them properly

This is untrue.

I’ve resized and moved partitions on a remote host during a reboot – i.e. doing the change in a batch during that boot.

It’s possible, and for most other resizes it’s easy enough and worth it for the benefits. Do you want to do it daily? No. Do you want to half-ass it and not pay attention during? Also no.

whatever the OS suggests.

Ew. Then you get XFS.

not actually seen any benefit of the separation in practice.

The first time some big download hoses your root, you will be enlightened :-D

EFI
83:boot(e4fs)
8e:lvm(e4fs)
bf:zfs

This is just for /dev/sda or so, and implies non-redundant root disks because mirroring is done by the hypervisor. I’ve been 20 years doing virtualization, and I’m really starting to forget the last vestiges of my mdadm fdisk layout.

So many people in this thread have no idea why you’d want separate allocation for /home and /tmp and others. Are we missing proper mentorship?

Fixed

Worked-around, you mean. And that hack seems temporary.

Containerized packaging is toxic. Let them learn on their own time and not take you down with them!

dreamed everyday

every day. Two words, my dude.

go through the compile-flash-boot agonising process just to debug a config file.

Overlayfs was a thing since; what, Kernel 2.2? We had debugging and in-situ mods where required.

“must run as root” App.deb

Yeah. That’s how you install ad-hoc packages where the author didn’t put them properly in a repo with signatures.

But, as Debian has impaired validation anyway - it’s a package format thing - it’s not AS big a deal.

OH YEAH !

Is there a docker-free version due?