I'm never quite sure how to feel about this. On one hand, if the person just wants to make some money and they're doing the job, why bother them. On the other hand though, I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren't actually seeing any money or benefit for themselves. I just hate that the citizens of North Korea have to suffer and be punished because of their asswipe of a leader.
gerowen
joined 2 weeks ago
Systemd has all sorts of options. If a service has certain sandbox settings applied such as private /tmp, private /proc, restricting access to certain folders or devices, restricting available system calls or whatever, then systemd creates a chroot in /proc/PID for that process with all your settings applied and the process runs inside that chroot.
I've found it a little easier than managing a full blown container or VM, at least for the things I host for myself.
If a piece of software provides its own service file that isn't as restricted as you'd like, you can use systemctl edit to add additional options of your choosing to a "drop-in" file that gets loaded and applied at runtime so you don't have to worry about a package update overwriting any changes you make.
And you can even get ideas for settings to apply to a service to increase security with:
systemd-analyze security SERVICENAME
I just host everything on bare metal and use systemd to lock down/containerize things as necessary, even adding my own custom drop-ins for software that ships its own systemd service file. SystemD is way more powerful than people often realize.
I've had very occasional issues with it not uploading new photos in a timely manner in the past. I haven't had any issues in a long time, but I have gotten into the habit of explicitly opening the app, clicking "Uploads" and hitting refresh and making sure everything has been uploaded.
I'm not really sure what causes it, though if I had to guess Android is putting the app to sleep in the background so it may have something to do with power saving settings. I've switched to the F-Droid version of the app and manually disabled the appropriate power settings as a just-in-case, though that may have nothing to do with anything.
I literally have clothes hanging on a line across the living room because our just out of warranty $1,000+ Samsung "smart dryer" died again a month after I replaced every sensor and the heating element, and I just don't feel like taking it apart again to "maybe" find the problem.
Before this we just had a plain white box from Maytag; easy to work on, cheap replacement parts. It was probably 30 years old when the motor seized and my wife asked for newer, fancier machines. Big mistake.
Disarming all the people who "didn't" shoot up a beach won't bring those victims back, and it won't stop motivated extremists from doing it again. The kind of folks who commit atrocities like this just won't bother participating in the buyback.
I'm curious what kind of indicators might have been present that police or others in the community might have missed; violent rhetoric on social media, a sudden interest in guns by somebody who previously wasn't into them, etc.