My bank uses 6 digit ‘customer number’ (which is set by the bank) and that’s verified with an app and a personal PIN (app shows ‘login attempt ABCD at mm.dd. hh:mm’ where ABCD is shown on login page too) or via SMS OTP (again with ‘ABCD’ verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can’t just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.

I think that’s pretty reasonable approach.

Back in the day with dial-up internet man pages, readmes and other included documentation was pretty much the only way to learn anything as www was in it’s very early stages. And still ‘man <whatever>’ is way faster than trying to search the same information over the web. Today at the work I needed man page for setfacl (since I still don’t remember every command parameters) and I found out that WSL2 Debian on my office workstation does not have command ‘man’ out of the box and I was more than midly annoyed that I had to search for that.

Of course today it was just a alt+tab to browser, a new tab and a few seconds for results, which most likely consumed enough bandwidth that on dialup it would’ve taken several hours to download, but it was annoying enough that I’ll spend some time at monday to fix this on my laptop.

I mean that the product made in here is not the website and I can well understand that the developer has no interest of spending time for it as it’s not beneficial to the actual project he’s been working with. And I can also understand that he doesn’t want to receive donations from individuals as that would bring in even more work to manage which is time spent off the project. A single sponsor with clearly agreed boundaries is far more simple to manage.

You do realize that man pages don’t live on the internet? The kernel.org one is the offical project website, as far as I know, but the project itself is very much not for the web presense, but for the vastly useful documentation included on your distribution.

https://xkcd.com/2347/

The threat model seems a bit like fearmongering. Sure, if your container gets breached and attacker can (on some occasions) break out of it, it’s a big deal. But how likely that really is? And even if that would happen isn’t the data in the containers far more valuable than the base infrastructure under it on almost all cases?

I’m not arguing against SELinux/AppArmor comparison, SElinux can be more secure, assuming it’s configured properly, but there’s quite a few steps on hardening the system before that. And as others have mentioned, neither of those are really widely adopted and I’d argue that when you design your setup properly from the ground up you really don’t need neither, at least unless the breach happens from some obscure 0-day or other bug.

For the majority of data leaks and other breaches that’s almost never the reason. If your CRM or ecommerce software has a bug (or misconfiguration or a ton of other options) which allows dumping everyones data out of the database, SElinux wouldn’t save you.

Security is hard indeed, but that’s a bit odd corner to look at it from, and it doesn’t have anything to do with Debian or RHEL.

If I had to guess, I’d say that e1000 cards are pretty well supported on every public distribution/kernel they offer without any extra modules, but I don’t have any around to verify it. At least on this ubuntu I don’t find any e1000 related firmware package or anything else, so I’d guess it’s supported out of the box.

For the ifconfig, if you omit ‘-a’ it doesn’t show interfaces that are down, so maybe that’s the obvious you’re missing? It should show up on NetworkManager (or any other graphical tool, as well as nmcli and other cli alternatives), but as you’re going trough the manual route I assume you’re not running any. Mii-tool should pick it up too on command line.

And if it’s not that simple, there seems to be at least something around the internet if you search for ‘NVM cheksum is not valid’ and ‘e1000e’, spesifically related to dell, but I didn’t check that path too deep.

And pico is short from ‘Pine Composer’. Nano was originally called ‘tip’ (This Is not Pico), but that name was already used by another program. And ‘elm’ besides being a tree is a short from ‘Electronic Mail’.

GNU

Which stands for ‘GNU is not Unix’. Also ‘less’ (which is more). Pine is(was) Program for Internet News and Email and the FOSS fork is ‘Alpine’ or ‘Alternatively Licensed Program for Internet News and Email’. And there’s a ton more of wordplays and other more or less fun stuff on how/why things are named like they are.

I’ve read Linus’s book several years ago, and based on that flimsy knowledge on back of my head, I don’t think Linus was really competing with anyone at the time. Hurd was around, but it’s still coming soon™ to widespread use and things with AT&T and BSD were “a bit” complex at the time.

BSD obviously has brought a ton of stuff on the table which Linux greatly benefited from and their stance on FOSS shouldn’t go without appreciation, but assuming my history knowledge isn’t too badly flawed, BSD and Linux weren’t straight competitors, but they started to gain traction (regardless of a lot longer history with BSD) around the same time and they grew stronger together instead of competing with eachother.

A ton of us owes our current corporate lifes to the people who built the stepping stones before us, and Linus is no different. Obviously I personally owe Linus a ton for enabling my current status at the office, but the whole thing wouldn’t been possible without people coming before him. RMS and GNU movement plays a big part of that, but equally big part is played by a ton of other people.

I’m not an expert by any stretch on history of Linux/Unix, but I’m glad that the people preceding my career did what they did. Covering all the bases on the topic would require a ton more than I can spit out on a platform like this, I’m just happy that we have the FOSS movement at all instead of everything being a walled garden today.

That kind of depends on how you define FOSS. The way we think of that today was in very early stages back in the 1991 and the orignal source was distributed as free, both as in speech and as in beer, but commercial use was prohibited, so it doesn’t strictly speaking qualify as FOSS (like we understand it today). About a year later Linux was released under GPL and the rest is history.

Public domain code, academic world with any source code and things like that predate both Linux and GNU by a few decades and even the Free Software Foundation came 5-6 years before Linux, but the Linux itself has been pretty much as free as it is today from the start. GPL, GNU, FSF and all the things Stallman created or was a part of (regardless of his conflicting personality) just created a set of rules on how to play this game, pretty much before any game or rules for it existed.

Minix was a commercial thing from the start, Linux wasn’t, and things just refined on the way. You are of course correct that the first release of Linux wasn’t strictly speaking FOSS, but the whole ‘FOSS’ mentality and rules for it wasn’t really a thing either back then.

There’s of course adacemic debate to have for days on which came first and what rules whoever did obey and what release counts as FOSS or not, but for all intents and purposes, Linux was free software from the start and the competition was not.

$ whatis date

date (1) - print or set the system date and time

Linux, so even benchmarking software is near impossible unless you’re writing software which is able to leverage the specific unique features of Linux which make it more opimized.

True. I have no doubt that you could set up a linux system to calculate pi to 10 million digits (or something similar) more power efficiently than windows-based system, but that would include compiling your own kernel leaving out everything unnecesary for that particular system, shutting down a ton of daemons which is commonly run on a typical desktop and so on and waste a ton more power on testing that you could never save. And that might not even be faster, just less power hungry, but no matter what that would be far far away from any real world scenario and instead be a competition to build a hardware and software to do that very spesific thing with as little power as possible.

Interesting thought indeed, but I highly doubt that difference is anything you could measure and there’s a ton of contributing factors, like what kind of services are running on a given host. So, in order to get a reasonable comparison you should run multiple different software with pretty much identical usage patterns on both operating systems to get any kind of comparable results.

Also, the hardware support plays a big part. A laptop with dual GPUs and a “perfect” support from drivers on Windows would absolutely wipe the floor with Linux which couldn’t switch GPUs at the fly (I don’t know how well that scenario is supported on linux today). Same with multicore-cpu’s and their efficient usage, but I think on that the operating system plays a lot smaller role.

However changes in hardware, like ARM CPUs, would make a huge difference globally, and at least traditionally that’s the part where linux shines on compatibility and why Macs run on batteries for longer. But in the reality, if we could squeeze more of our CPU cycles globally to do stuff more efficiently we’d just throw more stuff on them and still consume more power.

Back when cellphones (and other rechargeable things) became mainstream their chargers were so unefficient that unplugging them actually made sense, but today our USB-bricks consume next to nothing when they’re idle so it doesn’t really matter.

I haven’t paid too much attention on what lenovo is doing lately, but at some point they brought L-series thinkpad-branded laptops on the market which was pretty much garbage. At least in here local stores sold first models of L-series as a ‘thinkpad grade laptops for consumer pricing’ and they were just bad on all fronts, as the L-series was just a competition on a*-brands trying to get their share for sub-300€ (or whatever that was at the time) laptops from your equivalent of walmart riding on the brand which they didn’t build.

Gladly that died out pretty soon and Think* brand is still somewhat strong with their T/W/X models as they used to be when IBM ran the business. Of course they had their own issues too, USB-C docks were garbage with everyone when they started to appear and people at the office still curse on thinkpads for various issues with firmware/hardware/whatever, but in my experience it’s been the same road for all the big players. Dell had a pretty decent sales/support going on at 2010(ish), but their hardware had plenty of problems, HP had pretty good pricing for their hardware a bit later, but they had massive issues with firmware and so on.

I’ve been pretty happy with thinkpads I’ve got since R50 brand new (if I recall correctly) and for me they’ve been available on second hand market in here since that. But that’s just a personal experience, I’ve never been in charge to buy hunderds of anything on IT department at work.

Depends on what you call ‘old’ and what your use case is. My T495 was less than 300€ and it does everything I need from a laptop easily. Bigger drive would be nice, but once the summer is over I rarely need to pull 4K video from sd-cards in temporary storage, so I doubt I’ll bother to upgrade it any time soon.

Lenovo makes consumer crap with their own brand and they have Think -line of products from the big blue and the latter is pretty much comparable to all the other big players (dell, hp, fujitsu…) on desktop/laptop market. Each have their own annoyances and fuckups and in general if you ask opinion from 3 IT professionals on which brand to buy you’ll get 4-6 answers.

Personally if I’m looking for a laptop I’ll go to pre-leased and refurbished thinkpad. I currently have T465 and for wife I got pretty decent Tsomething from the office for peanuts.

I assume you don’t intend to copy the files but use them from a remote host? As security is a concern I suppose we’re talking about traffic over the public network where (if I’m not mistaken) kerberos with NFS doesn’t provide encryption, only authentication. You obviously can tunnel NFS with SSH or VPN and I’m pretty sure you can create a kerberos ticket which stores credentials locally for longer periods of time and/or read them from a file.

SSH/VPN obviously causes some overhead, but they also provide encryption over the public network. If this is something ran in a LAN I wouldn’t worry too much about encrypting the traffic and in my own network I wouldn’t worry about authentication either too much. Maybe separate the NFS server to it’s own VLAN or firewall it heavily.

I don’t think there exists a proper alternative even in the commercial sector.

There is a handful of vendors and they indeed monitor a ton more than just viruses. The solution we’re running at the office monitors pretty much all kinds of logs (dns, dhcp, authentication, network traffic…) and it can lock down clients which are behaving wrongly enough. For example every time I change a hosts file (for a legitimate reason) on my own laptop I get a question from security team if that was intented. And it combines logs/data gathered from different systems to identify potential threats and problematic hosts and that’s why our fleet feeds in data from all kinds of devices.

I haven’t seen that many different solutions which do this, but the few I’ve worked with are a bit hit or miss with linux. The current solution has a funny feature where it breaks dpkg if the server doesn’t have certain things installed (which are not depencies on the packet itself). And they eat up a pretty decent chunk of CPU-cycles and RAM while running. But apparently someone has done the math and decided that it’s worth the additional capacity, it’s outside my pay range so I just install whatever I’m told to.

As we don’t have much to work with (error messages from apt/dpkg or anything), at first, try:

apt clean
apt -f install

and post results.