It'd be far more acceptable to block the CG-NAT IPv4 addresses if you knew that the other non-compromised hosts could utilize their own IPv6 addresses to connect to your service.
Have you seen headscale? It's a bit of work if you don't have a selfhosting setup but it enables you to use the service without being at the whim of Tailscale.
Ironically the reason headscale exists is at the whim of tailscale. Because tailscale allows headscale to use their client. If they revoked that ability, which they reserve the right to and could do at any time, headscale would be non viable as software for most use cases
And lots of people write on the web using English as a second language, which both reduces the presence of their native language and increases the presence of English.
What? Why is your NVIDIA modules even in the boot partition? My largest /boot is on Fedora and that's 454MiB, 87MiB on Arch and 30MiB on NixOS.
EDIT: "With grub, the situation varies; if the device has a graphics card, it usually means that driver modules need to be placed in the boot as well.", "usually" carries a lot of weight here, none of the systems I had had this kind of a requirement.
The kernel should be able to use the framebuffer from the UEFI, which the GPU would of already setup, then let the desktop modeset to the target resolution if needed (using the driver).
This is what Windows has been doing without issues for over 10 years. We don't need larger /boot partitions, we need a better boot process that doesn't need infinitely growing space.
On the systems where I have seen this happening, it is normally extremely annoying, because it may select a minuscule bitmap font on a high-resolution display. The user may need to type almost blindly the terminal command for changing the font to the biggest bitmap font provided with the Linux kernel, which for a long time had been sun12x22, but nowadays there is also a more decent ter16x32.
It is better when the kernel stays in VGA mode until X is started.
Yeah, with a 500 MB partition I cannot have both the normal and LTS kernel thanks to that, and resizing it sound like a good way to break stuff, so I'll pass for now
Copyleft licenses are restrictive as obligations are restrictions. "You must provide a source code to your users" is equivalent to "You cannot use this software if your source code is not available to your users".
Freedom is a finite resource in which copyleft licenses take from the developer to give to users. (which ends up at the same point as the article but I prefer wording it this way.)
> Freedom is a finite resource in which copyleft licenses take from the developer to give to users
I think this GNU essay has the right take: if it enables your own self-determination, that's freedom, but if it enables you to impose on others, that's power, and it makes sense to make the distinction.
TrustZone allows you to boot an OS that keeps separate memory from the main OS. It is used to do cryptography and other secure computation while keeping its secure parts hidden from the OS. There are open source OSes that run in TrustZone - eg. Trusty, Optee.
ME is firmware that you don't have any control over (it comes from the CPU marker, packaged with the BIOS) and is used to manage the machine for remote access(not specifically nefarious).
They are quite different in their purpose and more importantly implementation.
ME is a bit more than that. To enable remote access functionality, the ME has:
* Access to all memory of the host device.
* Ability to make and receive network requests, transparent (invisible) to the host device.
* Access to all other communications, buses, and devices of the host device.
* Can execute CPU commands at the highest privilege level.
* Accepts updates that are signed by Intel's signing key.
This means that it's quite possible for a web page to deliver a series of "magic bytes" that a backdoored ME listens to, and then immediately executes instructions.
Various controls, like the UK and Australia, have laws in force that can compel companies like Intel to sign using its signing key.
Before you think this doesn't affect someone in the US, it is widely known that five-eyes uses each other's capabilities and privileges and acts collectively.
