That’s for RustDesk Pro not RustDesk OSS.

It’s also difficult for developers to publish to Linux because of the wide variety of different Linux systems.

I disagree there. The issue is that in Windows people bring over their own version of libraries they compiled on (the millions of .dll files) and you can even look in your Uninstall Apps settings where there’s a bunch of MS specific runtime bundles to see that’s even an issue in the MS ecosystem.

In Linux, developers have relied on the library versions just being there. It is, I’d argue, the most compelling reason package managers basically had to come into existence. On the flip-side this can cause issues where there is some version on the system by the package manager that replaces another version. And something not a part of that package management system isn’t a part of those dependency checks and if they don’t put the libraries with the binaries…well it is just luck if you have them all or if other versions can support those library calls in the same way still.

In Linux that is all those .so’s in /var/lib and stuff.

You don’t really see many proprietary things using package managers and those that do are packaged by someone else and are in some sort of repo that isn’t part of the vanilla install because of legal caution.

Companies that made their money on porting games to Linux prior to Proton basically causing them to shutter Linux porting would put their .so’s in with the game bundle themselves, just like you see happening in Windows when .dll’s are inside the actual program’s folders.

However, the more that this sort of dependency management has become abstracted by development suites that take care of this for the developers, the less they understand about it.

Flatpaks actually take care of this and it is one reason they are so popular. They figure out (well that’s a simplification) those library dependencies, sandbox the apps with those dependencies so the library paths don’t interfere with other flatpaks or the base system itself. People complain about this as a con because “the download is BIGGER” even though flatpak doesn’t install the same runtimes over and over again, so once they are there, the download may still be bigger but the installed storage isn’t.

Anyway, yes Linus Torvalds complained about the “Linux fragmentation” issue but it was about DE’s not the state of the development ecosystem itself as I recall, though the rant is very old, so maybe I don’t remember all of it.

Wider application support would be a start.

Sure, but that’s not a Linux problem, that’s a developer problem. Linux supports application development just fine. It is a kernel and the surrounding ecosystem is the operating system after all. It is developers that don’t support it. That isn’t really something Linux in and of itself can effectively solve. Users have to increase and developers supporting applications for Linux will also increase. The classic Linux Chicken and the Egg problem but it is capitalism and that’s just going to be how it has to work.

We also have statements from the IDF that this actually happened. It’s in the linked article. In the first sentence.

I don’t know, I like using Fleet Commander with FreeIPA (where it stores the profile). You just spin up the template VM for whatever like-clients on the network you want to make default profiles for and make the changes, shut it down, checkbox the changes (the configurations and stuff) that you approve and let it apply the profiles across the network. Easier than depending on Puppet or Ansible playbooks IMO.

I have had issues with SSSD as well though and it had to do with Kerberos tickets but I can’t remember what I did to fix it. We’d have to manually use kinit on each machine when it’d basically fall off the realm. I want to say it was a DNS issue but it was so long ago, I just don’t remember.

We used to use Centrify for Linux and Solaris and it was easy using Access Manager to basically handle AD users and computers with Active Directory and had some GPO support (you could push config writes with GPOs for example and organize it all via OUs for example) but it would get a little wonky between trusts in the forest sometimes (in regards to zone management in Centrify) and they kept getting more expensive. Maybe they’ve fixed that stuff now but it was really simple to use and you could basically manage a lot through the AD and create group profiles in the Access Manager. I think the last straw was wanting to force us to license the entire suite regardless of whether we were using it or not. Personally, I never liked it because it wouldn’t use SSSD or kclient/nsswitch and if some service tried to join the realm/domain, it’d join using the same computer accounts and basically break the account since Centrify used its own client, so you’d specifically need to join the computer accounts via Centrify as a different name. It wasn’t detrimental or anything – just annoying that it was a problem at all. Also, sometimes the user cache database saved in specific users’ appdata that use Access Manager would corrupt from time to time and you’d need to manually delete it to use Access Manager. I’d hope they fixed that by now too though.

All and all, I’m not saying Active Directory isn’t an excellent product because it is and I’m not saying that there is a 1:1 solution for Linux but I’m saying it that in my experience it isn’t terrible either with FreeIPA and products you can use with it. I definitely hated other 389 solutions prior to FreeIPA though.

For Linux user management you can just use an LDAP solution like FreeIPA. You can even tailor sudoer rules based on security groups, so like you can allow someone to reboot the server but not actually make configuration changes to system config files and what-not. It’ll also handle CA and PKI with smart card support and of course DNS. It has a web interface as well.

Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

I never said NAT = security. As a matter of fact, I even said

It was not designed for security but coincidentally blah blah

But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

Let me tell you: All. Modern. Routers. include a stateful firewall.

I never even implied the opposite.

To Linux at least, NAT is just a special kind of firewall rule called masquerade.

Right, because masquerade is NAT…specifically Source NAT.

I’m just going to go ahead an unsubscribe from this conversation.

So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

Holy. Fucking. Shit.

Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

Because, as I said:

layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

The NAT doesn’t have to operate at layer 7 to be effective for this because

coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

Added some clarification in my first sentence so it makes a bit of sense.

The word you are looking for is firewall not NAT.

No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.

PlayOnLinux? When was this, 15 years ago?

You set up Fedora desktop distros with a GUI installer.

On the flip side, you don’t have people spending close to a decade in prison awaiting trial, where the prosecution is hoping they are so tired of it, they will offer a crappy plea deal for time served, even if they have no case.

Probably going to Joe Rogan’s “over $200” million deal with Spotify instead.

It really depends on what model you want to run and how much training is bundled with it. You can pretty much run any model if you have enough disk space but of course GPU + VRAM is preferred for a ChatGPT like fast response. Otherwise, running on an older CPU and RAM is going to be noticeably slower, especially with complex models with a lot of training data to trawl through.

There are some pretty lite models out there but the responses will be more barebones and probably seem ‘less informed’.

Give GPT4All a try for your first time. It makes install, configuration and usage point-and-click while being fairly straight forward. For the presented/featured models, it presents a small summary and VRAM recommended, though there are many, many other models available from inside the UI.

If she knew what “banana republic” meant, she’d know how stupid she sounds.

She’s basically a parrot that got voted into Congress.

Not that I’m defending it but the data and the model itself on Recall stays all local and encrypted, according to Microsoft. It also says it won’t use it for ad targeting or will sell the data. Of course, the caveat is that is what they are saying right now and may not be saying in the future. We’ve obviously seen strategies where gradually things move down the spectrum as it continuously normalizes.

With MS we’ve seen the “Start” menu advertise Candy Crush forever and then “recommended apps” and it isn’t a far step to show “sponsored recommended apps” and then just “sponsored content” as things continue to become more normal for everyone, especially if its for the “Home” version or whatever. People will just argue to pay whatever for a Pro license.

Going to full blown ads now though? It’ll piss the consumer off. Do it gradually over a decade? There will be some rumblings, sure, but it probably won’t matter. By then they might be able to give you a “free” cloud VDI (with lots ads from the OS) with less ads and CPU/GPU power based on subscription tiers and you just need to buy a cheap $30 thin client and everyone will just be OK with that.

For those that don’t know, they are going to release something called FreeLlama which might be FOSS (no public info as to what the license actually will be).

Winamp says that they still want to control ‘what features’ go into winamp and it’ll remain proprietary. I assume they really just want people to contribute interesting things to FreeLlama and then put the contribution into Winamp.

The license probably won’t be FOSS because they probably aren’t going to want anyone contributing to own copyright to the code that they are committing.

It is odd because FOSS contributors aren’t really known for being OK with this sort of thing in the past, so I doubt they’re going to get much out of it. Maybe it’s a Hail Mary and they’ll end up blaming people for not freely giving up their devtime and creativity to a company that wants to make money on it.