> What about /boot - encrypted and tamper proof? Resists evil maid attack?
> Rabbit hole, I know, but so fascinating if you solved it all :)
Encrypting `/boot/` is the wrong thing to do. One can just replace it with something that logs the encryption key instead (and sends it off to somewhere). You actually need to verify that what you expect to be there is actually there and a encryption isn't gonna do that for you.
A reasonably secure boot chain looks roughly as follows: bootloader is checked by the UEFI (read secure-boot), bootloader chain loads a signed UKI which also uses secure boot verification (or just skip the bootloader if you only have a single kernel with no fallback), this then loads a signed dm-verity `/usr/` which brings you to the login screen. Root is just data (e.g. mounted `noexec`) and is encrypted using e.g. PCR 11 so that it only unlocks if the UKI is the one that is expected (with some other backup unlock method).
This is basically #2 of the "Design Goals" of Poetterings "Fitting everything together"[0]. It's a good read if you are looking to designing your own Linux image and are looking for some inspiration. There is ParticleOS[1] which somewhat dogfoods this kind of system, though I don't think it is anything remotely considered for a production system.
If you didn't transfer it from your Mojang account to your Microsoft account in time (before the account was shut down) you just straight up lost access to it.
> Also, no union employees at Blizzard were impact by Microsoft's Xbox layoffs/restructuring.
It might have to do with the unionisation, but I wouldn't be surprised that its just that Blizzard is like one of the like 4 money makers that MS still has in the gaming division and that is why they were spared.
IIRC `podman compose` can invoke either `podman-compose` or `docker-compose` and sets up the environment for the call, so I don't think you need to even really do anything special other than install either of the 2 commands
> I'd be pretty sure that PlayStation also had that in their terms and covered themselves legally for that option.
Hiding behind hidden T&C should just straight up not be allowed. Imagine if you go to a store and any item you wanted to buy you'd have to read 20 pages on a book next to the item before you'd be able to put it in your cart, else the product producer may just at some time in the future barge into your house and destroy the item.
> Systemd does not solve the deployment problem, and will not unless it adds something like a systemd package manager.
It really doesn't need to provide a package manager. Systemd already basically has all the knobs for launching services in their own little world (`RootImage=`, `RootDirectory=` and recently `RootMStack=` (for a de-OCI'd layered container images)) or systemd-portabled. There are probably more things I forgot.
The simple fact that POSIX doesn't define any long options for basically any CLI tools just makes me outright ignore it when writing scripts.
I use long options in scripts so that you can actually understand which options are used. Short options are for interactive shells since those commands nobody is really gonna look at again.
I see it mentioned any time GitHub is shitting the bed (frequent enough) and someone asks for self hostable alternatives or when someone ask for a European GitHub alternative. I think you just might not be paying enough attention.
Well... you see... the self checkout isn't free, you have to pay for the electricity. They rely on the tips, else they can't pay for the power to remain on. /s
AMD CPUs basically all boost up to 90°C as a relatively normal operating temperature as long as the power (and some other factors) allow it to. I assume AMDs and NVs GPUs do to, but I play mostly CPU bound games so I see mine just sitting at ~60°C under load.
I really hate the `curl <url> | sh` specifically because if your connection drops at a specifically unlucky point in time you are left with a partially executed script which if you are unlucky enough may just have been executing `rm -r ~/.cache/<pkg>/download` but it stopped at `rm-r ~/`.
Is it likely? No. Can it happen? Yea.
Just make it `curl -o <file> <url> && sh <file>` and this entire problem is gone.
Do note that being able to completely remove MS keys is highly dependent on your mainboard. Not in the sense of if they allow you to do it (I think most if not all DIY boards allow you to), but if you will be able to boot afterwards.
I (soft?)bricked a mainboard and it doesn't want to boot anymore after I removed the MS keys. The worst part is, that it has a dualBIOS and no active switch to change between them, only their own "I'll change when I see issues"... well you can guess how well that worked out (and I am not able to get it to clear CMOS for some reason).
Both Steam and Battle.net use CEF for their UI as well. And IMO they are on 2 ends of the "nice to use" from the implementation side (Steam being a sluggish hell and B.net being nice). Though then again B.net is only for Blizzard games, so they can also optimise for the limited set games.
It would be a bit more general, for general cooking and be called Cookstral