Right. Then if this would have been a locally hosted scenario, it's like making a post to complain about the service of their electricity company or ISP. Could similarly be reasonably considered on- or offtopic. But I think this sub is more in the spirit of "there is no cloud, just someone elses computer". I'm with mod on this one.

Just a small number of base images (ubuntu:, alpine:, debian:) are routinely synced, and anything else is built in CI from Containerfiles. Those are backed up. So as long as backups are intact can recover from loss of the image store even without internet.

I also have a two-tier container image storage anyway which gives redundancfor the built images but thats more of a side-effect of workarounds.. Anyway, the "source of truth" docker-registry which is pushed to is only exposed internally to the one who needs to do authenticated push, and to the second layer of pull-through caches which the internal servers actually pull from. So backups aside, images that are in active use already at least three copies (push-registry, pull-registry, and whoevers running it). The mirrored public images are a separate chain alltogether.

This has been running for a while so all handwired from component services. A dedicated Forgejo deployment looks like it could serve for a large part of above in one package today. Plus it conveniently syncs external git dependencies.

Everything in there is relevant and applies to flatpaks too. Being aware of the risks is important when using alternative distribution methods. With power, responsibility.

Tricking users into using Snap without realizing it, making them unknowingly vulnerable to exploits like this, would be really really bad and unethical on Canonical’s part.

That is not what is happening at all.

Just so nobody is confused or gets afraid of their install: Getting the Firefox snap installed via Ubuntus apt package does not make users vulnerable to what is talked about here and is just as safe as the apt package version. For Firefox snaps might even be safer since you will probably get security patches earlier than with apt upgrades and get some sandboxing. In both cases you are pulling signed binaries from Canonical servers.

The post is about third-party fake snaps. If you run a snap install command from a random web site or LLM wkthout checking it, or making a typo, then you are at risk. If Ubuntu didnt have snaps, this would be malicious flatpaks. If Ubuntu didnt have flatpaks, it would be malicious PPAs. And so on. Whatever hosted resource gets widely popular and allows users to blindly run and install software from third-parties will be abused for malware, phishing, typosquatting and so on. This is not the fault of the host. You can have access to all the apps out there you may ever want or you can safely install all your apps from one trusted source. But it's an illusion that you can never have both.

People have opinions about if snaps are a good idea or not and thats fine but there shouldnt be FUD. If you are using Canonicals official snaps and are happy with them you dont have to switch.

I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

This is growing pains.

Cool! Keeping up with platform changes is a challenge for projects like this. I think to be successful beyond initial popularity you need an active community that can do this together. It's draining for just one person - especially once you get big enough that they might actively break things just to mess with your integration. Following maintenance of alternative YouTube clients as well as searx-ng is illustrative.

Not to discourage but be prepared. Best of luck!

https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram

Discord </3

Wishful thinking and stretching the definition beyond meaningfulness with regards to your conclusion. Lies, damned lies, and statistics. Don't delude each other.

Still, I've believed for a long time that the tipping point with an increasing trajectory is around 5% so pretty optimistic about recent trends.

Separate your personal and work computer

nods enthusiastically
Important for security of both the employee and the company. Don't mix business and pleasure. It's the only thing that makes sense!

Put Windows and all work related software on a separate work laptop and use remote desktop from your Linux PC to do your job.

What? No! Keep them separate! This is how people get pwned. Don't backdoor your employers machine from your personal PC or vice versa!

Yes, Home Assistant has this.

https://rhasspy.readthedocs.io/en/latest/

Works great. My biggest challenge was finding a decent microphone setup and ended up like many do with old Playstation 3 webcams. That was a while back and I would guess it's easier to find something more appropriate today.

Terrible headline. Should have just been "Rockchip has...".

Am I showing my age if I say that Tomshardware used to be decent?

Unless you took a backup I guess it's not relevant anymore but if it happens again you can narrow down files last changed around some timestamp like so: find /var -mmin +4 -mmin -5