It is also DRM free on Steam. You can copy the rimworld folder to a PC that’s never had Steam on it and play it as an example.

You can also do that to sort of save a snapshot in time of Rimworld when they are releasing a new version that will likely break mods for a long time/sometimes forever.

I don’t know, I like using Fleet Commander with FreeIPA (where it stores the profile). You just spin up the template VM for whatever like-clients on the network you want to make default profiles for and make the changes, shut it down, checkbox the changes (the configurations and stuff) that you approve and let it apply the profiles across the network. Easier than depending on Puppet or Ansible playbooks IMO.

I have had issues with SSSD as well though and it had to do with Kerberos tickets but I can’t remember what I did to fix it. We’d have to manually use kinit on each machine when it’d basically fall off the realm. I want to say it was a DNS issue but it was so long ago, I just don’t remember.

We used to use Centrify for Linux and Solaris and it was easy using Access Manager to basically handle AD users and computers with Active Directory and had some GPO support (you could push config writes with GPOs for example and organize it all via OUs for example) but it would get a little wonky between trusts in the forest sometimes (in regards to zone management in Centrify) and they kept getting more expensive. Maybe they’ve fixed that stuff now but it was really simple to use and you could basically manage a lot through the AD and create group profiles in the Access Manager. I think the last straw was wanting to force us to license the entire suite regardless of whether we were using it or not. Personally, I never liked it because it wouldn’t use SSSD or kclient/nsswitch and if some service tried to join the realm/domain, it’d join using the same computer accounts and basically break the account since Centrify used its own client, so you’d specifically need to join the computer accounts via Centrify as a different name. It wasn’t detrimental or anything – just annoying that it was a problem at all. Also, sometimes the user cache database saved in specific users’ appdata that use Access Manager would corrupt from time to time and you’d need to manually delete it to use Access Manager. I’d hope they fixed that by now too though.

All and all, I’m not saying Active Directory isn’t an excellent product because it is and I’m not saying that there is a 1:1 solution for Linux but I’m saying it that in my experience it isn’t terrible either with FreeIPA and products you can use with it. I definitely hated other 389 solutions prior to FreeIPA though.

For Linux user management you can just use an LDAP solution like FreeIPA. You can even tailor sudoer rules based on security groups, so like you can allow someone to reboot the server but not actually make configuration changes to system config files and what-not. It’ll also handle CA and PKI with smart card support and of course DNS. It has a web interface as well.

a stack of 18650s

(you probably already know) but this is common in a lot of battery packs. Batteries for power tools are good sources for the 18650s too. I never checked but I saw someone open a Tesla car battery and they look like a bunch of 18650s inside too.

I refurbish my power tool batteries instead of buying new ones because it is so easy.

Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

I never said NAT = security. As a matter of fact, I even said

It was not designed for security but coincidentally blah blah

But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

Let me tell you: All. Modern. Routers. include a stateful firewall.

I never even implied the opposite.

To Linux at least, NAT is just a special kind of firewall rule called masquerade.

Right, because masquerade is NAT…specifically Source NAT.

I’m just going to go ahead an unsubscribe from this conversation.

So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

Holy. Fucking. Shit.

Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

Because, as I said:

layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

The NAT doesn’t have to operate at layer 7 to be effective for this because

coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

Added some clarification in my first sentence so it makes a bit of sense.

The word you are looking for is firewall not NAT.

No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.

Here is the post in question. Same comments and everything but the OP post was removed from the screenshot.

First couple of lines from the post:

TL;DR Sorry if this is wrong group. GIMP = Epic POS. Do not use. Please recommend a decent alternative. Don’t waste your time with GIMP help because I am done.

To be fair it looks like it was posted in r/gimp and we don’t know what the OP actually said in the text. In my experience, usually, when something like this happens, they usually heavily criticize something and call it ‘garbage’ or something similar.

It’d be like going into any passionate community about something and calling it trash, then being ‘shocked’ that there’s a bunch of responses belittling them. This isn’t a FOSS specific problem. Go into r/windows or even r/techsupport and trash it while comparing it to anything else like MacOS, Linux, *BSD, whatever and you’ll get a bunch of toxic responses. This would also be mostly true of any other non-computer hobbyist communities surrounding a specific brand or product.

When I would see someone ranting “I’d switch to Linux but the community is toxic” in somewhere like PCMasterRace, I’d ask “Can you link to the post?” and if they did it was so common that they straight up trashed Linux in whatever distro community that they posted to that I don’t recall a single instance of it simply being “Hey I have this problem. What do I do?” and there being nothing from the OP trashing it in responses or the original post.

I’m not sure if it will become the same as the federated community gains popularity and you have more regular user-type people posting in those niche/passionate/whatever communities more regularly.

Fedora + snapper. If you want Arch’s AUR, then Fedora + snapper + Arch distrobox.