Yes it should be possible, although somewhat challenging.

If this device acts an an ethernet interface that is behind windows, then you are probably going to want:

• Create a network namespace
• Put an openvpn in that network namespace (and have that be the only route out)
• Put the ethernet interface in that network namespace as well

This is the first solution I can think of, off of the off my head, provided that the external device is actually pretending to be a network interface you are connecting.

In addition to that, you will likely have to create a custom service to recreate this setup on boot. The tools for managing linux firewalls and network namespaces independently of abstraction layers aren't great.

Alternatively, if you are actually running an app that is connecting to that device via USB or the like, you can run that app within a network namespace to force traffic through the VPN. But the steps and solution would be similar.

https://documentation.divio.com/

https://jamesg.blog/book.pdf

Documentation about documentation, hehehe

https://www.macchaffee.com/blog/2024/you-have-built-a-kubernetes/

Api tokens are also a stolen credential. They are getting stolen via things like unsandboxed malicious packages that search for them.

That is TeamPCP's main modus operandi, they have an infostealer that tries to nab whatever credentials it can find, and then uses those to spread more.

dbt fusion

Seems to use the Elastic License: https://github.com/dbt-labs/dbt-fusion/blob/main/LICENSES.md

Which is simply not open source in the first place: https://en.wikipedia.org/wiki/Elasticsearch#Licensing_changes

Elasticsearch and Kibana would be relicensed from Apache License 2.0 to a dual license under the Server Side Public License and the Elastic License, neither of which is recognised as an open-source license.[

(although elasticsearch later changed back to the AGPL. As did Redis, and Mongo which also tried similar moves lmao).

It looks like there are a mere 4 Apache 2 (open source license) programs inside, but the other 40+ programs are behind that ELv2 license, so the program can't really be called open core even (term when some of the program is open source but some features are paid only and not open source).

So no, DBT fusion is not FOSS. DBT Fusion is source available, which is the term used to refer to when you can read the source code but there are legal restrictions on what you can do with it.

Ruffle has been around for a while.

This project: https://github.com/WumboSpasm/flashpoint-nano/

Uses ruffle to play flash games it downloads from Flashpoint Archive. You can search the archive here.

EDIT: I tried to submit this with the "English" langauge but it didn't let me, saying "Language not allowed". :(

it sucks that there seem to be no real non dead movement shooters. I am currently keeping an eye on:

• Quake live: has an active NA pickup games community
• Krunker.io : Mostly dead but many of the more dedicated players are still online, plus they host tournaments. Open source native Linux client.
• Warsow

And there were probably others. But so few.

Moderation, much as the average internet user loves to lambast it, is not an easy task at all.

This is exactly why you should use ~~reddit~~ lemmy as a forum instead of discord. One of the repeated problems I have seen in the emulation on android community, is that there are many entittled children, who harass and troll in these communities. Moderators have to ban them, but the bans are per server. That means that each server has to deal with the same troll who kicks up a fuss, and then ban them. And then they create a new account and repeat. I have seen communities and projects die due to harassment and trolling and it makes me sad.

But on ~~reddit~~ Lemmy, instance bans could be applied to ban problematic users from many communities at once, saving and deduplicating work.

Moderation is a lot of work, but moderating a ~~reddit~~ Lemmy community is ultimately a team sport, rather than an individual one.

some of us really care about ethics outside the scope of just what happens with the source.

And some don't. There are a ton of corporate open source projects that use slack as their main communication channel. You can try to convince them. But here you're just kind of preaching to the choir tbh.

What do you think the “F” in “FOSS” is all about?

Read the article I linked. It discusses problems with the term "FOSS".

Though, you should also take a look at: https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar . Not every project actually wants to receive contributions from the public. Sometimes they only want to just dump the code on the net for people to review or fork.

https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

There is a term to refer to projects like these: Open source. Open source, means to allow for collaborative development. User control of their systems, and/or privacy are not concerns when it comes to open source projects.

I disagree. There are many process failures and areas where security can be improved, independent of trusting a distro maintainer or developers.

For example, 2FA should probably be enforced for the process of publishing packages. It does appear to be enforced for new packages but older packages still have legacy settings. Github now forces 2fa for basically everything, and they applied that even to existing organizations and repos. There is no real reason that NPM (owned by Github) isn't able to do the same.

Or another example, is sandboxed builds. Many of these packages, like NPM and Rust packages, have build time scripts, which are executed unsandboxed at compile/install time of these programs. That is how these NPM worms have been so pervasive. You don't have to actually run the javascript package for it to do bad things, just merely installing it.

On the other hand, the build systems that distro's use, often involve sandboxing the builds to limit the attack surfaces (including limiting network access). Although, Linux distros usually rip out build scripts and build systems in order to replace them with their own, but this also further limits the code you have to audit.

Even better is to sandbox the program itself to further limit harm but that's not done on Linux distros and is somewhat outside the scope of this discussion.

If you are an NPM developer, I recommend Deno, with it's built in, on by default sandboxing... that people like to disable. But it's there and is better than giving random NPM package #245 access to your home directory. You could also use podman or docker but yeah.

Hello, I also run k3s on a single node here.

Yes, it is more complex in some ways. But what I love about kubernetes, is the helm package manager and it's ecosystem, that makes it easier to user packages from other people and organizations.

They can be searched here: https://artifacthub.io/

There are many that you may be interested in, like forgejo.

The big thing I like about helm vs docker-compose, is helm is another layer on docker-compose. If an app receives an update that causes it to need another service/container deployed, that will be reflected in the helm release, which orchestrates containers. But with docker-compose, you would have to manually update the config file format in order to handle such changes.

Because this setup is more resilient, I actually just auto update all my apps to the latest version on kubernetes, and this is one of the big reasons why I use kubernetes instead of docker. Yes, things do occasionally break, but they mostly break in predictable, easy to handle ways like "config option changed" or "database needs migration". Plus backups/snapshots to ensure if there is a bug or something I can simply roll back.