Yes, that is true.
Thought, even this remains problematic because cargo does execute build/compile time scripts, unsandboxed, that can be used to do malicious things, similar to the problems with npm.
Rust
Rust is doing pretty poorly right now.
among the 999 most popular crates on crates.io, around 17% contained code that do not match their code repository.
https://kerkour.com/rust-supply-chain-nightmare
Unlike javascript, where at least it is an interpreted language people can audit, you would have to reverse engineer these binaries to figure out what they do.
push whatever you want to an NPM package if you have the author’s login
This is how all language package managers work, unfortunately. The login's security can be improved, via things like 2fa, but it's currently very bad. Having multiple parties use keys to sign packages after reviewing all changes, is a thing unique to distro package managers, and it is why Linux distros are extremely resilient against supply chain attacks.
Yes. Install scripts. But also pypi started enforcing 2fa for package pushes, which helps a lot.
No, authentik is always better. There are no unique integrations to Red Hat systems that Keycloak offers that are more capable than Authentik is capable of.
Now, keycloak has a paid version based on it that might have extra features (but probably doesn't, Red Hat usually doesn't enhance the software itself, just deployment/maintainence). And it is easier to justify expenditure to a corporation you are already buying from like Red Hat or AWS, than it is to buy from a new entity. If you've ever interacted with any of the beuracracies, you'll understand that their are almost always considerations in the purchase of the software beyond the quality itself.
No, you should use traefik. I use traefik, it's currently the easiest to deploy while supporting all the standard features of both ingress and gateway api in one app. Just try to avoid any features that are specific to traefik.
I agree with OP. They're basically asking that you should be allowed to promote open source, freely available solutions to problems people might have.
It's a lot different from an ad since it's ultimately well intentioned. Of course there might be caveats like not actually being open source or doing a rugpull im the future. But, those can be handled.
I'm so tired of people never even having heard of lichess, or linux, or other foss tools because the marketing for windows and chess commis so aggressive. Most people on lemmy may not realize this, since I suspect we have a uniquely high population of adblock users, on a social media platform with no ads. But regular users, even ones who may be using github, sort of live with in that bubble, and only know about xyz tool because they saw an ad or youtube recommended it to them or whatever.
edit: though I do think they were kinda pushy in the issue linked after users told them no in criticized it for being too new. But ultimately, without that issue people wouldn't even know about their project.
I don't really like big streamers, I only watch small streamers that read every message. I like to ask questions of experienced users and help less experienced users.
I watch a bunch and find them by tag.
Like here is the linux tag: https://twitch.tv/directory/all/tags/linux
https://twitch.tv/directory/all/tags/cybersecurity
And then the software and gamedev category (categories are how twitch groups games):
https://twitch.tv/directory/category/software-and-game-development/
I usually watch them to the side while I work on personal projects.
This doesn't need a software solution. One of the reasons why I like link aggregators (which lemmy is) is because posters can de editorialize post titles, removing clickbait.
Instead of "Linus SLAMS psycho for DARING to suggest C++ in the kernel" the title can be replaced with "Linus explains why C++ is not suitable for the Linux kernel" when they post it.
But people don't really do this, and people get mad at people who do this sometimes.
Of course, then people can inject bias in their titles. But I would rather not have clickbait.
https://automatetheboringstuff.com/
This is a python tutorial book, that focuses on practical usecases that anybody may want, even if it is not for their career.
Python is designed to be easy to learn, and many of the things you learn will be able to translate to other programming languages. So I would say yes.
Not a real auggestion I guess but you can watch people doing software/game dev, cybersecurity, or linux stuff on twitch.
It's live and not educational focuses, so it's entertaining, but I have learned a lot from these streams over the years.
I have a VPS which hosts some stuff and I just e2ee all the data. Syncthing sync is e2ee and Joplin sync is e2ee. But lots of services don't support e2ee, or e2ee gets in the way of UX and nice features so we make a tradeoff.
As for LUKS, I guess a good solution is to have a VPS or public device somewhere that shares the encryption key with the server (but only after it gives the correct password) but only to the correct IP address of your server.
The router solution someone mentioned below is similar.
Other fun answers:
This site is: https://youraislopbores.me/
This site is a "fake chatgpt" where you can pretend to be chatgpt or ask questions to people pretending to be chatgpt.
Not linux distro package managers.