What kind of drama did I miss?
redcalcium
joined 1 year ago
I wouldn't recommend virtualbox on linux these days. It's slower than kvm, and oracle is known to send hefty bills to companies when their employees install virtualbox's proprietary extension pack on their machine.
Assuming you're on desktop, just grab a cheap amd gpu and do the gpu passthrough setup with kvm and virt-manager. No need to get an expensive gpu if you don't plan to play games on the vm. The cheapest, bargain-bin second hand gpu will do, as long as it's not too old.
I mean, just look at what happened over in ios land. Every time there is a new security issue or denial of service attack on their bluetooth stack, apple has to scramble to fix it because bluetooth is always on in their devices. Android at least has some respite by turning off bluetooth, especially on old devices that no longer receiving security updates.
In that case, perhaps replacing -o sftp_server="/usr/bin/sudo /usr/lib/openssh/sftp-server" with -o sftp_server="/usr/bin/sudo -u <syncthing_user> /usr/lib/openssh/sftp-server" is a good compromise?
They turn a blind eye as long as no one files DMCA notice. They do limit downloads of some popular pirated materials behind login though.
I use sharedrop.io if the other device is connected to the same network. Just need a web browser, no need to install an app.
Also works across the internet by inputting your unique id.
So the workaround is running the SFTP process as root?
Why not run the SFTP server as a docker container as well (e.g. with https://hub.docker.com/r/atmoz/sftp/ )? You can mount the same volume in the SFTP container, and have it listen on some random port. Just make sure to configure the SFTP container to use the same uid:gid as the one used in the syncthing container to avoid file permission issues.
Compromised iot devices sold as residential proxy is pretty hot right now: https://thehackernews.com/2024/03/themoon-botnet-resurfaces-exploiting.html?m=1
Those are targeting Linux routers and iot devices though. However, esp32 had vulnerabilities in the past such as the fatal fury attack, though it requires physical access to execute.
The easiest setup I tried so far is to simply put your docker container's volume on an external path, e.g. /mnt/hdd1/some-directory, instead of putting it in the standard docker location (/var/lib/docker/volume). You'll have full control over ACL on those custom paths.
There can't be that many phones with 6 inch screens these days. What did you get?
Kinda similar situation in linux where steam hasn't been updated to use wayland. It's flickery mess on nvidia hardware and a bit glitchy on intel and amd (like other electron/cef apps running under xwayland). Proton works great though.