See, my typical execution environment is a Linux vm or laptop, with a wide variety of SSH and AWS keys configured and ready to be stolen (even if they are temporary, it's enough to infiltrate prod, or do some sneaky lateral movement attack). On the other hand, typical application execution environment is an IAM user/role with strictly scoped permissions.
I have used a separate user, but lately I have been using rootless podman containers instead for this reason. But I know too little about container escapes. So I am thinking about a combination.
Would a podman container run by a separate user provide any benefit over the two by themselves?
This. Opening a chat for the first time in the morning consistently takes 5-10 seconds. Opening subsequent ones takes 2-3 seconds. That is, if they contain plain text. If not, UI keps reflowing and jumping while thumbnails and silly gifs are loaded async, so you cannot even reliably click.
Termux is also an excellent solution for downloading videos from YouTube and similar sites, due to the fact that yt-dlp works really well (and using mobile data makes it easier to avoid IP bans, most of the time anyway).
I like doing the same in CI jobs, like in Jenkins I'll add a DRY_RUN parameter, that makes the whole job readonly. A script that does the deployment would then only write what would be done.
I had this charger once! Really cool with the powerbank option. Although, these days, 5V@1A with no PD is probably something to use maybe in emergency, it's too slow for modern devices.
See, my typical execution environment is a Linux vm or laptop, with a wide variety of SSH and AWS keys configured and ready to be stolen (even if they are temporary, it's enough to infiltrate prod, or do some sneaky lateral movement attack). On the other hand, typical application execution environment is an IAM user/role with strictly scoped permissions.
reply