I really don’t like jail managers because I need to learn a non-standard way to operate jails when I already know the manual approach. I just wouldn’t miss the boilerplate. Also, OCI containers > jail managers.
I have to imagine systemd’s nspawn with btrfs integration took much inspiration. Combined with systemd’s service configuration it really makes a wonderful way of running distroless, immutable containers.
For those unfamiliar with FreeBSD, this is using base OS tools to manually create this type of immutable jail/container. This can be done with 'less effort' by using a jail manager.
Jail managers come and go. Base OS tools stay and are getting better and better. I would definitely stay away from ezjail as it us quite old, active development or even maintenance has stopped long time ago.
Author of the article seem to know what they are doing so I'm puzzled why they don't use `bsdinstall jail /path/to/jail` to implement basejail instead of manually unpacking archives.
No need for separate custom rc script to start `lo1`, it can be done with `cloned_interfaces` directive in rc.conf.
Updating and upgrading jails by passing `-b /path/to/jail` to `freebsd-update` works, but new recommended way has lately been `-j <jailname>`.
Cool article overall, the beauty of FreeBSD is also in possibility to do things in many different ways.
Nuts. Is this still true? I just setup a Win11 Pro machine for a very non-technical person. Uninstalled OneDrive, hoping to minimize future pain when 90% of the needs are just a web browser and storing camera pictures.
I have absolutely seen them reinstall components like that, force their AV back on, force Windows Update back on, etc. It's probably actually good imo for the users I've seen, but admittedly "computer says no" is infuriating if you're sure of what you want.
Try using Group Policy to disable it. I think Applocker is on Win 11 Pro now - if it is, you can block the execution of whatever programs and DLLs you want. I've used that to block Windows Update.
Yeah for myself Pro licensing and domain is the way to go so I can configure Windows similar to my work network at home. But for people who have Home licenses I just set the registry keys. Windows Home doesn't have a UI to set policy, but it does obey it if the keys are there.
(This is a must-have to turn off web browser antifeatures as well, you can't block extension install from the browser settings for any browser but you can by policy.)
People that don't like Charlie don't need to have sympathy for him, but not having sympathy and being douche bags in mass is something totally different.
"I can't stand the word empathy, actually," he continued. "I think empathy is a made-up, new age term that — it does a lot of damage. But, it is very effective when it comes to politics. Sympathy, I prefer more than empathy. That's a separate topic for a different time."
Uhh, last night mastadon and bluesky were full of cheering after his death. You did not look very hard, the rest of the internet is taking screenshots and naming people doing it, you can easily find this with minor effort.
That's not coverage, that's random people on the internet, often hiding behind anonymity. How much of society actually gets their information by seeing what randos on mastadon and bluesky are saying?
