It isn’t going to be one or the other (if they don’t offer a 401k, then you can use IRAs), unless you just make a bad choice. An employer can contribute to a 401k and also provide a pension (mine used to but I’ve been around long enough that I get both the pension and 401k with matching) but if I had a choice, I could pick a pension for example but also put money into an IRA for retirement that would normally go to a 401k.

If you absolutely had to pick one, it isn’t going to be the same answer for everyone. Amounts, what you’re able to contribute, matching, risks and tax situations are going to vary from person to person and their employer.

As far as controlling your money, some 401k’s allow some extra control, some don’t but most have a middle ground except for their company stock which you can usually directly buy. If you’re 401k allows general different ‘markets’ and/or ‘lifecycle’ buckets (they get more conservative on investment risk the closer you get to your retirement age) is, at the end of the day, all controlled by a broker and they are making the actual decision as to what to invest and how. Some plans may allow you to invest into individual stocks through the 401k’s brokerage though.

At the end of the day though, if all you had was a pension offered which you aren’t going to be contributing your income to, then you should invest in some sort of retirement plan yourself, be it an IRA, money market, bonds, CDs or whatever.

Step 1: License the technology for very cheap or free to competitors.

Step 2: Include features but its free because ads. Pay small monthly fee for ad-free.

Step 3: Revise CANNBus or replace it with new system. Make it a ‘standard’ so that aftermarket units can provide features but will also serve ads from the original car manufacturer and its DRM. Anyone reverse engineering the system gets sued into the ground for DMCA/Copyright laws because now they are bypassing DRM.

Step 4: Everyone gets ads regardless. Also, you must pay subscription fee to basically use the car. Ads are to “keep costs down” for features and/or car purchasing price.

Step 5: After everyone is mad, give slightly higher cost for subscription for ad-free.

People that complain are told 'It’s just one coffee a month. No big deal."

Step 6: Offer a 5-year (non-transferrable or refundable) plan that you can just roll into the price of the car loan and ‘locks in the price’ and 'You don’t have to worry about it anymore." Maybe toss in lame very small discounts for certain branded charging stations while on the plan. People already sign up for credit cards, give away their personal info. and become loyal customers to gas stations to save single digit percentages off on fuel.

People that buy new every 5 years usually buy the package.

People that try to save money and buy used cars pay the subscriptions.

Step 7: Double monthly price for ad-free tier and market it to “we had to raise prices for those that want a premium experience but kept the ad-based subscription fee cheap. We had to pass the cost somewhere.” This will increase the demand for those 5-year plans.

Overall new car purchase demand increases a bit because of those plans.

Over the course of 15 or 20 years there will be an entire generation of drivers used to ads always being in cars and will just accept subscriptions and ads are just the way it’s always been that way and that it must be that way.

For the EU, it’ll probably be different where the car can perform basic functions without ads but ‘premium features’ for stuff like traction control, auto lane following, etc. will probably still be behind the system I’d imagine.

They can spend as much time as they want with the patient. The insurance simply caps how much is billable.

It does represent freedom.

Kent can fork the kernel if he wants with all the fixes he wants in it and distribute it as he sees fit. This particular instance of the kernel (which happens to be original – the upstream), Linus has to balance allowing some fixes other developers want to include versus a ‘minor’ release of the kernel during this cycle (because it is a minor version release, not a major one). Kent could then also stop other developers from contributing to his fork but then those people could just fork his kernel fork and do what they want.

You as a user are free to use any of them. You’re even free to take Kent’s PRs right now with everything done in the kernel at this point, compile it and run it yourself if you want. You could even market it as something and sell it all if you want for a profit if you can get the customers. You’re free to do all of that. You can do it right now if you want.

I used to do this on one of my sites that was moderately popular in the 00’s. I had a link hidden via javascript, so a user couldn’t click it (unless they disabled javascript and clicked it), though it was hidden pretty well for that too.

IP hits would be put into a log and my script would add a /24 of that subnet into my firewall. I allowed specific IP ranges for some search engines.

Anyway, it caught a lot of bots. I really just wanted to stop automated attacks and spambots on the web front.

I also had a honeypot port that basically did the same thing. If you sent packets to it, your /24 was added to the firewall for a week or so. I think I just used netcat to add to yet another log and wrote a script to add those /24’s to iptables.

I did it because I had so much bad noise on my logs and spambots, it was pretty crazy.

Lynx is still actively maintained. I use it from time to time when I don’t feel like leaving the command line to look something up or whatever. It works really well still. So long as all you care about is text.

If you like to use reader mode you’ll probably like Lynx.

deleted by creator

Similar thing happened to the idiot CEO of Lifelock that used to advertise his actual social security number everywhere.

Needing to use command line for some things that should be a right click, not supporting right click, ambiguities galore when looking at a package repository, odd defaults in packages that one really wouldn’t expect to have to check (e.g. Selecting RDP connection in a Remote app, but it defaults the security to something other than RDP?)

Sounds like you’re using a GNOME Desktop. You should give KDE Plasma a try instead. KDE Plasma basically gives you a Windows-esq experience without trying to install something like GNOME extensions.

For a regular user there’s not much point into going into the command-line anymore.

there’s problems like Libre Office devs …

Sure but there’s also alternatives. LibreOffice doesn’t try to emulate Microsoft Office and they never really have. They won’t even try to be compatible with MS Office but rather they do with OOXML which Microsoft created for other Office suites to be compatible with it but then just never supported it very well. Some alternatives do however. WPS Office is perhaps the most popular alternative for this that does try to be compatible with MS Office and emulate its feel and features but ONLYOFFICE is also a contender.

Just a heads up, if you use an AMD GPU, the drivers are built into the Linux kernel itself by AMD engineers (and others helping/supporting/contributing to the kernel like themselves). So you don’t even have drivers to install, unless you’re one of the 10 people that want to use AMD GPUs for Machine Learning. Then you’d do a quick install of AMD PRO (those are proprietary so that’s why they aren’t built into the kernel).

To be fair, I find that people with a Computer Science degree are pretty much just like most other users except that they need more privileged access somewhere because they are usually software developers or somewhere in that orbit. A Computer Science degree does not prepare someone to be a sysadmin. That doesn’t mean they can’t be an excellent one but it certainly isn’t because of their degree path.

I don’t know, I like using Fleet Commander with FreeIPA (where it stores the profile). You just spin up the template VM for whatever like-clients on the network you want to make default profiles for and make the changes, shut it down, checkbox the changes (the configurations and stuff) that you approve and let it apply the profiles across the network. Easier than depending on Puppet or Ansible playbooks IMO.

I have had issues with SSSD as well though and it had to do with Kerberos tickets but I can’t remember what I did to fix it. We’d have to manually use kinit on each machine when it’d basically fall off the realm. I want to say it was a DNS issue but it was so long ago, I just don’t remember.

We used to use Centrify for Linux and Solaris and it was easy using Access Manager to basically handle AD users and computers with Active Directory and had some GPO support (you could push config writes with GPOs for example and organize it all via OUs for example) but it would get a little wonky between trusts in the forest sometimes (in regards to zone management in Centrify) and they kept getting more expensive. Maybe they’ve fixed that stuff now but it was really simple to use and you could basically manage a lot through the AD and create group profiles in the Access Manager. I think the last straw was wanting to force us to license the entire suite regardless of whether we were using it or not. Personally, I never liked it because it wouldn’t use SSSD or kclient/nsswitch and if some service tried to join the realm/domain, it’d join using the same computer accounts and basically break the account since Centrify used its own client, so you’d specifically need to join the computer accounts via Centrify as a different name. It wasn’t detrimental or anything – just annoying that it was a problem at all. Also, sometimes the user cache database saved in specific users’ appdata that use Access Manager would corrupt from time to time and you’d need to manually delete it to use Access Manager. I’d hope they fixed that by now too though.

All and all, I’m not saying Active Directory isn’t an excellent product because it is and I’m not saying that there is a 1:1 solution for Linux but I’m saying it that in my experience it isn’t terrible either with FreeIPA and products you can use with it. I definitely hated other 389 solutions prior to FreeIPA though.

For Linux user management you can just use an LDAP solution like FreeIPA. You can even tailor sudoer rules based on security groups, so like you can allow someone to reboot the server but not actually make configuration changes to system config files and what-not. It’ll also handle CA and PKI with smart card support and of course DNS. It has a web interface as well.

Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

I never said NAT = security. As a matter of fact, I even said

It was not designed for security but coincidentally blah blah

But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

Let me tell you: All. Modern. Routers. include a stateful firewall.

I never even implied the opposite.

To Linux at least, NAT is just a special kind of firewall rule called masquerade.

Right, because masquerade is NAT…specifically Source NAT.

I’m just going to go ahead an unsubscribe from this conversation.

So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

Holy. Fucking. Shit.

Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

Because, as I said:

layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

The NAT doesn’t have to operate at layer 7 to be effective for this because

coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

Added some clarification in my first sentence so it makes a bit of sense.

The word you are looking for is firewall not NAT.

No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.