Yeah, Prusa Mini and (back then) mk3s with PrusaSlicer

Problem is that we've even seen video evidence of vote stuffing - in districts with no people watching they'd probably did even more of that. So I'd expect them to recount districts where they're sure manupulations was done by vote stuffing and not incorrect counting, and then go "see, everything is correct, all 100% of the people in this district indeed voted, with 90% going to the ruling party"

Here in Europe the 4 months she was at would be somewhere mid to end of the trial period, during which you can be let go without having to provide a reason on relatively short notice. This is also pretty much the only chance you get to easily let go a specific individual - so if there are indications it'll not work out doing just that is a good idea.

But having that done by arbitrary HR drones is just crazy, and obviously you'll be entitled to unemployment benefits or other social benefits after that.

I'm using opensuse tumbleweed a lot - this summer I've found an installation not touched for 2 years. Was about to reinstall when I decided to give updating it a try. I needed to manually force in a few packages related to zypper, and make choices for conflicts in a bit over 20 packages - but much to my surprise the rest went smoothly.

It seems to be available in Factory nowadays. Add the X11:Wayland repo for faster updates. You probably also want to install xdg-desktop-portal-hyprland.

I have my own packages in OBS where I occasionally build the latest git version - initially I've been updating it every few days, nowadays it's mature enough that sometimes I lag behind the released versions.

You mentioned a pull request, and that it got edited - which in my workflow is pulling the commit and amending it.

A well proven clbuttic solution.

The encryption tech in many cloud providers is typically superior to what you run at home to the point I don’t believe it is a common attack vector.

They rely on hardware functionality in Epyc or Xeon CPUs for their stuff - I have the same hardware at home, and don't use that functionality as it has massive problems. What I do have at home is smartcard based key storage for all my private keys - keys can't be extracted from there, and the only outside copy is a passphrase encrypted based64 printout on paper in a sealed envelope in a safe place. Cloud operators will tell you they can also do the equivalent - but they're lying about that.

And the homomorphic encryption thing they're trying to sell is just stupid.

Overall, hardened containers are more secure vs bare metal as the attack vectors are radically diff.

Assuming you put the same single application on bare metal the attack vectors are pretty much the same - but anybody sensible stopped doing that over a decade ago as hardware became just too powerful to justify that. So I assume nowadays anything hosted at home involves some form of container runtime or virtualization (or if not whoever is running it should reconsider their life choices).

My point is that it is simpler imo to button up a virtual env and that includes a virtual network env

Just like the container thing above, pretty much any deployment nowadays (even just simple low powered systems coming close to the old bare metal days) will contain at least some level of virtual networking. Traditionally we were binding everything to either localhost or world, and then going from there - but nowadays even for a simple setup it's way more sensible to have only something like a nginx container with a public IP, and all services isolated in separate containers with various host only network bridges.

Well with bare metal yes, but when your architecture is virtual, configuration rises in importance as the first line of defense

You'll have all the virtualization management functions in a separate, properly secured management VLAN with limited access. So the exposed attack surface (unless you're selling VM containers) is pretty much the same as on bare metal: Somebody would need to exploit application or OS issues, and then in a second stage break out of the virtualization. This has the potential to cause more damage than small applications on bare metal - and if you don't have fail over the impact of rebooting the underlying system after applying patches is more severe.

On the other hand, already for many years - and way before container stuff was mature - hardware was too powerful for just running a single application, so it was common to have lots of unrelated stuff there, which is a maintenance nightmare. Just having that split up into lots of containers probably brings more security enhancements than the risk of having to patch your container runtime.

Encryption is interesting, there really is no practical difference between cloud vs self hosted encryption offerings other than an emotional response.

Most of the encryption features advertised for cloud are marketing bullshit.

"Homomorphic encryption" as a concept just screams "side channel attacks" - and indeed as soon as a team properly looked at it they published a side channel paper.

For pretty much all the technologies advertised from both AMD and intel to solve the various problems of trying to make people trust untrustworthy infrastructure with their private keys sidechannel attacks or other vulnerabilities exist.

As soon as you upload a private key into a cloud system you lost control over it, no matter what their marketing department will tell you. Self hosted you can properly secure your keys in audited hardware storage, preventing key extraction.

Regarding security issues, it will depend on the provider but one wonders if those are real or imagined issues?

Just look at the Microsoft certificate issue I've mentioned - data was compromised because of that, they tried to deny the claim, and it was only possible to show that the problem exists because some US agencies paid extra for receiving error logs. Microsofts solution to keep you calm? "Just pay extra as well so you can also audit our logs to see if we lose another key"

They nowadays also have a paddle boat going to Korkeasaari (the 'Vispilä'). Haven't noticed it for a while as we usually just went via Mustikkamaa - but few weeks ago I offered the kids the option of going by boat instead.

Mine are handling oit perfectly fine - and we have the added difficulty of having German as mother tongue, and wanting to keep the English language content in the kids library low. Finding german language torrents is rather tricky.