How much resources are we talking about here? If it's 3% of your CPU usage for 2 seconds, you're really going to have an issue with that?
Whatever solution should be negligible for you, but costly for a botfarm.
Here's a live example, not exactly onerous: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23
(Obviously in Lemmy's case you wouldn't have the additional unecessary checkbox)
Add a requirement that every comment must perform a small CPU-costly proof-of-work. It's a negligible impact for an individual user, but a significant impact for a hosted bot creating a lot of comments.
Even better if you make the PoW performing some bitcoin hashes, because it can then benefit the Lemmy instance owner which can offset server costs.
Very true. The discussion helped me, as I did think it meant not easily editable.
As root of course you can change the system to be any other type of system (layer packages, rebase, whatever), but I did assume it meant not easily modifiable in it's current state.
My comment in the comment chain was:
An attacker escaping from a container can't be system root as Podman runs rootless (without some other exploit or weak password).
We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.
While you are correct, any system is compromised if you have root, so isn't that irrelevant at that point?
Makes sense. An "immutable" distro provides no additional security benefit, however CoreOS does have a reduced attack surface area compared to other distros, which itself is a benefit.
edit: "Immutable" means "all of them are the same", not "unchangeable".
~~You sound confident, but the fact that Fedora is using the term "immutable" makes me wonder if you actually have domain expertise here.~~
~~Immutable means immutable. It would be strange for them to call it that if it actually means "completely irrelevant from a security perspective".~~
~~Unless you provide some evidence to the contrary I'm going to assume you aren't correct.~~
They 100% can.
An attacker escaping from a container can't be system root as Podman runs rootless (without some other exploit or weak password).
The filesystem itself is also read-only.
/dev/nvme0n1p4 on /sysroot type xfs (ro)
/dev/nvme0n1p4 on /usr type xfs (ro)
/dev/nvme0n1p3 on /boot type ext4 (ro)
Who out there is actually saying “children shouldn’t be fed”, for example? Fucking nobody, lol.
I'm not even American and I know that plenty of people are saying this 🙄
Congress ended the free-lunch-for-all program in June
The Republican Study Committee (of which some three-quarters of House Republicans are members) on Wednesday released its desired 2024 budget, in which the party boldly declares its priority to eliminate the Community Eligibility Provision, or CEP, from the School Lunch Program. Why? Because “CEP allows certain schools to provide free school lunches regardless of the individual eligibility of each student.”
Children who had access to food now don't have the same access, thus "children shouldn't be fed".
Fucking nobody, lol.
You're fucking callous.
The tick is gone for me too. Well that sucks, I guess they updated the page.
The column with the ticks is for Plus not for Free, so yes you should definitely complain to support.
It seems like a no-brainer for me. Limits bots and provides a small(?) income stream for the server owner.
This was linked on your page, which is quite cool: https://crypto-loot.org/captcha