so it seems that without any config, the traffic passes from wlan1 to wlan0’s network flawlessly; but traffic from wlan0 network stops at the Android device, even with iptables -P FORWARD ACCEPT, so I’m clueless on what to do next

how could I set up NAT like this ? thanks

ip r

default via 192.168.15.1 dev enp3s0 proto dhcp src 192.168.15.32 metric 100
192.168.15.0/24 dev enp3s0 proto kernel scope link src 192.168.15.32 metric 100
192.168.38.0/24 via 192.168.15.21 dev enp3s0    

It seems that a namespace only has access to process that originates inside itself

systemctl --user list-units 
Failed to connect to bus: No medium found             

as we can see, the same user doesn’t have access to other processes so we would need to duplicate every process above the namespace until we could acess the media

would duplicate of everything - pulsewire, dbus, etc - even work ?

Relevant

you install program A, it needs and installs libpotato then later you install program B that depends on libfries, and libfries depends on libpotato, however since you already have libpotato installed, only program B and libfries are installed The intelligence behind this is called a package manager

In windows when you install something, it usually installs itself as a standalone thing and complains/reaks when dependencies are not met - e.g having to install Visual C++ 2005-202x for games, JRE for java programs etc

instead of making you install everything that you need to run something complex, the package manager does this for you and keep tracks of where files are

and each package manager/distribution has an idea of where some files be stored

You can freely manipulate NTFS in Linux. Just make sure your distribution has, after kernel >=5.15, enabled it, otherwise you may need to install the ntfs-eg driver. Other than that, Ach Wiki has info that may help you on any distro:

https://wiki.archlinux.org/title/NTFS

I have done something similar to what you want to do, just needed the ntfs-3g driver installed and “Disks” (gnome disks) application would mount/read/write the disks as usual

You can configure this behavior for CLI, and by proxy could run GUI programs that require elevation through the CLI:

https://wiki.archlinux.org/title/Sudo#Using_visudo

Defaults passwd_timeout=0(avoids long running process/updates to timeout waiting for sudo password)

Defaults timestamp_type=global (This makes password typing and it’s expiry valid for ALL terminals, so you don’t need to type sudo’s password for everything you open after)

Defaults timestamp_timeout=10(change to any amount of minutes you wish)

The last one may be the difference between having to type the password every 5 minutes versus 1-2 times a day. Make sure you take security implications into account.

Timeshift, make sure to “include hidden files” to recover any configuration for desktop environments

After a few mess ups, you may find yourself not needing to backup everything, only the file(s) that messed up, and that’s still a good thing to have Timeshift for

Arch is having internal discussions to increase it. Might be something upstream may adopt if all major distributions end up increasing it.

Also known as (close) to max signed int32

deleted by creator

Mind sharing whhich situations would a timecard be useful ? Probably something that requires enhanced time precision, I just can’t figure it out

These updates land on testing quickly, however due to the several packages updated at once, they all need to be tested by volunteers, and only when all of them are signed it’s pushed out of testing

How does it differ from arch install + choosing the DE?

My most paranoid config is disabling Ipv4

That’s it. If someone wants to attack me, they will need to adopt IPv6!

It really is

From what I get the higher ups wanted to implement those measures to comply with some certification or whatever

Problem is there are workstations from before this decision that are completely open and will probably never be upgraded; and you get new ones that are completely closed to the point workers would rather use their own hardware

If it’s possible to bypass this locked shitshow and just connect through another machine, then it’s really just a half assed measured don’t you think?

I mean it’s not straightforward doing it and probably the guys who would be the easiest victims and entry points can’t bypass the VPN connection to another machine like I could. But then, those who can do it, can also set up stricter firewall rules and control from their own machines, rather than using windows

I understand that. But among the peers working there are some using windows without any further protection. Why do I need to be the one getting IO-bombed by a software that scans the same files that were gathered from an internal git server anyway, when there are people whose protection is literally “pls don’t tresspass”

I trust my system way better: data at rest is encrypted with LUKS instead of bitlocker’s sucky encription; openvpn conf was upgraded by me because it admins use 128 bits keys for some reason. Etc.

Sophos is so cool! It locks down my work Windows computer so hard, and hook on every file open, that it makes the build time 4 times slower on projects. It keeps the computer so safe that I just don’t use it, I learned about namespaced vpn connections in Linux and just use my main computer with namespaces to work lol

…no ? years ago I couln’t even dream of using bluetooth in linux; few weeks ago I found an old bluetooth dongle and now my usb speakers work just fine - even better than connecting via smartphone because plasma has sbc-xq codec easily selectable. It auto connects everytime I boot the pc, I just had to add btusb.enable_autosuspend=0 to kernel cmdline parameters

make sure you follow these guides, whicever distro you use

if it crashes, try sudo systemctl stop bluetooth.service and sudo systemctl start bluetooth.service

remember, bluetooth is a very cursed embrace-it-all protocol and may randomly crash/refuse to pair/connect unless you reset the devices manually, and this may happen with any hardware/software