~/dev/
, with project/org subdirectories
~/dev/
, with project/org subdirectories
The real challenge facing a kremlin linux fork isn’t opposition, it’s deciding what to do once they realize there aren’t any maternity wards in the kernel they can shoot ballistic missiles at.
If you’re trying to have password auth be a second layer on top of key auth (requiring a password after connecting with your ssh key), you can add the following to your server’s sshd_conf:
AuthenticationMethods "publickey,password"
/dev/sda is the whole raw disk - you typically don’t want to directly interact with /dev/sda, unless you are partitioning or overwriting it. There are a few layers between that device and the files:
You’ll need to find where that ext4 filesystem is mounted, and run the chown command on that. You can run lsblk
and see a tree of the above hierarchy, with the ext4 filesystem’s mountpount shown in the right-hand column.
Friendly reminder that lemmy votes are public
Sorry, all of the linux stuff is just specific to my own preferences/environment - if you’re more familiar with windows it would be best to just use that for testing. Presumably it will come with windows installed?
If so, put some programs on a normal usb storage device and then install/run them from there.
As for the rest:
When you first turn the laptop on, at the red Lenovo splash screen, press Enter repeatedly to get into the boot menu. Once there, it’ll give you a list of options with associated keys to access them - go to “BIOS Setup - F10” (or something similar, not sure of the specifics on the X1C 6th gen). If it prompts you for a password to enter that, it’s locked.
To test all the ports, plug your usb stick with the apps on it into each of the usb ports and make sure it shows up in explorer; try the same with an sd card if you have one; plug in to a wired ethernet connection and make sure you have internet access through it (disable wifi at the same time to make sure); plug headphones into the jack and make sure they work; plug into an hdmi display if you have one.
To check battery health, run Command Prompt with administrator privileges, then run powercfg /batteryreport
to generate a battery health report
Good luck!
Personally I’d do the following:
nvme smart-log /dev/nvme0
and check the “percentage_used” value: if it’s near 100% it might die and need replacement soonstress -c 7
to load up 7 of the 8 available cpu threads, make sure the fan spins up good and strong, and watch /sys/class/thermal/thermal_zone0/temp to make sure the cpu temperature stays under ~90-95 degreesOn my own time later, I’d run memtest86+ overnight from bootable usb to check the memory, then install tlp and run tlp recalibrate
with the laptop on the charger to recalibrate the batteries
Edit: enjoy the new laptop! I hope it works great for you
Just part of our standard office package, everyone gets a laptop, dock, and external monitors for their workspace.
I can’t speak for all of them, but we’ve had a couple hundred deployed over the last several years with very few issues. Mine’s been solid as a rock.
The usb-c docks, however, are a nightmare, though I gather that’s fairly universal.
I daily a T480 with Debian for work, and I’d recommend it highly. Great performance, battery, build quality, look & feel, etc. We have some 7480s deployed and while they’ve been solid as well, I much prefer the thinkpad. T series will have better performance and battery than X series, also, so I’d take the T480 over the X1C.
Ctrl+r was a life-changer when I first learned it.
There should be a section in the configuration about dhcp, which is how ipv4 addresses are given out on your network. What happens is when a device first connects to the network, it sends out a broadcast with its mac address - the dhcp server (in this case, your router/firewall) hears this, and sends back a reply allocating an address. You should be able to see a list of currently allocated addresses, and hopefully configure reservations to make those allocations permanent. To reserve an ipv4 address for a specific device, you need that device’s mac address.
Each item on that current allocations list should have a hostname, a mac address, and an ipv4 address. If it’s not clear by the hostname which device is the tv, you can look up each mac address and deduce from there (the first part of each address is unique to a specific manufacturer).
Once you have an ipv4 address reserved for the tv, you can set your outbound firewall rule to block it.
Ipv6, as I mentioned, is much more complicated. It might be possible to disable it completely on your router, and that’s likely the only way to block the tv from using it, but then your whole network will lose ipv6 capability across that boundary (probably not a lot of downside to that, though).
Good luck!
If your firewall can set outbound rules, and you can control DHCP on your network so that you can reliably know the TV’s IPv4 address, you can block the TV from reaching beyond the local network there with a “deny all from source address of TV” type rule.
If your router/firewall is handling IPv6 though, it gets a lot more complicated, since the TV could have any number of addresses that change often.
I’d recommend a full battery calibration before running the command one more time, if you haven’t already (charge the battery fully, leave it on the charger at 100% for a while, then fully discharge until it shuts itself off, leave it for a bit, then fully recharge while off). If the calibrated values line up with a full:design ratio of ~80%, especially with a 10-year-old battery with almost 700 cycles on it, my take is that’s pretty great.
That said, I think the best way to get an accurate feel for the health of an old battery is to put it through one full cycle of normal use and time how long it takes to die.
If you’re genuinely worried about this, you shouldn’t be using untrusted machines for remote access.
Apache Guacamole might be a good option. “Clientless” (browser-based), supports various mfa, uses ssh/vnc/rdp on the backend.
However, if the data on that machine is sensitive, or if that machine has access to other sensitive things on your network, I’d suggest caution in allowing remote access from untrusted machines on the wider internet.
Heyr himna smiður - a medieval Icelandic hymn, set to music by Þorkell Sigurbjörnsson
The only legitimate commands for a non-root shell are sudo -i
, exit
, and echo "yee haw"
I actually have my whole home directory like that for that reason haha
bin - executables dev - development, git projects doc - documents etc - symlinks to all the local user configs med - pictures, music, videos mnt - usb/sd mountpoints nfs - nfs mountpoints smb - smb mountpoints src - external source code tmp - desktop