I use "Remote - SSH" to develop on a VM. I try to keep the amount of software I run on my laptop to a minimum to keep it cooler and quieter. I have a VM on my workstation PC at home, which has a much better CPU than my laptop. The VM runs vscode backend, while the laptop runs vscode frontend, slack and a web browser.
vscode remote ssh mode is a much better experience than x forwarding. Like, it's not even close. It is hands down the best remote editing experience I've ever used in any kind of editor or ide, and running anything electron through remote X11 is basically like trying to kill a flea with a tractor.
It's only paranoia if you are not being watched. Watching you is the main business of many companies. Therefore, installing this extension is evidence of having basic understanding of modern advertising, rather than evidence of paranoia, in my opinion.
I am sure that this distinction between a near-OOM condition and an actual OOM condition matters to someone familiar with the current kernel implementation. You seem confident describing what happens when the memory gets closer to full, so I believe you. However, the user experiences the PC freeze during certain conditions, however you choose to name them, and it is during that freeze period the user needs a program to be killed to free some memory and prevent the freeze. I would take one crashed program over power cycling the entire PC any day of the week.
> I am sure that this distinction between a near-OOM condition and an actual OOM condition matters to someone familiar with the current kernel implementation. You seem confident describing what happens when the memory gets closer to full, so I believe you.
I'm not a kernel developer or anything like that, I've just spent some time investigating why this issue happens and has been happening for more than 10 years now.
> the user experiences the PC freeze during certain conditions, however you choose to name them
I'm not trying to defent the Linux kernel, I just described how it works. In particular it's not true that the OOM killer "takes too long" or doesn't work: it's just not invoked at all. If you invoke it manually (enable the magic SysRq with`sysctl kernel.sysrq=1` and press `alt-sysrq-f`) it does its job and solves the OOM instantly.
So, if you don't want to deal lockups and don't like an OOM userspace daemon (I don't), these are the possible solutions.
> I would take one crashed program over power cycling the entire PC any day of the week.
On a laptop or desktop PC, you don't need to power cycle in a near-OOM: use the magic SysRq key.
>On a laptop or desktop PC, you don't need to power cycle in a near-OOM: use the magic SysRq key.
Thanks for the tip! If my Linux were ever to start locking up regularly, I will apply it.
But right now (so I don't have to give up the use to which I currently put my SysRq key) I would prefer some method for determining after I forcefully powered down the computer, then powered up again, whether the lockup or slow-down that motivated the force-power-down was caused by a near-OOM condition.
I don't think so, sorry. The kernel emits a few messages when an OOM is detected, including the tasks killed to free memory, but in a near-OOM probably nothing: the system is technically still working normally, though very slowly.
You don't have to bind to 0.0.0.0:[port]. If you want the server to remain accessible only locally, bind the container to 127.0.0.1:[port]. Docker is not preventing anyone from doing this.
Yeah that's all fine and dandy, but the docker default is to bind to 0.0.0.0, so it really should be taken into account. I honestly would have to go and look up the flags needed to change the bind address, but I know the port ones (as I'm sure do many people who copy/paste docker lines from random repos), so it's still insecure for a common configuration/setup.
I've never quite understood the opposition to just shipping mongodb with authentication on by default. What sort of use-case does it solve by not requiring it, and is it worth all the bad publicity every time this crops up in a new exploit report?
