Ubuntu 7.10 so late 2007, but I guess the nerd part came when I installed Arch in 2011. Still running that very same install.

My own personal example: https://www.reddit.com/r/linux4noobs/s/8FM1ZvXi68

It just doesn’t look great nor serious nor welcoming.

The guy gives a ton of “I don’t care about anyone’s use cases except mines” vibes too. Also called Gnome and KDE teletubbies DEs when I mentioned xcomposite being an important feature. Basically considering the widely known issues around multimonitor vsync and mismatched resolutions and all as basically not real issues with Xorg.

XLibre is 100% a political fork because the guy claims Xorg is deprecated by a big tech conspiracy pushing inferior software onto users. There’s nothing wrong with wanting to continue Xorg’s legacy but come on we don’t have to pretend Xorg is this perfect thing that always works. Xorg has been hated for decades for a reason. This xkcd exists for a reason: https://xkcd.com/963/

That kind of makes sense? Aren’t the labs when they’re A/B testing or benchmarking new features before general release and toggle random people’s settings doing so? I vaguely recall some drama around that.

If I turn off telemetry I want those off too, it makes sense they’re linked. It you want a new feature there’s always nightly+about:config, but I don’t want it downloading random config toggles especially if it’s not reporting back that it broke my stuff. The code should be what I installed, not some random lab blob downloaded off their servers at runtime.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

I think that’s what Friendica is supposed to be, decentralized Facebook.

The performance is a good point. You can do the striped mirror with ZFS too and still get the advantages of ZFS.

I think you can do all of that through the Proxmox UI, but it shouldn’t be too hard to do on the CLI either. You just make two mirror sets and you’re good to go. ZFS should automatically distribute the load across the two mirrors.

I’d probably do RAID-Z with ZFS rather than RAID10, better space utilization and better error correction. Should be able to easily set that up in the Proxmox web UI.

Everything else sounds good. Don’t worry too much about it, you will find things you wish you did differently regardless, that’s part of the learning experience.

want someone to prove his LLM can be as insightful and accurate as paid one.

The full DeepSeek model is available for download, and should generate about the same quality answers as the official one, with the bonus of less censorship. I pretty trivially got it to talk about the Tiananmen Square, and they can’t even ban me for it.

That said, that’s rarely the point. It’s usually because you can, a cost saving measure, sometimes you plainly just don’t need a good model, sometimes you want privacy, sometimes you need privacy at the cost of quality.

If your business is shoving customer reviews into a model, you really don’t need the best model for it to tell you how angry the customer is.

Personally I just do it for fun and because I can. Sometimes you just do things for no other reason than because you can.

They’ll stick to Valkey for the license alone. The AGPL is a good license, but the 3 clause BSD license is even more permissive which companies leeching off open-source like a lot more than the GPL licenses.

Not an explanation or proper fix, but running the games through Gamescope might fix it by side effect. In gamescope the game would never lose focus and so shouldn’t have problems resuming afterwards.

Yeah that’s a pretty good point. As a technical user that seems solid but for the average user that makes sense.

Isn’t owning the domain proof enough already?

Nobody else could possibly use max-p.me as their handle, and proving control of the domain is plenty for security sensitive things like LetsEncrypt.

Anyone you’d care to mark verified already brought their own domain.

Server side rendering has become popular again with frameworks like Svelte and Next.js. For a while basic React was popular and entirely on the client side, and thus dependent on JS to work at all.

You can’t really easily locate where the last version of the file is located on an append-only media without writing the index in a footer somewhere, and even then if you’re trying to pull an older version you’d still need to traverse the whole media.

That said, you use ZFS, so you can literally just zfs send it. ZFS will already know everything that needs to be known, so it’ll be a perfect incremental. But you’d definitely need to restore the entire dataset to pull anything out of it, reapply every incremental one by one, and if just one is unreadable the whole pool is unrecoverable, but so would the tar incrementals. But it’ll be as perfect and efficient as possible, as ZFS knows the exact change set it needs to bundle up. It’s unidirectional, so that’s why you can just zfs send into a file and burn it to a CD.

Since ZFS can easily tell you the difference between two snapshots, it also wouldn’t be too hard to make a Python script that writes the full new version of changed files and catalogs what file and what version is on which disc, for a more random access pattern.

But really for Blurays I think I’d just do it the old fashioned way and classify it to fit on a disc and label it with what’s on it, and if I update it make a v2 of it on the next disc.

Both use Linux under the hood. You can even install LineageOS on some TVs.

The only reason AndroidTV is bullshit is the manufacturers because casual users want shit like Netflix and Prime preinstalled. Google TV in particular comes with a lot of crap and the ads, which believe it or not some users take as a feature.

But that’s not inherent to Android TV as an OS, it’s exactly like Android phones and manufacturers preloading a bunch of crap to make an extra buck. If your run AOSP you get none of that crap, and it’s fully open-source.