

Since you liked Fedora but not GNOME, sounds like Bazzite or Fedora KDE could have worked out well too. Just something to consider if you want something more stable and less cutting edge


Since you liked Fedora but not GNOME, sounds like Bazzite or Fedora KDE could have worked out well too. Just something to consider if you want something more stable and less cutting edge


Nobody is saying its necessary for survival. Yes, we can go back to the 1800s and still survive. That doesn’t mean computers are bad. Whether or not it’s “worth it” remains to be seen, since these things were only just released


Fair enough. It’s a device small enough to keep on your body or close by, so physical security isn’t too big a worry I guess. Just be aware that if somebody does get access to it, they could just pop the microsd card out, write malware to unencrypted partitions, and extradite your sensitive documents once you unlock the LUKS partition. These are the kinds of “evil maid” attacks that secure boot and verified boot were meant to protect against, but unfortunately most SMBCs don’t have those capabilites (only ones I’m aware of that do, are RPi5 and most x86 SMBCS).
As for the firewall, could you use a VPN or tailscale to access your services? Then you could just point the DNS to your private IP. The services would be completely secure from the outside and you wouldn’t have to use a firewall.


But what if your hands are occupied, carrying shopping bags or eating a sandwich on the go? These things have legitimate use


Well I’m not trying to start a community around helping people, I’m just a participator. If I wanted to maximize the number of people I could help, I might move back to reddit
edit: a word


Hows the security? I’m guessing no encryption since it’s rather pointless without secure boot or verified boot.


You can ask the sunglasses for other options too


Those saying “just self-host Matrix/Stoat/XMPP”, do not understand the power of network effects. If people are too lazy to sign up on your custom server, and you end up with 50% of the users you would have gotten if you used Discord, is that worth it? What if it was only 10%?
I wish there were a solution to this. Interoperability sounds nice until you have multiple competing standards (like Matrix and XMPP)


Need a hotel and just wanna blindly trust your glasses?
What are your other options? Blindly trust google? Blindly trust random locals? Blindly trust every hotel receptionist trying to convince you to stay at their hotel?
At some point you have to trust something.


I should have clarified, but yes it’s the windows GPU drivers. Though even on Linux, it’s hard to know what the proprietary GPU drivers do, but from what I read they don’t collect telemetry by default. Luckily Nvidia is developing official open source drivers now so we won’t have to worry about these things.
Also note that for the Windows Nvidia drivers, it’s fairly annoying to disable all telemetry. It’s not just an option in the installer. You have to use unofficial third party tools.


It’s not just Windows tracking your web browsing history. GPU drivers do it too. Source: https://www.neowin.net/news/intel-windows-driver-to-now-collect-user-telemetry-data-like-website-categories-by-default/


Got it. Access to docker.sock is definitely something to be wary of, or CAP_ADMIN, or access to certain host devices.
Worth mentioning though that Jellyfin usually has none of these.


That is fairly cool, I didn’t know queries were local. Looks like I was worried over nothing


With that setup, an attacker could mount the host filesystem to the container and would own the host from that container.
Can you elaborate more on this? Assuming an attacker is in the Jellyfin container with full remote code execution, how could they mount the host filesystem?


Instead of caddy -> auth OIDC -> services, can you do auth OIDC -> caddy -> services? That way you can put the auth OIDC in the DMZ VM, while putting caddy in the other VM with all the services? Alternatively maybe caddy (DMZ) -> auth OIDC (DMZ) -> caddy (LAN) -> services (LAN)
If you can’t, you can always use firewalls on the services VM to prevent services from talking to each other. Preventing them from talking to the internet can be achieved by putting them in an “internal” network (if using docker compose, set “internal: true” when defining the network)
I’m not sure I understand. First off I’m not the same person as GP. Second, the admins are proposing an AI tag, which I’m supportive of. I’m just saying that I am OK with AI-assisted projects being posted to this community (with the AI tag of course)
Fine, but others including myself want that slop as far away from here as possible
And there are people like me who are fine with moderate AI use and would rather judge the project themselves rather than have them rejected outright.
Maybe there should be a community poll


What I’m saying is that if you type “cat videos” in the search bar, it will immediately search the KDE Discover app store for relevant results, by default. It’s not searching the entire web but it’s still sending a request to the internet, one that can be tracked and shared (for example if you have Flathub enabled in KDE Discover, and Flathub happens to use Google analytics on their servers, then Google would know about everything you type in the search bar)


insert veggie tales meme about the future being AI generated
I think the issues are more likely to happen if you update less frequently. I used an Arch distro on my secondary PC for a few months. I admit I never ran into any major breaking issues, but every week or so when I did an update it sure felt like I would run into an issue since the updates were massive. I didn’t even have that much installed. Also reading through PKGBUILD and changelogs was annoying, but if you didn’t do it and ran into an issue the forums would just blame you for not reading them.
So while I didn’t run into any major issues myself, I could sense that maintaining it was more work than I wanted. And later on I read this lemmy post which validated my decision: Realizing Arch isn’t for me after updating broke VLC.
Compare this to the update process of Bazzite. It happens in the background, and automatically applies when you reboot. You don’t even need to be aware of it. You can easily rollback if something breaks. And it’s pretty guaranteed to be stable because all Bazzite users have the same base, so it’s well tested before being released.