TCB13

TCB13 , 1 month ago

Will they feature an UEFI?

TCB13 , 1 month ago

The irony here is that if you’ve an HP laptop you’ll still need to download certain drivers from HP to get things to work at 100%, for instance you may get all the hardware working after running windows update but your special brightness or wtv keys won’t work unless you go into HP’s website and download a thing.

TCB13 , 1 month ago

User error, should’ve got an EliteBook instead of that cheaper thing. :P

TCB13 , 1 month ago

or here: freedns.afraid.org

TCB13 , 1 month ago

I’m all for ARM and having thin laptops / tablets running full desktop Linux… however it’s going to be a pain, there’s a LOT of X86_64 software out there that is hard to get running on ARM with decent performance. And some of those things can’t get ported.

Besides that the ARM ecosystem is a fucking mess of companies who don’t want to implement a generic UEFI thus you’ll never get generic support from OSes like there is on x86. I believe this this is the defining moment of ARM, when the CPU makers actually make UEFI a requirement and we no longer have to do the hacks and nonsenses we see on SBCs to get those CPUs running.

TCB13 , 1 month ago

Anything proprietary will face issues, games being the more obvious one. And you’ll also run into the issue that a lot Linux users do virtualize Windows from time to time and that’s gonna be harder and worse.

To be frank that’s not my main concern here. It’s the fact that ARM vendors aren’t supporting UEFI and that’s a mess that people usually don’t think about. Right now you’ve kernel tweaks to support the boot specifics and low level shenanigans of ARM-xyz.

This a problem, there’s much more brands developing ARM chips and boards nowadays than we ever had with intel/amd and the PC vendors were still kind of forced into adopting a unified interface. It’s not feasible to make the OS support hundreds of specific boards and their details. I just hope that Microsoft forces Qualcomm into baking in a proper UEFI so other brands will follow and we finally can treat ARM based stuff as mostly generic systems.

TCB13 , 1 month ago

My other answer here: lemmy.world/comment/10549598

TCB13 , 1 month ago

I just installed EndeavorOS on an HP Spectre360 that’s roughly 2 years old. I am honestly surprised at how easy it went.

I don’t get your surprise. With a decent laptop like the one you have everything will work properly. You can even load something more stable like Debian into that and it will work just fine on the first attempt. No changes required.

The issue with stuff “not working out of the box” is usually related to people using unbranded potatoes or very old hardware with modern distros.

TCB13 , 1 month ago

Great summary, but I’ve to add that NTFS is WAY more stable than ext4 when it comes to hardware glitches and/or power failures. ZFS is obviously superior to both but overkill for most people, BTRFS should be a nice middle ground and now even NAS manufacturers like Synology are migrating ext4 into BTRFS.

TCB13 , 1 month ago

Total e-waste and a power draw (almost constant 95W). Even a Raspberry Pi 4 Model B can beat it to oblivion:

https://lemmy.world/pictrs/image/59448465-4373-46f6-a58a-dec35fc8774f.png

browser.geekbench.com/v6/cpu/compare/6390478?base…

TCB13 , 1 month ago (edited 1 month ago)

You explanation sums it all up thanks.

A lot of drivers for hardware are actually not open source, just unreadable binaries that do …something. No one knows exactly how they work, so some people consider them a security risk.

While I do understand the security aspect of this here at the same time those people seem to be delusional. At some point there’s proprietary stuff in our computers, be it a driver, a BIOS or the code that runs on the various microcontrollers that run low level functions from the USB ports to simple power management.

The most “security paranoid” organizations in the world usually run a lot of stuff on Windows and HP hardware full of opaque and proprietary code and they consider it “safe enough”.

I may get that not free / license based stuff might raise concerns if you aren’t a mega corp. that can pay the fee either way, but… if a trackpad requires a free but closed-source binary driver why would a random guy on the internet consider that to be a risk?

TCB13 , 1 month ago

Do you trust non-open drivers from Corporation X or Government Y in your eyes telling your brain what you do or don’t see?

I agree with your point, but I find it very unlikely to have cutting edge medical technology using open-source software - after all those pacemaker / brain implant companies want to protect their research (and profits) - and I’m not even sure if a FOSS solution for that would ever get approved by any legal body.

That’s the extreme, of course, but it isn’t any less scary than computers you trust with your credit card, bank account, etc information.

All those systems that process your financial transitions run on tons of proprietary software and the banks and credit card companies believe that software is secure enough.

Open source drivers means when corporation X goes under, your hardware still can work and isn’t automatically abandoned. It keeps more hardware out of landfills longer, with the ability to drastically reduce e-waste.

This is probably the most reasonable thing about having open-source drivers… however hardware is diverse and complex and so are drivers. The community might not be able to maintain such the driver for specific-version-x-hardware I have because it might not have access to all the design documentation of the hardware nor the time to reverse engineer it. It might not be worth keeping a driver around if it only serves a few people because everyone is mostly on a different revision of the hardware or some other detail like that.

To be fair Linux removed support for 386, 486, floppy drives, “Carillo Ranch”, and a bunch of other older hardware recently… at some point the few users that still have a piece of tech won’t care about it because they can just replace it by a new and better alternative for cheap.

TCB13 , 1 month ago

Yeah, sure, but if the largest companies in the world trust the vendor that proprietary firmware why would I not trust it?

I agree with your POV, in theory yes, having stuff you can’t inspect it’s a risk, in practice there are a few more nuances to that. It’s not reasonable to want to have a 100% open-source computer from the software to use down to the AVRs/PICs that run low level functions.

TCB13 , 1 month ago

Fair enough :)

TCB13 , 1 month ago

RustDesk is really good but I can’t get certain decisions / limitations they have. For absolutely no reason, this, only seems to work under Windows… or are they trying to push people into the Pro Server / build your own which will ultimately require you to buy a license for their software (okay reasonable) AND developer accounts so you can sign macOS binaries (not okay).

TCB13 , 1 month ago (edited 1 month ago)

The point is that under Windows you can change the App name to set credentials and other settings like this:

<span style="color:#323232;">rustdesk-host=mydomain.tld,key=eiu5pzFYlr5nY9i9yJp9smzzLnvx4XNX7O3SaNhkWS8=.exe
</span>

But under macOS you can’t do it… just because they don’t want to.

TCB13 , 1 month ago

Under macOS it’s trivial to change the name of the application package without messing with other aspects of the packaging.

TCB13 , 1 month ago (edited 1 month ago)

Wireguard will definitely not work first try.

And… why not? OpenVPN is 10 times worse because of the mess they’ve made with push route and other options.

your clients should have AllowedIPs set to 0.0.0.0/0, ::/0 in their repecive configuration file. I found this pretty counterintuitive, b

Why would you? Those are the IPs that the client is able to access through the VPN tunnel and 0.0.0.0/0, ::/0 means all IP addresses, totally NOT counterintuitive.

You need to tell sysctl to forward IP traffic,

Yes, maybe… but not permanently at least. You can setup it on the server conf file via PostUp and PostDown:

<span style="color:#323232;">[Interface]
</span><span style="color:#323232;">PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
</span><span style="color:#323232;">PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
</span>

If required prepend sysctl -w net.ipv4.ip_forward=1; sysctl -w net.ipv6.conf.all.forwarding=1; to PostUp and remove with =0 on PostDown.

The downside of you described is that you’re enabling IP Forwarding permanently and even if the WG tunnel is down. This may pose a few security concern in some situations.

TCB13 , 1 month ago

Not the case at all. I use both and I can objectively tell your that Wireguard is what the majority of people should be using because it is way easier to understand and setup securely. OVPN is good for other specific cases.

TCB13 , 1 month ago

The thing is that developers tend to keep things as simple as possible and overly optimize stuff, when you find bloatware is usually some manager that decided to have it.

TCB13 , 1 month ago

Couple days later the SEO wizard sent us another bunch of figures and said “see, I told you it would help I know my stuff”. He did not, in fact, know his stuff.

Ahaha no way.

TCB13 , 1 month ago

Yeah, everyone with a decent amount of content will just pick Wordpress and move on. It works, it’s reliable, it’s well supported and will keep running for decades at least.

TCB13 , 1 month ago

That or you develop your theme with the features you need baked in. This is the irony of the Hugo people, they’re capable developers that can make themes but they can’t just create a simples Wordpress theme from the ground?

TCB13 , 1 month ago

There isn’t much of a difference between writing a theme for Guthemberg and the classic editor. In fact your current theme should work just fine in Guthemberg as it just adds the extra html for the built in blocks to your posts / pages. You aren’t required to create a block based theme and split everything into blocks, that’s kind of a myth around Guthemberg.

TCB13 , 1 month ago

Capable developers touch whatever language is required to get a job done.

TCB13 , 1 month ago

One Common Linux Myth You Should Stop Believing: there’s a FOSS alternative to every single proprietary software out there that can be used as a replacement in all and every use case.

TCB13 , 1 month ago

Gimp can make memes

Yeah but if you’re a graphic designers and you’ve to share PSD files with others for your job then you’re going to have a very hard time with Gimp.

TCB13 , 1 month ago

I don’t, but a lot of people around here do… and get really offended when you point it out.

TCB13 , 1 month ago (edited 1 month ago)

What’s this? A software app store? Swell! I no longer need to download stuff off from dodgy sites or numbingly installing everything manually!

In what year are you in? macOS and Windows both have App Stores. Windows has the built-in winget package manager, similar to apt that has open contributions on github and all the software in the world.

How was your experience with this Unix-like wonder? In a home user manner and/or a business use manner?

I use both Linux and Windows actively and macOS from time to time. Linux works really well it’s free and I love it and it is definitely great if your workflow is all browser-based and/or you don’t have to collaborate on a very specific industry with very proprietary tools as default that everyone expect to be used. If you’re in such industries and people expect to share complex MS Word, Excel, Adobe, Autodek etc. files then Linux isn’t for you, you’ll be in more compatibility pain than anyone should be in.

TCB13 , 1 month ago

And is apt meant for “regular people”, hint: it isn’t.

TCB13 , 1 month ago (edited 1 month ago)

how would the VPS know which traffic to pass and how.

Install nginx in your VPS and configure it as reverse proxy to your home IPv6:

<span style="color:#323232;">server {
</span><span style="color:#323232;">    listen 80; # listens only on IPv4 port 80
</span><span style="color:#323232;">    server_name example.com; # your domain name
</span><span style="color:#323232;">    location / {
</span><span style="color:#323232;">        proxy_pass http://[2a03:2880:f003:c07:face:b00c::2] # replace with your home server IPv6. Keep the brackets.
</span><span style="color:#323232;">        proxy_set_header Host $host;
</span><span style="color:#323232;">        proxy_set_header X-Real-IP $remote_addr;
</span><span style="color:#323232;">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span><span style="color:#323232;">        proxy_redirect off;
</span><span style="color:#323232;">    }
</span><span style="color:#323232;">}
</span>

Point your A record to your VPS, and your AAAA to the home server.

---

• Security recommendation about X-Real-IP: lemmy.world/comment/10392284
• Once your setup works, try to increase your security by using SSL / disabling plain HTTP: lemmy.world/comment/10398545

TCB13 , 1 month ago (edited 1 month ago)

Fair enough yeah. :)

The OP can solve that potential security issue with this option: nginx.org/en/docs/…/ngx_http_realip_module.html#s… on the local server nginx:

<span style="color:#323232;">http {
</span><span style="color:#323232;">(...)
</span><span style="color:#323232;">        real_ip_header    X-Real-IP;
</span><span style="color:#323232;">        set_real_ip_from  [2a03::aaaac::1]; # Replace with the VPS IPv6 address.
</span><span style="color:#323232;">}
</span>

This will make sure only the VPS is allowed to override the real IP.

TCB13 , 1 month ago

Yeah but make sure you disconnect your Windows SSD before doing anything.

TCB13 , 1 month ago

so often i have to click a button multiple times, ads, or window not responding

Maybe you should use something faster than a potato as a computer. 😂

did I already mention ads?

If you’re capable of installing Linux and getting a productive desktop experience with it I’m sure as shit you are also capable of disabling a few toggles under Windows.

TCB13 , 1 month ago

A modern distro with let’s say GNOME won’t also run decently on a potato…

TCB13 , 1 month ago

I highly doubt it. Not saying that Windows is good, but my i7 8th gen with 16GB of RAM boots Windows 10 Enterprise (with the usual crap disabled) into the desktop faster than the time it takes to post. Info here and here. Frankly Debian with GNOME doesn’t boot much faster than Windows on that laptop.

TCB13 , 1 month ago

Again, I’m not saying Windows is good.

I’m saying your statement was an over exaggeration and yes Windows by default has too much crap but it can be disabled as documented.

Simply that.

TCB13 , 1 month ago

NetworkManager 1.48 Improves (…) still have to use 3 different applications to set network settings. Great job!

Maybe the GNOME team could allocate a few bucks to move the entire network stack to systemd-networkd and create a new unified networking UI.

TCB13 , 1 month ago (edited 1 month ago)

What sense does it make to have to use two or three different UIs to configure your network. Some stuff can get done under Settings > Networking, others under nm-connection-editor…

And to be fair NetworkManager’s networking implementation is a convoluted unreliable mess that doesn’t support half of systemd-networkd options and is incapable of handling changes to interfaces and links gracefully.

Even the classic Window network interfaces properties window is more consistent than what GNOME and NetworkManager offer.

TCB13 , 1 month ago

😂 😂 Well… when the competition is Windows 11…

TCB13 , 1 month ago

NetworkManager is not the cause for having multiple UIs

Yes, but it is the cause for having issues jumping between networks and never having proper IPv6 support.

It’s never going to have all settings in their simple UI because that’s out of the scope for the GNOME project.

Everything is “out of scope” with GNOME these days it seems. They talk a lot about having a vision but then they aren’t able to get a cohesive desktop experience going. nm-connection-editor vs settings is as bad as it gets.

TCB13 , 1 month ago

What issues are you having? I have no issues with switching between networks and using IPv6 on Fedora KDE.

I’ve IPv6 routes that say around after leaving a network and it takes more than it should to switch between VLANs. Wired 802.1X seems to be a pain sometimes as well, no ideia why but it says everything is connected and I get an IP however can’t ping anything until I restart the connection.

I wish they were better with adding advanced features but they are not and probably never will be. (…) DE might not be as pretty and flashy but it is pretty extensive when it comes to settings and fast with implementing new features.

Yeah, we lack a middle ground DE that actually is properly designed and has the advanced features. I don’t get the GNOME team, having features doesn’t hurt their vision as long as you design things properly - something that they can do. Most of the time it sounds like they simply don’t want to implement things so they hide behind excuses.

TCB13 , 1 month ago

Here’s what we’re working on in Firefox… spyware.

TCB13 , 1 month ago

• news.ycombinator.com/item?id=39166801
• ghacks.net/…/each-firefox-download-has-a-unique-i…

TCB13 , 1 month ago

I don’t even use Firefox, and I honestly am not attacking but your comment seemed very hyperbolic and with little detail.

Well I used to use Firefox as my main browser, however it does a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like a sane user would do.

I can’t stand behind a browser that still calls home after painstakingly going over every setting in config and disabling everything that can be disabled. If you search a bit online you’ll also find that I’m not the only one finding this. There’s also the shady finances thing around Firefox and the foundation.

describes a token to track installations vs downloads. (…) Also there is an opt-out during installation.

How much do you trust that toggle? Did you ever test if it doesn’t call home before you get to the opt out?

TCB13 , 1 month ago (edited 1 month ago)

Yes, but Nextcloud is the fastest way to have something half done, always buggy and sync issues once you’ve a ton of small files. Too bad Syncthing doesn’t do selective sync because it would just be perfect.

TCB13 , 1 month ago

It tries to do everything at once. File upload/ sharing, media management (NC Photos), RSS, mail, calendar, contacts, and much, much more.

Yes, and all of those things are fundamentally broken / poorly implemented.

The performance isn’t good. I mean, the “server” (an old thin client) isn’t fast at all, but the loading times and responsiveness is just awful. The file upload also takes ages, even from the same network.

I’ve had similar experiences with an overpowered AMD server. It isn’t good at all, but how can I expect a thing written in PHP to be good at syncing files? PHP is good, but certainly not to handle files like NC has to do.

I don’t want to spend three weekends just troubleshooting my server and searching for/ installing dozens of individial services. And for that, it’s good enough.

Fair enough, I just hope you don’t have to spend a month trying to fix whatever is wrong with NC on the next update. For me Synching + FileBrowser + Samba seems to be straightforward to get going and is as reliable as it gets.

TCB13 , 1 month ago

I’m not saying they don’t, I’m just saying there’s a LOT of people who would love to move to Linux full time but they can’t do to the lack of field-specific software and/or poor results when it comes to Wine or generic virtualization.