Running Jellyfin off of a VPS provider seems needlessly expensive. I guess server hardware has an upfront cost, but having real hardware to host it on at home will be far more cost effective long term, especially for storage.

Yeah, that’s my main concern. I believe the Immich developers have said they have no desire to implement it, though… Which is fair enough, it doesn’t work for my desired use case though.

I want all data to be encrypted before it even reaches the server. Yes, I don’t want to trust even my own server for my image backups :), particularly since I would want to use something like Immich to provide photo backups for friends and family and I don’t even want to technically have access to their unencrypted photos unless they explicitly share them. I kind of want the attack surface for my photos to be as small as practical too. It’s almost certainly worse to have them available on my device unencrypted than a dedicated server, but it’s worse to have them unencrypted on both (and I want photos available on device so, thems the breaks).

I get that a lot of people won’t care about this and that they’d rather be able to run the image recognition features of Immich on the server and stuff, but I don’t think it’s entirely unreasonable to want encryption for this. If nothing else I’d love to be able to back up photos for friends and family and legitimately be able to tell them that it’s encrypted and I can’t see any of it. It’d be even sweeter if they could do image recognition on device and sync that metadata (encrypted) to the server as well.

I’m kind of disappointed by the lack of encryption. It sounds great, but I don’t want to trust the server.

Probably, but my exposure to Wayland has just been people complaining about how much X11 sucks and then proceeding to have more problems than everybody else.

I don’t really have much of an opinion about Wayland but it’s still funny to me whenever somebody using Wayland shits on X11 and then tries to share their screen on Zoom or something. If Wayland ends up being great I’ll be happy, but for now X11 just kind of works, so I don’t understand why people are so eager to switch? This isn’t to say I don’t understand the desire to build something better and more secure than X11, I’m just not sure what the end user gets out of Wayland right now. I don’t have VRR monitors and stuff, though, so maybe I’m not running into problems I would be if I wanted fancier features. Plus, I use xmonad and some other stuff right now that won’t work on Wayland, so I don’t have much incentive to try it. Hopefully everything gets Wayland updates eventually.

Oh good, you wrote basically the exact response I was going to give!

The only other thing I would mention is… if you don’t know what a command is, you can and should look it up! You can use the internet, but you can also try “man sudo” or “info sudo” and do a bit of reading. It might not make sense at first, but you’ll start building up a vocabulary really quickly.

I can totally understand why the terminal seems confusing and scary right now, but it’s actually awesome for this kind of stuff because you can just copy and paste commands to do pretty much anything to your computer. Using a GUI often means having a bunch of screenshots that you have to follow manually to do something that a single command can do. Once you’re used to the terminal for these kinds of things GUIs can seem barbaric. Of course it seems scary before you know much about it because it seems like the fucking matrix, and you should only run commands from sources you trust (because they can do anything)… But it’s worth giving a chance, I think.

For this particular instance… often you can just download an application on Linux from a website and run it, but this is almost never the preferred way of doing things. Usually you install applications from your package manager, which is kind of like an App Store (but free), and the advantage of this is that 1) you don’t have to hunt down sketchy executables on the internet, you have a vetted source of safe packages from your distribution, and 2) you can easily update all of your packages. Having a one stop shop for all of your applications (or at least most) is really great, but it can be a little annoying when something you want isn’t in the official repos (like this), though it’s usually a fairly rare occurrence.

The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?

Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.

DNS setups can get fairly complicated with enterprise VPNs and stuff, but the main thing is probably just that DNS is built entirely around caching, so when something does go wrong or you’re trying to update something it’s easy for there to be a stale value somewhere. It’s also really fundamental, so when it breaks it can break anything.

Overall, though, DNS isn’t terribly complex. It’s mostly just a key-value store with some caching. Running your own nameservers is pretty cool and will give you a much better understanding of how it all fits together and scales.

For what it’s worth I also haven’t had any problems. Maybe we’re just lucky, though.

I think anything that CodeWeavers helped port. I think Bioshock Infinite is one such game. I’m not sure if you’d see wine binaries, though, could all be statically linked in.

You leave NixOS alone!!

Seems like it might be fine: https://nextcloud.com/blog/nextclouds-push-notifications-for-ios-and-android/

This is what I thought too, but in my case it turned out my drive was busted and btrfs detected an error and went read only… which was super annoying and my initial reaction was “ugh, piece of shit filesystem!” But ultimately I’m grateful it noticed something was wrong with the drive. If I was just using ext4 I just would have had silent data corruption. In that sense other filesystems do silently do their jobs… but they also potentially fail silently which is a little scary. Checksums are nice.

I don’t think it’s that clear cut to be honest. More code doesn’t mean the package benefits more from optimizations at all, and even if that were true you might care more about the performance of the kernel or various small libraries that are used by a lot of programs as opposed to how fast some random application that depends on qt-WebKit is:

I really do recommend doing a Gentoo install at some point, because I think you would learn a lot from it. It’s a really nice experience and a well put together distro. The compiling is potentially not as bad as you think, but there are a couple of packages that are notoriously painful to compile (there are prebuilt binaries available for some of the painful ones if desired too). You’d probably get a decent amount out of an Arch install too. Arch isn’t my cup of tea, but lots of people like it and it’d be quicker to get started than Gentoo. I’m not sure I’d recommend it for you at this stage but eventually you should check out NixOS too! You can even try the package manager out on any distro you want. NixOS is really interesting, but it does things a bit different from other distros, and if you’ve done an Arch / Gentoo install it’ll be interesting to see what NixOS does in contrast.

Other things to mess with… You mention partitioning, so make sure to check out LVM, and also consider reading a bit about filesystems. Maybe give btrfs a go :).

I wouldn’t worry about daily driving either Gentoo or Arch. Once you have them set up you’ll probably be fine.

deleted by creator

I think even if you’re tech-savvy you can have issues with Arch tbh. I don’t think the distro is without merit — a minimal rolling release binary distribution is clearly something people want… But I’m not sure Arch does a great job of being that (for me, at least), and I’ve personally found pacman and the official packages to be kind of lacking (keyring update issue that they’ve maybe finally fixed, installing specific versions of packages / pinning specific versions / downgrading packages are either not supported or not well supported, immediately removing kernel modules on upgrade, even if the currently running kernel may need them, etc…). It just doesn’t feel very polished in my experience and for my use cases (clearly it works for some people!), and that’s what has driven me away from Arch personally. I think a lot of this stems from Arch’s philosophy of being aggressively minimal, which is maybe fair enough… but I don’t think it’s for everybody.

Who says it hasn’t happened? :P

If it hasn’t I would just assume that Slackware isn’t a big enough target and that anybody in the position to man-in-the-middle a large number of people would have better targets. I mean, to be clear TLS is not a silver bullet either, but it goes a long way for ensuring the integrity of the data you receive over the internet in addition to hiding the contents.

Distros usually sign their ISOs with PGP as well (Slackware does this), so it’s a good idea to verify those signatures as it’s a second channel that you can use to double check the validity of the ISO (but I’m not sure many people actually do this). Of course, anybody can make PGP keys so you have to find out which key is actually supposed to be signing the iso, otherwise an attacker can just make a bogus key and tell you that that’s the Slackware signing key (on the official website too, because it doesn’t use tls!). The web of trust arguably helps some (though this can be faked as well unless you actually participate in key signing parties or something), and you can hope that the Slackware public key is mirrored in several places that you trust so you can compare them… but at the end of the day for most people all trust in the distribution comes from the domain name, and if you don’t have TLS certificates you’re kind of setting up a weak foundation of trust… Maybe it will be fine because you’re not a big enough target for somebody to bother, but in this day and age it’s pretty much trivial to set up TLS certificates and that gets you a far better foundation… why take the risk? Why is it smart to unnecessarily expose your users to more risk than necessary?