Solar Bear

I would say there’s solid benefits to breaking out your networking into at least 4 VLANs: IoT, guest, main, and infrastructure. IoT is obvious, these devices are security nightmares, but sometimes you have no alternative so you throw them into a network black hole. Guest for guests that you don’t want touching your stuff but keep asking for wifi. Main is for everybody else, this is your “real” network. Infrastructure for servers and network equipment.

The reason you break infrastructure off into its own VLAN is that modern firewalls are stateful and you can allow the main VLAN to initiate connections to the infrastructure VLAN but not the other way around, so if your server or IoT stuff gets infected it can’t become an attack vector for all your other devices. You allow Main to access Infrastructure, but not vise versa.

I take mine further and add two more VLANs, services and admin access. I split infrastructure (networking, proxmox hosts, etc) and services (proxmox VMs, NAS, etc) and then only allow admin access to the former, which is exclusive to my PC and phone. Some might call this excessive, but it helps me sleep a little better at night.

It gets logged in the event viewer, yeah. That’s how I discovered it, on account of the screens not waking up in time to show the actual bluescreen. The users were only reporting that their computers were deleting all their windows when waking up. From their perspective, all they saw was their computer taking a mildly longer time to wake up from deep sleep and then losing their entire session, but what it was actually doing was hard rebooting.

Headless is fine, the bug was specifically triggered when a computer woke up and detected a monitor exists, but the monitor took some unspecified amount of time too long to wake up. It was also fixed at some point, I’m not sure when, but it went on long enough that we swapped dozens of cables because it specifically only happened on the ones using DisplayPort, not HDMI.

Fun fact about monitors turning on slowly: did you know Windows has a bluescreen code for that?

The WIN32K_POWER_WATCHDOG_TIMEOUT bug check has a value of 0x0000019C. This indicates that Win32k did not turn the monitor on in a timely manner.

~ https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x19c--win32k-power-watchdog-timeout

That’s right, Windows will panic and throw a bluescreen if your monitors take a little too long to wake up. Had the pleasure of dealing with this suddenly becoming an issue and causing wide bluescreens on wakeup after an update back in mid-2024, on any Surface Dock using DisplayPort with specific Acer monitors.

I feel like NixOS might be the only distro that could realistically handle all these use cases, but I’m a bit scared of the learning curve and the maintenance work it’d take to migrate everything over.

It’s a very steep learning curve, but I personally think it is worth it if what you want is to sync up all your various devices to a single common baseline configuration. I sought a single-distro solution for all of my systems for a long time and always ended up fragmenting them eventually because nothing I tried until NixOS was capable of handling such a diverse set of use cases in a way that would satisfy me.

I am similar to you, in that I regularly use a three server cluster, a gaming desktop, a multi-purpose personal laptop, and a work WSL instance on my work laptop. I still have some purpose-built distros where it makes sense; I use Proxmox for the actual server hosts themselves and then run NixOS VMs on them, along with running VMs for Home Assistant OS and TrueNAS (with the drives passed through, of course). All of these things I could do on raw NixOS (even Home Assistant is packaged in Nix, and there is a project to port Proxmox UI and tooling to NixOS) but I like the stability of the dedicated and battle-tested distros for critical infrastructure, especially for stuff whose configuration is very specific to a given task.

With NixOS, each other device has a consistent shared configuration and package set, they all get updated to the exact same versions thanks to flakes so everything works the same and as expected no matter where I am, and it’s all declaratively configured and documented in one spot. Spinning up a new system or rebuilding an existing system is as easy as pulling the config and changing a few relevant lines, and from there it effectively assembles itself from scratch to the exact state I want it to be in. There’s never any lingering packages or configuration cruft because the system is assembled from scratch every time it updates. Much of my home configuration is also managed, so aliases, environment variables, even vim configs are consistent across the board and set in one location.

The main downside is resource efficiency. Nix is designed to be reproducible and declarative, not fast or lean. It uses much more storage than a typical package manager, and packages are built with wide compatibility in mind so you often are leaving performance on the table from not using newer instruction sets like CachyOS. You can compile your own packages to fix that part, but that obviously takes a lot of spare processing power. I’ve been considering setting up my server cluster to do automatic building for me, but haven’t gotten around to it yet.

My main use case is using it to protect my exposed Home Assistant instance in a way that doesn’t require a VPN that family can screw up. I can just install the cert into the app for them and it Just Works. I also use it for my own Gotify notifications.

As a more general rule, I apply it to anything I want to expose but can’t easily protect using OIDC logins. I used to put more behind it, but I recently opened up my services to friends and family, so I moved to using Authentik as my primary defense for most things. mTLS was great when it was just me, I can easily install the cert into my own browser and all of my Android apps (except Firefox Android…) but friends and family just zone out when I explain why their new phone doesn’t connect, so I had to adjust my systems to compensate.

It’s definitely dried up a fair bit over the last couple of years. In January 2025 I got some recertified 12TB Ironwolfs for $140 each from GoHardDrive, and that was already a fair bit over what they historically had been. Same drives are now $200 on GoHardDrive, and $220 on Amazon. You can just get them new $250, so at that point I barely think it’s worth it to get recertified unless you’re really stretching a budget. I’m sure the businesses are very happy with the demand they got now, but it’s hard to escape the conclusion that LTT and other Youtubers covering these sites really drove up demand and prices.

Also, the smaller drives are a lot harder to find recertified these days since enterprise users will usually go for much larger capacities, so yeah, for 4TB you’ll probably have to go for new. You could also just get a larger drive and only use 4TB of it, assuming this is going into some kind of array. Upgrade the other one at a later date, then just expand your pool!

Authentik has done the opposite of enshittification. As they’ve gotten more successful, they’ve taken enterprise features and moved them into the community edition. I’ve been extremely happy with Authentik so far and the dev has been nothing short of fantastic every time I’ve seen them interacting with the community.

Your example of Ubuntu being a good desktop is a web service run by Canonical that is relevant to maybe 1% of users, if not less?

Look, I’m happy that it works great for your use case. But this doesn’t matter to most users, and it’s also not even intrinsic to Ubuntu itself. OpenSUSE also has fantastic build services. Basically all major git services do too.

The counter to low-quality “Ubuntu sux” posts is not low quality “nuh uh it’s actually super epic!!!” posts, but that’s all we ever get. I’ve seen this pattern for probably fifteen years now, and it’s exhausting. If you don’t care about the criticisms and want to keep using it, then keep using it. More power to you. I probably use things you think are garbage. Hell, Windows users think we both use garbage. I’m just tired of people desperate to justify their choices like they need to “prove” something to everyone who disagrees.

There are plenty of high quality takedowns of Ubuntu, but so rarely are there high quality defenses of it, generally because the criticisms are correct. Nobody ever talks about what makes Ubuntu good, not even Ubuntu users. Arch users will yap your ear off about ArchWiki and AUR. I’ll evangelize Nix to anybody who will listen as the future of advanced Linux management. OpenSUSE Tumbleweed fans will not shut up about rollbacks and bleeding edge software. Fedora users… well, Fedora users are usually busy out there actually doing productive things with their time instead of pointless internet squabbles.

But what is Ubuntu strong at? I genuinely have no idea. All I ever see Ubuntu users say is that it “sucks the least”, in some vague indescribable way. That it’s not as bad as everyone says, that Snaps are actually fine, etc. Always on the defensive. If Ubuntu is actually good, somebody needs to get out there and make a case for what it’s good at, besides being featured as the default instructions for running proprietary third-party software.

I don’t know why we’re still doing snap discourse in 2025. I’m going to be harsh and direct.

It has a proprietary server backend. This is objectively true. Theoretically you can build an open source backend, but nobody has completed a full implementation of it.

If you don’t care about that, you can use Ubuntu, nobody is stopping you. You don’t need other people’s approval. Which is good, because of the people who disapprove, you’re never going to get their approval until it’s actually open sourced. You’re not going to convince anybody here to stop caring that it’s proprietary. So just get over it and use your own operating system without airing your insecurities online about it.

When people recognize they were wrong about something, as smugly satisfying as it may be it’s not actually helpful to tell them that they should have been correct sooner.

There’s 102 people mentioned in that commit and two of them happen to meet in the comments of a meme thread on Lemmy of all places. I love the Internet.

I don’t know, that sounds like hard, thankless work that will take years of consistent effort, dealing with countless setbacks and losses but not giving up, before finally achieving our goals of making real and meaningful change. What if instead if that I just don’t buy Starbucks, will that work?

Plants aren’t sentient. When we say they “feel pain” and “communicate” we don’t mean like sentient creatures. We just don’t have better words to accurately convey the mechanics at play here. Computers also “communicate”.

I don’t support anyone. I oppose the worst outcome, and seek to steer our course away from it. Only narcissists and hobbyists hyperventilate about who they are “supporting”.

I engage in politics as a means to an end and nothing more. I take the best option available and I move on to the next task. To do otherwise is to value the self above the collective, and as a communist that is not a luxury I’m afforded.

One of those two will be president no matter what you do. They will then be in a position capable of inflicting great damage. Trump will use that position to hurt more people than Biden. The math here isn’t complicated, and it continually astounds me how many people on the left cannot actually solve the trolly problem when faced with it for real. It really shows which people are engaged in politics as a means to an end rather than as personal expression or a hobby.

We’re supposed to be better than them. Countering their misinfo networks by creating our own misinfo networks isn’t being better than them.

Greyzone is an op. We need another source.

Never ask ChatGPT to write code that you plan to actually use, and never take it as a source of truth. I use it to put me on a possible right path when I’m totally lost and lack the vocabulary to accurately describe what I need. Sometimes I’ll ask it for an example of how sometimes works so that I can learn it myself. It’s an incredibly useful tool, but you’re out of your damn mind if you’re just regularly copying code it spits out. You need to error check everything it does, and if you don’t know the syntax well enough to write it yourself, how the hell do you plan to reliably error check it?

These are scripts that manage stuff on a few hundred user endpoints and a few servers. They were doing basically everything manually until I got here, and the only way I could get them on board with my slow introduction of automation is to let them see it. I have to ensure things don’t get too long, complex, or hard to explain, or they start getting nervous.